This week's book giveaway is in the Cloud/Virtualization forum.
We're giving away four copies of Learning OpenStack Networking: Build a solid foundation in virtual networking technologies for OpenStack-based clouds and have James Denton on-line!
See this thread for details.
Win a copy of Learning OpenStack Networking: Build a solid foundation in virtual networking technologies for OpenStack-based clouds this week in the Cloud/Virtualization forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Liutauras Vilda
  • Campbell Ritchie
  • Tim Cooke
  • Bear Bibeault
  • Devaka Cooray
  • Jeanne Boyarsky
  • Knute Snortum
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Ganesh Patekar
  • Stephan van Hulst
  • Pete Letkeman
  • Carey Brown
  • Tim Holloway
  • Ron McLeod
  • Vijitha Kumara

Want to generate the keystore p12 using boucycastle api  RSS feed

Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I am using the Bouncy Castle to create CSR and Key, but my requirement is to store these values in the Keystore. I tried some programe using BouncyCastle but I found that the API is deprecated and it does not work.

Can someone provide me help on how to store these certificates in Keystore and produce p12 format. I am using below code

static public void storePKCS12(PrivateKey privateKey,
        X509Certificate certificate, X509Certificate chain[], File file,
        char[] password) throws GeneralSecurityException, IOException {
    // set the bag information for the PKCS12 keystore
    PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier) privateKey;
    PublicKey publicKey = certificate.getPublicKey();
    bagAttr.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, new SubjectKeyIdentifierStructure(publicKey));

    // the PKCS12 keystore key alias is the CN
    String alias = getPrincipalValue(certificate, X509Principal.CN);

    // build full cert chain
    int nCerts = chain.length + 1;
    Certificate certs[] = new Certificate[nCerts];
    certs[0] = certificate;
    for (int i = 0; i < chain.length; i++) {
        certs[i + 1] = chain[i];
    // create a PKCS12 keystore
    KeyStore p12Store = KeyStore.getInstance("PKCS12", BouncyCastleProvider.PROVIDER_NAME);
    p12Store.load(null, null);
    // set the key entry
    p12Store.setKeyEntry(alias, privateKey, null, certs);
    // store the file
    FileOutputStream fos = new FileOutputStream(file);, password);

1) I do not understand the what is this in the above code  Certificate certs[] . My code only generate .pem file and .Key file. I have no idea how do I use in above program.
2) SubjectKeyIdentifierStructure is deprecated, I did not find in net the corresponding method to use.

Sandeep Shukla
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!