This week's book giveaways are in the Scala and Android forums.
We're giving away four copies each of Machine Learning Systems: Designs that scale and Xamarin in Action: Creating native cross-platform mobile apps and have the authors on-line!
See this thread and this one for details.
Win a copy of Machine Learning Systems: Designs that scale this week in the Scala forum
or Xamarin in Action: Creating native cross-platform mobile apps in the Android forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Want to generate the keystore p12 using boucycastle api  RSS feed

Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I am using the Bouncy Castle to create CSR and Key, but my requirement is to store these values in the Keystore. I tried some programe using BouncyCastle but I found that the API is deprecated and it does not work.

Can someone provide me help on how to store these certificates in Keystore and produce p12 format. I am using below code

static public void storePKCS12(PrivateKey privateKey,
        X509Certificate certificate, X509Certificate chain[], File file,
        char[] password) throws GeneralSecurityException, IOException {
    // set the bag information for the PKCS12 keystore
    PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier) privateKey;
    PublicKey publicKey = certificate.getPublicKey();
    bagAttr.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, new SubjectKeyIdentifierStructure(publicKey));

    // the PKCS12 keystore key alias is the CN
    String alias = getPrincipalValue(certificate, X509Principal.CN);

    // build full cert chain
    int nCerts = chain.length + 1;
    Certificate certs[] = new Certificate[nCerts];
    certs[0] = certificate;
    for (int i = 0; i < chain.length; i++) {
        certs[i + 1] = chain[i];
    // create a PKCS12 keystore
    KeyStore p12Store = KeyStore.getInstance("PKCS12", BouncyCastleProvider.PROVIDER_NAME);
    p12Store.load(null, null);
    // set the key entry
    p12Store.setKeyEntry(alias, privateKey, null, certs);
    // store the file
    FileOutputStream fos = new FileOutputStream(file);, password);

1) I do not understand the what is this in the above code  Certificate certs[] . My code only generate .pem file and .Key file. I have no idea how do I use in above program.
2) SubjectKeyIdentifierStructure is deprecated, I did not find in net the corresponding method to use.

Sandeep Shukla
if you think brussel sprouts are yummy, you should try any other food. And this tiny ad:
Rocket Oven Kickstarter - from the trailboss
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!