What is the function of Java's JCEKS? 01/16 Update SLTechnology News&Howtos

What is the function of Java's JCEKS?

2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >

Shulou(Shulou.com)06/01 Report--

This article mainly explains "what is the function of JCEKS of Java". The content of the explanation is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "what is the role of JCEKS of Java"?

JCEKS

JCEKS is a KeyStore format of the Java platform that stores keys in the KeyStore to prevent encryption keys from being exposed. The process of storing and loading different entries in JCEKS is similar to JKS, only by changing the corresponding JCEKS KeyStore type when KeyStore.getInstance () is called.

Storage key

The key can be stored in JCEKS through the following code:

Try {KeyStore keyStore = KeyStore.getInstance ("JCEKS"); keyStore.load (null, null); KeyGenerator keyGen = KeyGenerator.getInstance ("DES"); keyGen.init (56);; Key key = keyGen.generateKey (); keyStore.setKeyEntry ("secret", key, "password" .toCharray (), null); keyStore.store (new FileOutputStream ("output.jceks"), "password" .toCharray ()) } catch (Exception ex) {ex.printStackTrace ();}

Load key

The code is as follows:

Try {KeyStore keyStore = KeyStore.getInstance ("JCEKS"); keyStore.load (new FileInputStream ("output.jceks"), "password" .toCharray (); Key key = keyStore.getKey ("secret", "password" .toCharray ()); System.out.println (key.toString ());} catch (Exception ex) {ex.printStackTrace ();}

Output code:

Javax.crypto.spec.SecretKeySpec@fffe7b9bPKCS12

PKCS12 is a public key encryption standard that specifies that all private keys, public keys, and certificates can be included. It is stored in binary format, also known as an PFX file, and can be imported directly into the key area in windows. Note that PKCS12's KeyStore protection password is also used to protect Key.

Create a PKCS12 KeyStore

The KeyStore must be loaded before an entry can be stored in PKCS12, which means we must first create a KeyStore. You can simply create a PKCS12 KeyStore as follows:

It is important to note that when calling keyStore.load (null, null), the two null are passed as input keystreams and passwords. This is because we don't have a KeyStore available. After running this code, a file named output.p12 should be output in the current working directory.

Storage key

The code is as follows:

Try {KeyStore keyStore = KeyStore.getInstance ("PKCS12"); keyStore.load (null, null); KeyGenerator keyGen = KeyGenerator.getInstance ("AES"); keyGen.init; Key key = keyGen.generateKey (); keyStore.setKeyEntry ("secret", key, "password" .toCharray (), null); keyStore.store (new FileOutputStream ("output.p12"), "password" .toCharray ());} catch (Exception ex) {ex.printStackTrace ();}

Store private key

The KeyStore contains private keys and certificates that can be used for SSL communication on the network:

Try {KeyStore keyStore = KeyStore.getInstance ("PKCS12"); / / keyStore.load (new FileInputStream ("output.p12"), "password" .toCharray ()); keyStore.load (null, null);; CertAndKeyGen gen = new CertAndKeyGen ("RSA", "SHA1WithRSA"); gen.generate (1024); Key key=gen.getPrivateKey (); X509Certificate cert=gen.getSelfCertificate (new X500Name ("CN=ROOT"), (long) 3652403600) X509Certificate [] chain = new X509Certificate [1]; chain [0] = cert; keyStore.setKeyEntry ("private", key, "password" .tocharray (), chain); keyStore.store (new FileOutputStream ("output.p12"), "password" .tocharray ());} catch (Exception ex) {ex.printStackTrace ();}

Don't forget to call keyStore.store () to save the key, or the entry will be lost when the program exits.

