CODEWITHSUNDEEP
javasslopensslssl-certificatex509certificate
Lolly
Lolly

Reputation: 36372

Convert private key in PEM format

I have created a self-signed certificate with Java code and added into KeyStore. Now I want to export Private key and Certificate created, into a file in PEM format. Is it possible to achieve this without any third party library ? Below is the code I use for creating self-singed certificate.

  public void createSelfSignedSSLCertificate() {
    try {            
        final CertAndKeyGen keypair = new CertAndKeyGen("RSA", "SHA1WithRSA", null);
        final X500Name x500Name =
            new X500Name(commonName, organizationalUnit, organization, city, state, country);
        keypair.generate(keysize);
        final PrivateKey privKey = keypair.getPrivateKey();
        final X509Certificate[] chain = new X509Certificate[1];
        chain[0] = keypair.getSelfCertificate(x500Name, new Date(), validity * 24 * 60 * 60);
        final String alias = JettySSLConfiguration.SSL_CERTIFICATE_ALIAS;
        keyStore.setKeyEntry(alias, privKey, keyStorePassword.toCharArray(), chain);
    } catch (final Exception e) {
       // Handle Exception
    }       
}

Any suggestion of how to export the key and certificate into file with PEM format will be really helpful.

Upvotes: 11

Views: 26560

Answers (3)

David Miguel
David Miguel

Reputation: 14360

On Android, you can use the following Kotlin extension function:

import android.util.Base64
import java.security.PublicKey

fun PublicKey.toPemString(): String {
    val publicKeyBase64: String = Base64.encodeToString(this.encoded, Base64.NO_WRAP)
    return publicKeyBase64.chunked(64).joinToString(
        separator = "\n",
        prefix = "-----BEGIN PUBLIC KEY-----\n",
        postfix = "\n-----END PUBLIC KEY-----\n"
    )
}

Upvotes: 2

Anup
Anup

Reputation: 61

Thanks Daniel Roethlisberger, for your reply. I got great help from your reply..

Implements in Java as below

String encodedString = "-----BEGIN PRIVATE KEY-----\n";
            encodedString = encodedString+Base64.getEncoder().encodeToString(Enrollment2.getKey().getEncoded())+"\n";
            encodedString = encodedString+"-----END PRIVATE KEY-----\n";

Upvotes: 5

Daniel Roethlisberger
Daniel Roethlisberger

Reputation: 7058

You use Certificate.getEncoded() and Key.getEncoded() to get DER and do the base 64 encoding and header/footer manually, e.g. using DatatypeConverter.printBase64Binary() or some other way. Something like:

certpem = "-----BEGIN CERTIFICATE-----\n" +
          DatatypeConverter.printBase64Binary(chain[0].getEncoded())) +
          "\n-----END CERTIFICATE-----\n";
keypem  = "-----BEGIN RSA PRIVATE KEY-----\n" +
          DatatypeConverter.printBase64Binary(privKey.getEncoded())) +
          "\n-----END RSA PRIVATE KEY-----\n";

Upvotes: 12

Related Questions