Menu
All.I am working on an android project. I need to generate a RSA keypair then use them to communicate with others.I need to store the private key and public key in a secure place and I find KeyStore could be used.
I see that KeyStore could store KeyStore.PrivateKeyEntry but it need a Certificate[] chain. I tried to create it but failed...
Is there anyone could paste some example code used to store private key and public key.
Thanks so much!
208
You can't directly import private key information to a keystore (. JKS) using keytool. Instead, you must convert the certificate and private key into a PKCS 12 (. p12) file, and then you can import the PKCS 12 file into your keystore.
You can have a keystore with as many certificates and keys as you like. If there are multiple certificates in a keystore a client uses as its truststore, all certificates are being looked at until one is found that fits. You can look at the preinstalled certificates, they are in /lib/security/cacerts.
#1 – Hardware Storage The best way of securely storing private keys is to use a cryptographic hardware storage device such as: USB Token. Smart Card. Hardware Storage Module (HSM)
Like you said, in order to store the Private key into the keystore, you need the Private key (which you have) and the Certificate chain for the corresponding public key. What you have is just the public key, you need to obtain a certificate from an authority based on your public key. Yes, you can self-sign the certificate. But I don't think there is any built Java API to to create and self-sign a certificate programmatically.
There was similar discussion on this thread. The accepted solution describes storing private key and public key outside of keystore in a protected file.
You can read more about Java Cryptography architecture here http://docs.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html
Hope this helps.
188
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