Store certificates

You can call KeyStore.setCertificateEntry () to store the certificate:

Try {KeyStore keyStore = KeyStore.getInstance ("PKCS12"); / / keyStore.load (new FileInputStream ("output.p12"), "password" .toCharray (); keyStore.load (null, null); CertAndKeyGen gen = new CertAndKeyGen ("RSA", "SHA1WithRSA"); gen.generate (1024); X509Certificate cert=gen.getSelfCertificate (new X500Name ("CN=ROOT"), (long) 365 / 2403600); keyStore.setCertificateEntry ("cert", cert) KeyStore.store (new FileOutputStream ("output.p12"), "password" .toCharArray ();} catch (Exception ex) {ex.printStackTrace ();}

The stored certificate can be extracted by calling KeyStore.getCertificate () that provides an alias, for example:

Certificate cert = keyStore.getCertificate ("cert")

Load private key

Sun.security.rsa.RSAPrivateCrtKeyImpl@ffff2466

Load certificate chain

If a certificate chain exists in the KeyStore, we can load it by calling KeyStore.getCertificateChain ():

Try {KeyStore keyStore = KeyStore.getInstance ("PKCS12"); keyStore.load (new FileInputStream ("output.p12"), "password" .toCharray (); Key pvtKey = keyStore.getKey ("private", "password" .toCharray ()); System.out.println (pvtKey.toString ()); java.security.cert.Certificate [] chain = keyStore.getCertificateChain ("private") For (java.security.cert.Certificate cert:chain) {System.out.println (cert.toString ());}} catch (Exception ex) {ex.printStackTrace ();}

Output:

[Version: V3 Subject: CN=ROOT Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 Key: Sun RSA public key, 1024 bits modulus: 10726525526813768678166856978138525419579458260023970345104425288143881439623903178953691593873417271412048159388105588819343362936730226746250006044778656288553348708564822645040116052458743456257067298292932955080793816270263882670678173667817377562362325521865537 [From: SGT 13:03:29 To: Tue Jan 05 13:03:29 SGT 2016] Issuer: CN=ROOT SerialNumber: [5e5ca8a4]] Algorithm: [SHA1withRSA] Signature:0000: 22 21 BF 73 A6 6D 129B F7 49 6C 0E B3 50 6A 9D "! .s.m.. Il.Pj.0010: FA 30 43 32 FF 54 95 80 2E B3 8B 6F 59 D4 B5.0C" 2.T.oY..0020: 6C A6 AE 89 B7 18 9A A8 35 7D 65 37 BF ED A3 F4 l.5.e7....0030: E7 DB 5D 5F 9B DA 4B FA 39 04 9B 4D DB C2 3e FA..]. K.9. M.. > .0040: 3B C2 63 F8 1E BE 03 F3 BD 1C D48A 8E 3C 51 68 .c.

Note: how do I create a certificate chain in Java? Please refer to: click here to enter

Load certificate

Loading a certificate can be achieved by calling KeyStore.getCertificate ():

Try {KeyStore keyStore = KeyStore.getInstance ("PKCS12"); keyStore.load (new FileInputStream ("output.p12"), "password" .toCharray (); java.security.cert.Certificate cert = keyStore.getCertificate ("private"); System.out.println (cert);} catch (Exception ex) {ex.printStackTrace ();}

Output:

Import and export keys and certificates

The PKCS12 KeyStore can be used to import and export keys and certificates. The following code demonstrates exporting a private key from PKCS12 and importing it into the JKS KeyStore:

Try {KeyStore keyStore = KeyStore.getInstance ("PKCS12"); keyStore.load (new FileInputStream ("output.p12"), "password" .toCharray (); Key pvtKey = keyStore.getKey ("private", "password" .toCharray ()); java.security.cert.Certificate [] chain = keyStore.getCertificateChain ("private"); KeyStore jksStore = KeyStore.getInstance ("JKS"); jksStore.load (null, null) JksStore.setKeyEntry ("jksPrivate", pvtKey, "newpassword" .tocharray (), chain); jksStore.store (new FileOutputStream ("output.jks"), "password" .tocharray ());} catch (Exception ex) {ex.printStackTrace () Thank you for your reading, the above is the content of "what is the role of Java JCEKS?" after the study of this article, I believe you have a deeper understanding of the role of Java JCEKS, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.