5

My .key file like: -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEA1j6eGXbHpqigZ1K//wnuyr5v/L2jFm7dzTtHJx8ZoMQ4CbsG

My .pem file like: -----BEGIN CERTIFICATE----- MIIE4zCCA8ugAwIBAgIDBOziMA0GCSqGSIb3DQEBBQUAMDwxCzAJBgNVBAYTAlVT

I don't know how many steps of authenticate at here. I only want to create a ssl socket to an IP and port, and send/receive data in that socket. I tried to use keystock, but perhaps I don't understand deep about it, I always get wrong.

Please give me a guide, or sample code.

Thanks so much.

user207421
  • 305,947
  • 44
  • 307
  • 483
Brave
  • 371
  • 1
  • 3
  • 10

2 Answers2

9

I assume that the .key and .pem file represents your client certificate you have to use for performing an HTTPS client authentication. Unfortunately Java/Android prefers a different format, therefore I recommend you to import both file into a BKS file.

Creating a BKS file and importing existing .key+.pem file is very simple using KeyStore Explorer. After starting KeyStore Explorer select File -> New Keystore -> BKSv1. Afterwards you can execute Tools -> Import Key Pair and select the .pem file. Afterwards KeyStore Explorer will ask you for selecting the .key file.

Finally save the key store protected with a password of your choice.

The created BKSv1 file can now be used in your Android app. See for example the code posted in this question: Using client/server certificates for two way authentication SSL socket on Android

Robert
  • 39,162
  • 17
  • 99
  • 152
  • This is good link. But I create all thing in a thread, and get error: android.os.NetworkOnMainThreadException. Do we need to create thread for it? – Brave Jul 11 '12 at 18:38
  • In Portecle 1.9 (not sure about other versions) your `.key` file *must be password protected*, otherwise Portecle will just tell you the key is invalid. – David Murdoch Aug 11 '16 at 21:27
0

When creating a SSL connection, you just need the socket to allow the connection with your server, enabling it as a trusted source. To do so, you need to have your SSL certificate in X509 format and then create your connection as stated in this article.

Here's a guide on generating X.509 certificates.

XGouchet
  • 10,002
  • 10
  • 48
  • 83
  • 1
    The linked article is about setting an Android trust store, not a key store for HTTPS client auth, therefore it's use is limited. Also the OP does not need to generate (client) certificates as he already have .key and .pem file. – Robert Jul 09 '12 at 09:01