3

I have to import a .key file into a Java keystore to decrypt a message. There are many instructions out there on how to do this (with openssl + keytool), but they all require a certificate file to be imported along with the key. If I create a self-signed certificate and add this, will I be able to decrypt the message?

Why do I need a certificate for this in the first place? Is a key alone not sufficient for decryption?

Black
  • 343
  • 1
  • 4
  • 12
  • As far as the cert, see [Use PEM Encode CA Cert on filesystem directly for HTTPS request?](http://stackoverflow.com/questions/22493997/use-pem-encode-ca-cert-on-filesystem-directly-for-https-request). You can use the cert directly from the filesystem. I don't know about the private key, though. – jww Mar 22 '14 at 03:51

1 Answers1

3

An asymmetric key encryption works in the following manner. A service provider creates a public-private key pair. The public key is used for encryption and the private key is used for decryption. The certificate contains your public key. With tools like openssl and keytool, in order to import a private key in a key store, it is necessary to have corresponding public key or certificate along with it. This is just a tool specific feature. You'll probably need the pkcs12 file to import the private key.

Aritra
  • 1,234
  • 12
  • 20