How to add, delete or display keys from a keystore without using keytool for AES encryption?

Question

How can I manage keystore in java without using keytool command ?

I know how to load the Key Store from the java code, but this is not what I just want, I want to create a Keystore, Display keys from a keystore or delete a Key entry from a keystore.

Is it possible to do with the java code ?

This is how i am loading the keystore,

KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());

    // get user password and file input stream
    char[] password = getPassword();

    java.io.FileInputStream fis = null;
    try {
        fis = new java.io.FileInputStream("keyStoreName");
        ks.load(fis, password);
    } finally {
        if (fis != null) {
            fis.close();
        }
    }

The instructions are given here to generate a new keystore,

https://docs.oracle.com/javase/6/docs/api/java/security/KeyStore.html

but it just generate an empty keystore, not a keystore with the key inside it.

Sufiyan Ghori · Accepted Answer

First of all, you have to create an empty keystore before adding a key inside it, and your code wouldn't work because,

To create an empty keystore using the above load method, pass null as the InputStream argument.

See the following example to see how to pass null as argument.

Creating a Keystore,

public static void createStore(String path, String keyStoreName,
            String storePassword) throws KeyStoreException,
            NoSuchAlgorithmException, CertificateException, IOException {
        KeyStore store = KeyStore.getInstance("BKS");
        char[] password = storePassword.toCharArray();
        store.load(null, password);

        FileOutputStream fos = new FileOutputStream(path + keyStoreName);
        store.store(fos, password);
        System.out.println("New Store Created !");
        fos.close();
    }

The above code is copied from my repo, aes-256-java-bks

According to its description, it has all the features which you need,

This simple code allows you to encrypt/decrypt any kind of file using AES-256 standard. It uses Bouncy Castle Keystore for Key Management. Beside Encryption, the code allows you to manage your keystore, like Creating a new Keystore, Loading an existing keystore, adding key to an existing keystore, generating new Key with user Password, deleting key from a keystore or displaying keys from given keystore, all these features could be accessed at runtime, all you need to do is execute the program.

The following codes are from the same repository as mentioned above,

Loading store,

static KeyStore loadStore() throws KeyStoreException,
            FileNotFoundException, IOException, NoSuchAlgorithmException,
            CertificateException {

        KeyStore store = KeyStore.getInstance("BKS");

        InputStream keystoreStream = new FileInputStream(keyStoreLocation);
        store.load(keystoreStream, storePassword.toCharArray());
        System.out.println("Key Store loaded!
");
        return store;
    }

For security reasons, you cannot display actual keys from the keystore, but you sure could get the list of all the aliases of keys from the keystore,

Check this code,

private static void getAliases() throws KeyStoreException,
            FileNotFoundException, NoSuchAlgorithmException,
            CertificateException, IOException {
        if (store.size() == 0)
            System.out.println("Store is Empty!");
        Enumeration enumeration = store.aliases();
        while (enumeration.hasMoreElements()) {
            String alias = (String) enumeration.nextElement();
            System.out.println("Key Alias: " + alias);
        }
    }

Deleting a Key from keystore,

public static void deleteAlias(String alias) throws KeyStoreException {
        store.deleteEntry(alias);
    }

How to add, delete or display keys from a keystore without using keytool for AES encryption?

Answers (2)

Related Questions