8

All.I am working on an android project. I need to generate a RSA keypair then use them to communicate with others.I need to store the private key and public key in a secure place and I find KeyStore could be used.

I see that KeyStore could store KeyStore.PrivateKeyEntry but it need a Certificate[] chain. I tried to create it but failed...

Is there anyone could paste some example code used to store private key and public key.

Thanks so much!

wayne_bai
  • 1,218
  • 4
  • 14
  • 23
  • 1
    Hi, Do you have to create/manage certificates programmatically?. Because You don't have to write any code to create or import certificates into keystore. You can use [keytool](http://docs.oracle.com/javase/7/docs/technotes/tools/windows/keytool.html) for this. – sperumal Jun 25 '12 at 14:32
  • Hi supermal, thanks your reply.I have to finish this programmatically. – wayne_bai Jun 25 '12 at 14:59
  • have a look at the docs http://docs.oracle.com/javase/6/docs/api/java/security/KeyStore.html – Mar Cel Jun 25 '12 at 16:03
  • I'd say this may be enough information about the programatical usage of keystore – Mar Cel Jun 25 '12 at 16:04
  • The bouncycastle PKIX/CMS library can be used to generate a Certificate programmatically. – President James K. Polk Jun 25 '12 at 22:41

1 Answers1

6

Like you said, in order to store the Private key into the keystore, you need the Private key (which you have) and the Certificate chain for the corresponding public key. What you have is just the public key, you need to obtain a certificate from an authority based on your public key. Yes, you can self-sign the certificate. But I don't think there is any built Java API to to create and self-sign a certificate programmatically.

There was similar discussion on this thread. The accepted solution describes storing private key and public key outside of keystore in a protected file.

You can read more about Java Cryptography architecture here http://docs.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html

Hope this helps.

Community
  • 1
  • 1
sperumal
  • 1,499
  • 10
  • 14
  • 4
    Just a comment. The linked accepted solution stores the keys in unprotected files. – Andy Jun 07 '15 at 20:09