Java Cryptography Tutorial
Message Digest and MAC
Keys and Key Store
Generating Keys
Digital Signature
Cipher Text
Java Cryptography Resources
Selected Reading
Message Digest and MAC
Keys and Key Store
Generating Keys
Digital Signature
Cipher Text
Java Cryptography Resources
Selected Reading
- Who is Who
- Computer Glossary
- HR Interview Questions
- Effective Resume Writing
- Questions and Answers
- UPSC IAS Exams Notes
Java Cryptography - Retrieving keys
Java Cryptography - Retrieving keys
In this chapter, we will learn how to retrieve a key from the keystore using Java Cryptography.
To retrieve a key from the keystore, follow the steps given below.
Step 1: Create a KeyStore object
The getInstance() method of the KeyStore class of the java.security package accepts a string value representing the type of the keystore and returns a KeyStore object.
Create an object of the KeyStore class using this method as shown below.
//Creating the KeyStore object
KeyStore keyStore = KeyStore.getInstance("JCEKS");
Step 2: Load the KeyStore object
The load() method of the KeyStore class accepts a FileInputStream object representing the keystore file and a String parameter specifying the password of the KeyStore.
In general, the KeyStore is stored in the file named cacerts, in the location C:/Program Files/Java/jre1.8.0_101/pb/security/ and its default password is changeit, load it using the load() method as shown below.
//Loading the KeyStore object char[] password = "changeit".toCharArray(); String path = "C:/Program Files/Java/jre1.8.0_101/pb/security/cacerts"; java.io.FileInputStream fis = new FileInputStream(path); keyStore.load(fis, password);
Step 3: Create the KeyStore.ProtectionParameter object
Instantiate the KeyStore.ProtectionParameter as shown below.
//Creating the KeyStore.ProtectionParameter object KeyStore.ProtectionParameter protectionParam = new KeyStore.PasswordProtection(password);
Step 4: Create a SecretKey object
Create the SecretKey (interface) object by instantiating its Sub class SecretKeySpec. While instantiating you need to pass password and algorithm as parameters to its constructor as shown below.
//Creating SecretKey object SecretKey mySecretKey = new SecretKeySpec(new String(keyPassword).getBytes(), "DSA");
Step 5: Create a SecretKeyEntry object
Create an object of the SecretKeyEntry class by passing the SecretKey object created in the above step as shown below.
//Creating SecretKeyEntry object KeyStore.SecretKeyEntry secretKeyEntry = new KeyStore.SecretKeyEntry(mySecretKey);
Step 6: set an entry to the KeyStore
The setEntry() method of the KeyStore class accepts a String parameter representing the keystore entry apas, a SecretKeyEntry object, a ProtectionParameter object and, stores the entry under the given apas.
Set the entry to the keystore using the setEntry() method as shown below.
//Set the entry to the keystore
keyStore.setEntry("secretKeyApas", secretKeyEntry, protectionParam);
Step 7: Create the KeyStore.SecretKeyEntry object
The getEntry() method of the KeyStore class accepts an apas (String parameter) and, an object of the ProtectionParameter class as parameters and returns a KeyStoreEntry object then you can cast this it into KeyStore.SecretKeyEntry object.
Create an object of the KeyStore.SecretKeyEntry class by passing the apas for required key and the protection parameter object created in the previous steps, to the getEntry() method as shown below.
//Creating the KeyStore.SecretKeyEntry object
KeyStore.SecretKeyEntry secretKeyEnt = (KeyStore.SecretKeyEntry)keyStore.getEntry("secretKeyApas", protectionParam);
Step 8: Create the key object of the retrieved entry
The getSecretKey() method of the SecretKeyEntry class returns a SecretKey object. Using this method create a SecretKey object as shown below.
//Creating SecretKey object SecretKey mysecretKey = secretKeyEnt.getSecretKey(); System.out.println(mysecretKey);
Example
Following example shows how to retrieve keys from a key store. Here, we store a key in a keystore, which is in the “cacerts” file (windows 10 operating system), retrieve it, and display some of the properties of it such as the algorithm used to generate the key and, the format of the retrieved key.
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.KeyStore.ProtectionParameter;
import java.security.KeyStore.SecretKeyEntry;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
pubpc class RetrievingFromKeyStore{
pubpc static void main(String args[]) throws Exception{
//Creating the KeyStore object
KeyStore keyStore = KeyStore.getInstance("JCEKS");
//Loading the the KeyStore object
char[] password = "changeit".toCharArray();
java.io.FileInputStream fis = new FileInputStream(
"C:/Program Files/Java/jre1.8.0_101/pb/security/cacerts");
keyStore.load(fis, password);
//Creating the KeyStore.ProtectionParameter object
ProtectionParameter protectionParam = new KeyStore.PasswordProtection(password);
//Creating SecretKey object
SecretKey mySecretKey = new SecretKeySpec("myPassword".getBytes(), "DSA");
//Creating SecretKeyEntry object
SecretKeyEntry secretKeyEntry = new SecretKeyEntry(mySecretKey);
keyStore.setEntry("secretKeyApas", secretKeyEntry, protectionParam);
//Storing the KeyStore object
java.io.FileOutputStream fos = null;
fos = new java.io.FileOutputStream("newKeyStoreName");
keyStore.store(fos, password);
//Creating the KeyStore.SecretKeyEntry object
SecretKeyEntry secretKeyEnt = (SecretKeyEntry)keyStore.getEntry("secretKeyApas", protectionParam);
//Creating SecretKey object
SecretKey mysecretKey = secretKeyEnt.getSecretKey();
System.out.println("Algorithm used to generate key : "+mysecretKey.getAlgorithm());
System.out.println("Format used for the key: "+mysecretKey.getFormat());
}
}
Output
The above program generates the following output −
Algorithm used to generate key: DSA Format of the key: RAWAdvertisements