RE: Store an OpenSSL generated private key in a Java (Sun) keystore

Thu, 27 May 2004 09:59:27 -0700 

Tim,

Thanks for your suggestion...it looks like I've got it to work.
I initially generated a RSA key with "des3", using "openssl genrsa".

I took that key (keytest.pem), and fed it into:
openssl pkcs8 -nocrypt -in keytest.pem -topk8 -out keytest8.pem

That gave me an unencrypted PKCS8 key, which I fed the Base 64 decoded bytes into the 
following Java code:

                PKCS8EncodedKeySpec privKeySpec = new PKCS8EncodedKeySpec( keyBytes );
                KeyFactory keyFactory = KeyFactory.getInstance("RSA");
                privKey = keyFactory.generatePrivate( privKeySpec );

Then, I programmatically added it to the Java KeyStore.

Thanks again,
Mike

-----Original Message-----
From: Tim Bond [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 26, 2004 11:08 AM
To: [EMAIL PROTECTED]
Subject: Re: Store an OpenSSL generated private key in a Java (Sun)
keystore


Mike,

Encrypted private keys are usually in PKCS#8 EncryptedPrivateKeyInfo 
format.  In order to get it into a Java keystore, you should put the 
keypair into a PKCS#12 file and import it.  See the pkcs8 and pkcs12 man 
pages . . .

-- Tim

>>Hi All,
>>
>>I want to store an OpenSSL generated private key in a Java (Sun) keystore.
>>
>>The OpenSSL private key is password protected.  Can anyone tell me the basics of how 
>>it's encrypted?  A simple cipher?  Or, can someone point me to the OpenSSL code to 
>>look at for this?
>>
>>If I know how to de-cipher it, I can load it into a Java security class for a 
>>PrivateKey, and then get it into a Java keystore.
>>
>>I guess my other option is to generate the private key without password protection.  
>>In this case, is the key simply stored in a Base 64 encoded format?
>>
>>Thanks,
>>Mike
>>    
>>
>______________________________________________________________________
>OpenSSL Project                                 http://www.openssl.org
>User Support Mailing List                    [EMAIL PROTECTED]
>Automated List Manager                           [EMAIL PROTECTED]
>
>  
>


-- 
Tim

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to