Reputation: 221
Generate CSR from private key or Key Store
How can i generate CSR from the Key Store.
I have generated CSR from key pair. Below is my code.
public static PKCS10CertificationRequest generateCSR(KeyPair keyPair, String cn) throws IOException,
OperatorCreationException {
String principal = String.format(CN_PATTERN, cn);
ContentSigner signer = new JCESigner (keyPair.getPrivate(),DEFAULT_SIGNATURE_ALGORITHM);
PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(
new X500Name(principal), keyPair.getPublic());
ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
extensionsGenerator.addExtension(Extension.basicConstraints, true, new BasicConstraints(
true));
csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest,
extensionsGenerator.generate());
Log.e("csr builder ","csr "+csrBuilder.toString());
PKCS10CertificationRequest csr = csrBuilder.build(signer);
return csr;
}
But i cannot generate CSR from Keystore(Private Key). Is there any way i can generate key pair from Keystore?
Please help me.Thanks in Advance.
Upvotes: 4
Views: 3286
Answers (2)
Reputation: 5732
I presume you're talking about java.security.KeyStore. This abstraction requires that each stored PrivateKey has a corresponding chain of Certificate instances (one or more certificate). This means you should be able to create a KeyPair from a private key entry of KeyStore. For example, if the private key is stored under "test":
String alias = "test";
KeyStore keyStore = KeyStore.getInstance(...);
keyStore.load(...;);
PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, null);
PublicKey publicKey = keyStore.getCertificate(alias).getPublicKey();
KeyPair keyPair = new KeyPair(publicKey, privateKey);
generateCsr(keyPair, ...);
Upvotes: 0
Reputation: 39271
Your code is compatible with Android KeyStore. You just need to generate the KeyPair into the Keystore
The KeyStore is available from Android 4.3 (API level 18). There are slight differences between versions
Android >=18 < 23
KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(context)
.setAlias(alias)
.setSubject(new X500Principal("CN=" + alias + ", O=Android Authority"))
.setSerialNumber(BigInteger.ONE)
.setStartDate(start.getTime())
.setEndDate(end.getTime())
.build();
KeyPairGenerator kpg = KeyPairGenerator.getInstance(
KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore");
kpg.initialize(spec);
KeyPair keyPair = kpg.generateKeyPair();
Android >=23
KeyPairGenerator kpg = KeyPairGenerator.getInstance(
KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore");
kpg.initialize(new KeyGenParameterSpec.Builder(
alias,
KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY)
.setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512)
.setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1)
.build());
KeyPair keyPair = kpg.generateKeyPair();
Upvotes: 3
Related Questions
- How can I generate an Android Keystore from a key.pk8 and certificate.pem?
- What is the best way to generate Certificate Signing Request using AndroidKeyStoreProvider?
- Provide private key and certificate for android app
- import RSA keyPair to KeyStore
- ECDH using Android KeyStore generated private key
- Saving private key with certificate in keystore - Android
- How to generate certificate sign request in Android app with public key in Java card
- How to store the certificate and private key in the keystore of SSL context?
- Android - How to build keystore for SSL authentication given the certificate chain
- Retrieve Private Key for the generated CSR