Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Importing Microsoft private key and certificates into a java keystore

843810Oct 19 2002 — edited Jun 26 2003
Hi!
I've written a small program to load a private key and its corresponding certificate into a Java keystore.
The priv key and the cert are generated by a Win2K certification authority and the priv/pub key pair is exported without encryption (yes, a plain PrivateKeyBlob as per MSDN).
I'm doing this because I need a certificate with the "E: someone@somewhere" field in order to sign email messages (using Java, of course) and the keytool is unable to generate them.
Everything works fine (reading the blob & certificate, generating the key pair and so on...) until I try to update the keystore using the setKeyEntry( String, PrivateKey, char[], Certificate) method of it.
Doing this throws an ArrayIndexOutOfBoundsException when the keystore internally calls the PrivateKey.getEncoded() method, as follows: 
Certificate chain sucessfully read! (1 certificates in sitacicert.cer).
About to read public and private keys...
Parsing public and private key file: MAGIC=RSA2
Keys sucessfully read from sitacicert.keys
Verifying generated keys...
Signing...Done.
Verifying...Done.
Keys verification was sucessfull!
About to update keystore...
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException
        at com.sun.rsajca.JSA_RSAPrivateKey.getEncoded([DashoPro-V1.2-120198])
        at sun.security.provider.KeyProtector.protect(Unknown Source)
        at sun.security.provider.JavaKeyStore.engineSetKeyEntry(Unknown Source)
        at java.security.KeyStore.setKeyEntry(Unknown Source)
        at UpdateKeystore.main(UpdateKeystore.java:103)
As you can see from the trace, the private key & certificate pair is tested by signing and verifying, and it is done OK, so I guess that key re-generation and certificate loading are both OK.

I've searched the forums and I've found a couple of references to the same problem early this year, but no answers to them.

If it helps, I'm using JDK 1.3.1_04 on W2K Professional SP3.

I've also tried by using the JSSE RSA provider, but things doesn't go better.

It seems to be a bug(?) in the getEncoded() method, because I get the same exception if I call the getEncoded() method by hand (it is suposed to return just a byte array PKCS#8 encoded...).

I'll appreciate any help from you.
If somebody wants the full source code, just send me a mail at: ezavalla@yahoo.com.ar

Sincerely yours.

Eduardo.
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Jul 24 2003
Added on Oct 19 2002
#cryptography
12 comments
845 views