*
The moose likes Security and the fly likes extract and save to file certificate and key from pkcs12 file programmatically Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "extract and save to file certificate and key from pkcs12 file programmatically" Watch "extract and save to file certificate and key from pkcs12 file programmatically" New topic
Author

extract and save to file certificate and key from pkcs12 file programmatically

O. Ziggy
Ranch Hand

Joined: Oct 02, 2005
Posts: 430

Hi all,

I have a PKCS12 file that i would like to extract a certificate and private key from. Is it possible to extract the key and certificate using java and saving it as a jks file?

The reason i want to use java (programmatically is because) the password for the pkcs12 keystore is in characters than can not really be typed on the command prompt.


thanks in advance.
Eric Daly
Ranch Hand

Joined: Jul 11, 2006
Posts: 143
Is it possible to extract the key and certificate using java and saving it as a jks file?

I would definitely imagine so. I don't know enough about what you're actually trying to do to give you any advice, but tell us more and I'm sure we can help you further if needed.
It sounds like you need to open the file, parse through it to extract the key you're looking for, and then save it in your .jks file. What are you having trouble with exactly?


Studying for SCJP 6
O. Ziggy
Ranch Hand

Joined: Oct 02, 2005
Posts: 430

The keystore i have is in PKCS format. I cant use keytool or openssl to view its contents because its password is not the actual password to use.

I am supposed to use the password string to get the MD5 has of this string. The actual password becomes the string from the MD5 bytes of the original string. For example for the string "Baltimore1," the password is ���_>y'?s�3����^

I have been able to use the above password programmatically to view the contents of the p12 keystore.

The problem i have with the above approach is that the libraries i want to use the keystore on (Apache Rampart or WSS4J) expects the password to be stored as plain text. I cant really store the string ���_>y'?s�3����^ in a properties file.

So what i want to do is to extract the key/certificate from the p12 file and save it on a jks keystore with a password that is readable and that can be stored in a properties/configuration file.
Eric Daly
Ranch Hand

Joined: Jul 11, 2006
Posts: 143
So what i want to do is to extract the key/certificate from the p12 file and save it on a jks keystore with a password that is readable and that can be stored in a properties/configuration file.

Well I don't know anything about keystores. It sounds like it should be simple, but I really don't know what you're looking for exactly. I looked up jks keystores, and found something about converting keystores between p12 and jks. It just says this.
Sounds like you need Java 6. Also check out this.
Does that help?
Campbell Ritchie
Sheriff

Joined: Oct 13, 2005
Posts: 38478
    
  23
Not convinced this is a beginners' question. I think this thread would sit better on the security forum, so I shall move you.
Aryan Khan
Ranch Hand

Joined: Sep 12, 2004
Posts: 290

Why don't you create a JKS or another PKCS12 keystore with a normal password and use keytool to export and import the certificates & keys.

Then use the new keystore. I mean why you need to do it using a program/Java API.

Trying using Keytool. Will make life easier.

Aryan.


OCP/MCP/SCJP/SCWCD/IBM XML/SCMAD/SCEA-1
greg stark
Ranch Hand

Joined: Aug 10, 2006
Posts: 220
He needs to do it because he doesn't believe the characters in the password can be typed on a console. I'm not sure if this is strictly true, maybe you can script the password entry using expect or something similar. In any event, you can use the KeyStore class and APIs to do it programmatically. Have a look at KeyStore
Shubham Guptas
Greenhorn

Joined: May 02, 2010
Posts: 9
I am also looking for the same.

Please anyone provide me that how I can parse .p12 file using java.
James Sabre
Ranch Hand

Joined: Sep 07, 2004
Posts: 781

Shubham Guptas wrote:I am also looking for the same.

Please anyone provide me that how I can parse .p12 file using java.



and initialise with your .p12 file.

P.S. I suspect you will get your hand slapped for hijacking this thread.


Retired horse trader.
 Note: double-underline links may be advertisements automatically added by this site and are probably not endorsed by me.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: extract and save to file certificate and key from pkcs12 file programmatically