user3512245
user3512245

Reputation: 11

Store own made key using KeyStore -Java

I have a simple RSA algorithm based on the basic technique of Clifford Cocks. I have it all working but I need to store my private and public key in the KeyStore so that a Server and a Client can share files using the keys.

I did some research and I found out about the command 'keytool' but it creates the key for you using either RSA or DES, and I do not know how to use it to store my own keys. Is there any way to solver this?

Or how can this problem be solved using the KeyStore class?

Thanks.

PD: The keys are stored in BigIntegers right now. But I dont think that matters.

Upvotes: 1

Views: 1436

Answers (2)

Maarten Bodewes
Maarten Bodewes

Reputation: 94118

According to this article the public and private key are not that different from "normal" RSA keys. So you can use the same RSAPublicKey and RSAPrivateCrtKey as containers. The problem is that the KeyStore implementations are very limited (pkcs#12, jks, jceks) - they cannot be used to store a single private key. You would need to create a certificate chain for the public key. This could be a self signed certificate, but it is quite a hassle just to store a key.

You could also create your own KeyStore implementation but that seems to be a huge load of work. Implementing KeyStoreSpi in your own provider is slightly less complicated, but it requires your provider to be signed with a private key and a certificate signed by Oracle.

Basically I would go with the self signed certificate trick explained above or with the serialization scheme proposed by Duncan.


For non believers:

Exception in thread "main" java.lang.IllegalArgumentException: invalid zero-length input chain
    at java.security.KeyStore$PrivateKeyEntry.<init>(KeyStore.java:393)

and

Exception in thread "main" java.lang.NullPointerException: invalid null input
    at java.security.KeyStore$PrivateKeyEntry.<init>(KeyStore.java:390)

Upvotes: 1

Duncan Jones
Duncan Jones

Reputation: 69410

It sounds like you've developed your own RSA algorithm implementation and have your own private and public key classes. I'm going to assume this is for educational purposes and avoid a rant about using existing implementations.

However, to use an existing KeyStore provider, you would need to convert your keys into the format required by that provider for storage. Once you retrieve the keys back from the key store, you'd need to perform the reverse conversion back into your own private/public key classes.

To me, that seems like an awful lot of effort to get the minimal benefits of shoving the keys into a KeyStore object. I would suggest you consider making your own simple storage scheme using serialized data.

Upvotes: 1

Related Questions