Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Exporting a PEM key into a PKCS8 keystore

843811Jul 29 2009 — edited Jul 31 2009

I have found numerous references on reading a PKCS8 keystore using the Java API and that is not what I am trying to do. What I need is help exporting a PrivateKey and Certificate to a pkcs8 keystore/external file. I have found little to no references on how to do this so I don't even know if the methods I'm using to create the encrypted private key is even remotely correct. Any help in this area would be greatly appreciated.

My code for encrypting the private key (I'm using the BouncyCastle JCE provider):

byte[] salt_16 = SecureRandom.getInstance("SHA1PRNG").generateSeed(16);
byte[] iv = SecureRandom.getInstance("SHA1PRNG").generateSeed(16);
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
KeySpec spec = new PBEKeySpec(password, salt_16, 2048, 128);
SecretKey tmpKey = factory.generateSecret(spec);
SecretKey secret = new SecretKeySpec(tmpKey.getEncoded(), "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, secret, new IvParameterSpec(iv));
byte[] encrypted = cipher.doFinal(privateKey);

I know that I need to wrap the private key in "-----BEGIN/END ENCRYPTED PRIVATE KEY---" header/footer and I output the certificate using a PEMWriter.

Edited by: MarcBejerano on Jul 29, 2009 11:21 AM

Locked Post

New comments cannot be posted to this locked post.

Locked on Aug 28 2009

Added on Jul 29 2009

#cryptography

7 comments

1,762 views