• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Junilu Lacar
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Rob Spoor
  • Bear Bibeault
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Piet Souris
  • Carey Brown
  • Stephan van Hulst
Bartenders:
  • Frits Walraven
  • fred rosenberger
  • salvin francis

extract and save to file certificate and key from pkcs12 file programmatically

 
Ranch Hand
Posts: 430
Android VI Editor Debian
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,

I have a PKCS12 file that i would like to extract a certificate and private key from. Is it possible to extract the key and certificate using java and saving it as a jks file?

The reason i want to use java (programmatically is because) the password for the pkcs12 keystore is in characters than can not really be typed on the command prompt.


thanks in advance.
 
Ranch Hand
Posts: 143
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Is it possible to extract the key and certificate using java and saving it as a jks file?


I would definitely imagine so. I don't know enough about what you're actually trying to do to give you any advice, but tell us more and I'm sure we can help you further if needed.
It sounds like you need to open the file, parse through it to extract the key you're looking for, and then save it in your .jks file. What are you having trouble with exactly?
 
O. Ziggy
Ranch Hand
Posts: 430
Android VI Editor Debian
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The keystore i have is in PKCS format. I cant use keytool or openssl to view its contents because its password is not the actual password to use.

I am supposed to use the password string to get the MD5 has of this string. The actual password becomes the string from the MD5 bytes of the original string. For example for the string "Baltimore1," the password is ���_>y'?s�3����^

I have been able to use the above password programmatically to view the contents of the p12 keystore.

The problem i have with the above approach is that the libraries i want to use the keystore on (Apache Rampart or WSS4J) expects the password to be stored as plain text. I cant really store the string ���_>y'?s�3����^ in a properties file.

So what i want to do is to extract the key/certificate from the p12 file and save it on a jks keystore with a password that is readable and that can be stored in a properties/configuration file.
 
Eric Daly
Ranch Hand
Posts: 143
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

So what i want to do is to extract the key/certificate from the p12 file and save it on a jks keystore with a password that is readable and that can be stored in a properties/configuration file.


Well I don't know anything about keystores. It sounds like it should be simple, but I really don't know what you're looking for exactly. I looked up jks keystores, and found something about converting keystores between p12 and jks. It just says this.
Sounds like you need Java 6. Also check out this.
Does that help?
 
Marshal
Posts: 73244
332
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Not convinced this is a beginners' question. I think this thread would sit better on the security forum, so I shall move you.
 
Ranch Hand
Posts: 290
Oracle Tomcat Server Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Why don't you create a JKS or another PKCS12 keystore with a normal password and use keytool to export and import the certificates & keys.

Then use the new keystore. I mean why you need to do it using a program/Java API.

Trying using Keytool. Will make life easier.

Aryan.
 
Ranch Hand
Posts: 220
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
He needs to do it because he doesn't believe the characters in the password can be typed on a console. I'm not sure if this is strictly true, maybe you can script the password entry using expect or something similar. In any event, you can use the KeyStore class and APIs to do it programmatically. Have a look at KeyStore
 
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am also looking for the same.

Please anyone provide me that how I can parse .p12 file using java.
 
Ranch Hand
Posts: 781
Netbeans IDE Ubuntu Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Shubham Guptas wrote:I am also looking for the same.

Please anyone provide me that how I can parse .p12 file using java.




and initialise with your .p12 file.

P.S. I suspect you will get your hand slapped for hijacking this thread.
 
I’m tired of walking, and will rest for a minute and grow some wheels. This is the promise of this tiny ad:
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
reply
    Bookmark Topic Watch Topic
  • New Topic