Re: Keystore exception when signing document.

[Ed Sweet]

Hi Arshad,

Thanks for the reply.

How does the code you supplied differ from the PKCS12Import tool [1] found in the Jetty distribution?

I'm using PKCS12Import to convert my .p12 file to .jks.

Ed.

[1] http://mortbay.org/apidocs/org/mortbay/jetty/security/PKCS12Import.html

On 30/08/06, Arshad Noor <[EMAIL PROTECTED]> wrote:

If the supplier gave you a PKCS12 file, then feel free to use the
following to import the key and certificate into your JKS keystore.
Not a lot of error-checking in here, since I use it for my personal
use.

Arshad Noor
StrongAuth, Inc.


------------------------

import java.security.*;
import java.io.*;

class p12jkstool
{
     static public void main(String[] args) throws Exception
     {
         if (args.length < 7)
         {
             System.err.println("Usage: java p12TOjks <pkcs12-file>
<pkcs12-password> <pkcs12-alias> <jks-keystore> <jks-password>
<jks-alias> <new-jks-keystore>");
             return;
         }

         String p12file  = args[0];
         String p12pin   = args[1];
         String p12alias = args[2];
         String jksfile  = args[3];
         String jkspin   = args[4];
         String jksalias = args[5];
         String newjks   = args[6];

         try
         {
             //pkcs12 keystore
             KeyStore pks = KeyStore.getInstance ("pkcs12");
             //jks keystore
             KeyStore jks = KeyStore.getInstance("jks");

             // load the pkcs12 file
             pks.load(new FileInputStream(p12file), p12pin.toCharArray());

             // load the jks file (have to have an existing one)
             jks.load(new FileInputStream(jksfile), jkspin.toCharArray());

             //read the p12 certificate
             java.security.cert.Certificate [] cc =
pks.getCertificateChain(p12alias);
             Key k = pks.getKey(p12alias, p12pin.toCharArray());

             // add to keystore and save
             jks.setKeyEntry(jksalias, k, jkspin.toCharArray(), cc);
             FileOutputStream out = new FileOutputStream(newjks);
             jks.store(out, jkspin.toCharArray());
             out.close();
             System.out.println("Transferred P12 key to new JKS
keystore: " + newjks);

         } catch (Exception ex) {
             ex.printStackTrace();
         }
     }
}

------------------------

Ed Sweet wrote:
>
> My main question here is what procedure should I be using to create the
> keystore from keys/certificates supplied by a thrid-party? I can use the
> test keystore supplied with the xml-security library with my code no
> problem, it's just when I try and use a keystore I've created myself I
> get this exception. What procedure do you use?
>
> Thanks for your help,
>