Java Cryptography Tutorial
Message Digest and MAC
Keys and Key Store
Generating Keys
Digital Signature
Cipher Text
Java Cryptography Resources
Selected Reading
Message Digest and MAC
Keys and Key Store
Generating Keys
Digital Signature
Cipher Text
Java Cryptography Resources
Selected Reading
- Who is Who
- Computer Glossary
- HR Interview Questions
- Effective Resume Writing
- Questions and Answers
- UPSC IAS Exams Notes
Java Cryptography - Storing keys
Java Cryptography - Storing keys
The Keys and certificates used/generated are stored in a data base called as keystore. By default this database is stored in a file named .keystore.
You can access the contents of this database using the KeyStore class of the java.security package. This manages three different entries namely, PrivateKeyEntry, SecretKeyEntry, TrustedCertificateEntry.
PrivateKeyEntry
SecretKeyEntry
TrustedCertificateEntry
Storing a Key in keystore
In this section, we will learn how to store a key in a keystore. To store a key in the keystore, follow the steps given below.
Step 1: Create a KeyStore object
The getInstance() method of the KeyStore class of the java.security package accepts a string value representing the type of the keystore and returns a KeyStore object.
Create an object of the KeyStore class using the getInstance() method as shown below.
//Creating the KeyStore object
KeyStore keyStore = KeyStore.getInstance("JCEKS");
Step 2: Load the KeyStore object
The load() method of the KeyStore class accepts a FileInputStream object representing the keystore file and a String parameter specifying the password of the KeyStore.
In general, the KeyStore is stored in the file named cacerts, in the location C:/Program Files/Java/jre1.8.0_101/pb/security/ and its default password is changeit, load it using the load() method as shown below.
//Loading the KeyStore object char[] password = "changeit".toCharArray(); String path = "C:/Program Files/Java/jre1.8.0_101/pb/security/cacerts"; java.io.FileInputStream fis = new FileInputStream(path); keyStore.load(fis, password);
Step 3: Create the KeyStore.ProtectionParameter object
Instantiate the KeyStore.ProtectionParameter as shown below.
//Creating the KeyStore.ProtectionParameter object KeyStore.ProtectionParameter protectionParam = new KeyStore.PasswordProtection(password);
Step 4: Create a SecretKey object
Create the SecretKey (interface) object by instantiating its Sub class SecretKeySpec. While instantiating you need to pass password and algorithm as parameters to its constructor as shown below.
//Creating SecretKey object SecretKey mySecretKey = new SecretKeySpec(new String(keyPassword).getBytes(), "DSA");
Step 5: Create a SecretKeyEntry object
Create an object of the SecretKeyEntry class by passing the SecretKey object created in the above step as shown below.
//Creating SecretKeyEntry object KeyStore.SecretKeyEntry secretKeyEntry = new KeyStore.SecretKeyEntry(mySecretKey);
Step 6: Set an entry to the KeyStore
The setEntry() method of the KeyStore class accepts a String parameter representing the keystore entry apas, a SecretKeyEntry object, a ProtectionParameter object and, stores the entry under the given apas.
Set the entry to the keystore using the setEntry() method as shown below.
//Set the entry to the keystore
keyStore.setEntry("secretKeyApas", secretKeyEntry, protectionParam);
Example
The following example stores keys into the keystore existing in the “cacerts” file (windows 10 operating system).
import java.io.FileInputStream;
import java.security.KeyStore;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
pubpc class StoringIntoKeyStore{
pubpc static void main(String args[]) throws Exception {
//Creating the KeyStore object
KeyStore keyStore = KeyStore.getInstance("JCEKS");
//Loading the KeyStore object
char[] password = "changeit".toCharArray();
String path = "C:/Program Files/Java/jre1.8.0_101/pb/security/cacerts";
java.io.FileInputStream fis = new FileInputStream(path);
keyStore.load(fis, password);
//Creating the KeyStore.ProtectionParameter object
KeyStore.ProtectionParameter protectionParam = new KeyStore.PasswordProtection(password);
//Creating SecretKey object
SecretKey mySecretKey = new SecretKeySpec("myPassword".getBytes(), "DSA");
//Creating SecretKeyEntry object
KeyStore.SecretKeyEntry secretKeyEntry = new KeyStore.SecretKeyEntry(mySecretKey);
keyStore.setEntry("secretKeyApas", secretKeyEntry, protectionParam);
//Storing the KeyStore object
java.io.FileOutputStream fos = null;
fos = new java.io.FileOutputStream("newKeyStoreName");
keyStore.store(fos, password);
System.out.println("data stored");
}
}
Output
The above program generates the following output −
System.out.println("data stored");
Advertisements