My Blog

My WordPress Blog

My Blog

My WordPress Blog

Retrieving keys

By saqibkhanPosted on Posted in 04. Java CryptographyNo Comments on Retrieving keys

In this chapter, we will learn how to retrieve a key from the keystore using Java Cryptography.

To retrieve a key from the keystore, follow the steps given below.

Step 1: Create a KeyStore object

The getInstance() method of the KeyStore class of the java.security package accepts a string value representing the type of the keystore and returns a KeyStore object.

Create an object of the KeyStore class using this method as shown below.

//Creating the KeyStore object
KeyStore keyStore = KeyStore.getInstance("JCEKS");

Step 2: Load the KeyStore object

The load() method of the KeyStore class accepts a FileInputStream object representing the keystore file and a String parameter specifying the password of the KeyStore.

In general, the KeyStore is stored in the file named cacerts, in the location C:/Program Files/Java/jre1.8.0_101/lib/security/ and its default password is changeit, load it using the load() method as shown below.

//Loading the KeyStore object
char[] password = "changeit".toCharArray();
String path = "C:/Program Files/Java/jre1.8.0_101/lib/security/cacerts";
java.io.FileInputStream fis = new FileInputStream(path);
keyStore.load(fis, password);

Learn Java in-depth with real-world projects through our Java certification course. Enroll and become a certified expert to boost your career.

Step 3: Create the KeyStore.ProtectionParameter object

Instantiate the KeyStore.ProtectionParameter as shown below.

//Creating the KeyStore.ProtectionParameter object
KeyStore.ProtectionParameter protectionParam = new KeyStore.PasswordProtection(password);

Step 4: Create a SecretKey object

Create the SecretKey (interface) object by instantiating its Sub class SecretKeySpec. While instantiating you need to pass password and algorithm as parameters to its constructor as shown below.

//Creating SecretKey object
SecretKey mySecretKey = new SecretKeySpec(new String(keyPassword).getBytes(), "DSA");

Step 5: Create a SecretKeyEntry object

Create an object of the SecretKeyEntry class by passing the SecretKey object created in the above step as shown below.

//Creating SecretKeyEntry object
KeyStore.SecretKeyEntry secretKeyEntry = new KeyStore.SecretKeyEntry(mySecretKey);

Step 6: set an entry to the KeyStore

The setEntry() method of the KeyStore class accepts a String parameter representing the keystore entry alias, a SecretKeyEntry object, a ProtectionParameter object and, stores the entry under the given alias.

Set the entry to the keystore using the setEntry() method as shown below.

//Set the entry to the keystore
keyStore.setEntry("secretKeyAlias", secretKeyEntry, protectionParam);

Step 7: Create the KeyStore.SecretKeyEntry object

The getEntry() method of the KeyStore class accepts an alias (String parameter) and, an object of the ProtectionParameter class as parameters and returns a KeyStoreEntry object then you can cast this it into KeyStore.SecretKeyEntry object.

Create an object of the KeyStore.SecretKeyEntry class by passing the alias for required key and the protection parameter object created in the previous steps, to the getEntry() method as shown below.

//Creating the KeyStore.SecretKeyEntry object
KeyStore.SecretKeyEntry secretKeyEnt = (KeyStore.SecretKeyEntry)keyStore.getEntry("secretKeyAlias", protectionParam);

Step 8: Create the key object of the retrieved entry

The getSecretKey() method of the SecretKeyEntry class returns a SecretKey object. Using this method create a SecretKey object as shown below.

//Creating SecretKey object
SecretKey mysecretKey = secretKeyEnt.getSecretKey();      
System.out.println(mysecretKey);

Example

Following example shows how to retrieve keys from a key store. Here, we store a key in a keystore, which is in the “cacerts” file (windows 10 operating system), retrieve it, and display some of the properties of it such as the algorithm used to generate the key and, the format of the retrieved key.

import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.KeyStore.ProtectionParameter;
import java.security.KeyStore.SecretKeyEntry;

import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

public class RetrievingFromKeyStore{
   public static void main(String args[]) throws Exception{

  //Creating the KeyStore object
  KeyStore keyStore = KeyStore.getInstance("JCEKS");


  //Loading the the KeyStore object
  char[] password = "changeit".toCharArray();
  java.io.FileInputStream fis = new FileInputStream(
     "C:/Program Files/Java/jre1.8.0_101/lib/security/cacerts");
  
  keyStore.load(fis, password);
  
  //Creating the KeyStore.ProtectionParameter object
  ProtectionParameter protectionParam = new KeyStore.PasswordProtection(password);


  //Creating SecretKey object
  SecretKey mySecretKey = new SecretKeySpec("myPassword".getBytes(), "DSA");
  
  //Creating SecretKeyEntry object
  SecretKeyEntry secretKeyEntry = new SecretKeyEntry(mySecretKey);
  keyStore.setEntry("secretKeyAlias", secretKeyEntry, protectionParam);


  //Storing the KeyStore object
  java.io.FileOutputStream fos = null;
  fos = new java.io.FileOutputStream("newKeyStoreName");
  keyStore.store(fos, password);
  
  //Creating the KeyStore.SecretKeyEntry object
  SecretKeyEntry secretKeyEnt = (SecretKeyEntry)keyStore.getEntry("secretKeyAlias", protectionParam);


  //Creating SecretKey object
  SecretKey mysecretKey = secretKeyEnt.getSecretKey();      
  System.out.println("Algorithm used to generate key : "+mysecretKey.getAlgorithm());   
  System.out.println("Format used for the key: "+mysecretKey.getFormat());
   }
}

Output

The above program generates the following output −

Algorithm used to generate key: DSA
Format of the key: RAW
Retrieving keys

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top