Menu
I try to get Key from KeyStore. I created a keystore by Keytool:
keytool -genkeypair -dname "cn=Mark Jones, ou=JavaSoft, o=Sun, c=US" -alias business2 -keypass abcdtest -keystore C:\workspace\XMLSample\keystore\mykeystore.jks -storepass 123456
And the following is GenerateXML.java
import java.io.FileInputStream; import java.security.KeyStore; import java.security.cert.X509Certificate; import javax.xml.crypto.dsig.XMLSignContext; import javax.xml.crypto.dsig.XMLSignatureFactory; import javax.xml.crypto.dsig.dom.DOMSignContext; import javax.xml.parsers.DocumentBuilderFactory; import org.w3c.dom.Document; public class GenerateXML { public static void main(String[] args) throws Exception { try { char[] passwd = "123456".toCharArray(); //Load the KeyStore and get the signing key and certificate KeyStore ks = KeyStore.getInstance("JKS"); ks.load(new FileInputStream("C:\\workspace\\XMLSample\\keystore\\mykeystore.jks"), passwd); KeyStore.PrivateKeyEntry keyEnt = (KeyStore.PrivateKeyEntry)ks.getEntry("business2", new KeyStore.PasswordProtection(passwd)); // -> ERROR IN THIS ROW X509Certificate cert = (X509Certificate)keyEnt.getCertificate(); //Create a DOMSignContext XMLSignContext context = new DOMSignContext(keyEnt.getPrivateKey(), doc.getDocumentElement()) ; //Create a DOM XMLSignatureFactory XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); } catch(Exception e) { e.printStackTrace(); throw new Exception(e.toString()); } } } I run on Java 1.6
But have error:
java.security.UnrecoverableKeyException: Cannot recover key at sun.security.provider.KeyProtector.recover(KeyProtector.java:311) at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:121) at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:38) at java.security.KeyStoreSpi.engineGetEntry(KeyStoreSpi.java:456) at java.security.KeyStore.getEntry(KeyStore.java:1261) at xml.generate.GenerateXML.main(GenerateXML.java:31) 
540
jks, contains the Application Server's certificate, including its private key. The keystore file is protected with a password, initially changeit. Change the password using keytool .
The Key Alias is a just a commonplace name that points to a specific certificate. You can create one for each release, or just use the same one for all your apps. I suggest creating one for each app, and making sure you back up multiple copies.
The Android Keystore system lets you store cryptographic keys in a container to make them more difficult to extract from the device. Once keys are in the keystore, you can use them for cryptographic operations, with the key material remaining non-exportable.
I've run accross the similar issue. The root of the problem was that I used a different password for the key than for the whole keystore. The code is similar to the one in the JSSE article. It looks like this:
serverKeyStore.load(new FileInputStream("resource/server.jks"), passphrase.toCharArray()); TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); tmf.init(serverKeyStore); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); kmf.init(serverKeyStore, keyphrase.toCharArray()); I use the keystore pass in the first line and the key pass in the last.
174
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
