Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Using a PKCS12 key with Java's keytool

843810Nov 9 2001 — edited Jan 7 2002
Folk,

I struggled for the longest time using a PKCS12 key to sign jars / applets with the Java Keytool.

Despite documentation stating otherwise, JDK 1.4 (beta 3) and JSSE 1.0.2 would not let me sign files from a PKCS12 keystore exported from MIE / Netscape, or exported from IBM Http Server Key Management Utility.

Anyway, the solution I found to work was to install the security class libraries from Wedgetail (http://www.wedgetail.com/jcsi/index.html).

Following their instructions I setup my JDK 1.3. vm, allowing me to now read proper PKCS12 key stores.

Having proven that I could now read PKCS12 keystores (using keytool -list -keystore xxxx.p12 -storetype PKCS12). I then set about converting a PKCS12 keystore into a jks keystore. The following simple code will do this job for you, and then you can delete the Wedgetail / JCSI classes / setup and use the output jks keystore file with the standard JRE / JDK security tools such as keytool.

Hope this is useful.

Regards,

Roger Spall (NOSPAMroger@logicent.comSPAM)

import java.security.*;
import java.io.*;
// assumes you are using a 3rd party keystore library
// for pkcs12 key stores. For some reason, JDK 1.4 won't
// read pkcs12 files exported from MIE / Netscape

class Convert {
static public void main(String[] args) throws Exception {
try {
//pkcs12 keystore
KeyStore ks = KeyStore.getInstance("pkcs12");
//jks keystore
KeyStore ks2 = KeyStore.getInstance("jks");

// load the pkcs12 file
ks.load(new FileInputStream("F:\\spall.p12"),"password".toCharArray());

// load the jks file (have to have an existing one)
ks2.load(new FileInputStream("F:\\.keystore"),"password".toCharArray());

//read the p12 certificate
java.security.cert.Certificate [] cc = ks.getCertificateChain("p12alias");
Key k = ks.getKey("p12alias", "password".toCharArray());

// add to keystore and save
ks2.setKeyEntry("keystorealias", k, "password".toCharArray(),cc);
FileOutputStream out = new FileOutputStream("F:\\new.keystore");
ks2.store(out, "password".toCharArray());
out.close();

} catch (Throwable e) { e.printStackTrace(); } } }
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Feb 4 2002
Added on Nov 9 2001
#cryptography
1 comment
767 views