1

I have a simple RSA algorithm based on the basic technique of Clifford Cocks. I have it all working but I need to store my private and public key in the KeyStore so that a Server and a Client can share files using the keys.

I did some research and I found out about the command 'keytool' but it creates the key for you using either RSA or DES, and I do not know how to use it to store my own keys. Is there any way to solver this?

Or how can this problem be solved using the KeyStore class?

Thanks.

PD: The keys are stored in BigIntegers right now. But I dont think that matters.

user3512245
  • 11
  • 2
  • possible duplicate of [How to use keystore in Java to store private key?](http://stackoverflow.com/questions/9890313/how-to-use-keystore-in-java-to-store-private-key) – Drunix Apr 08 '14 at 20:07
  • @Drunix if this was a normal private key, it would be a dupe. Now not so much. – Maarten Bodewes Apr 13 '14 at 01:24
  • @owlstead: At least the accepted answer in the linked post shows how to store public keys without using keystores if you have the key given as modulus and exponent as BigIntegers. The same thing can be done for the private key. So if we don't call it a perfect duplicate, the answers there are probably very helpful. In addition they also demonstrate how to convert keys given as components via to keys using KeySpecs. So if OP really wants to use keystores, this might help (leaving the issue of creating a certificate from the public key). – Drunix Apr 13 '14 at 18:18
  • @Drunix Agreed, please leave the comment there. My thing is that it should be possible to find the question with the answer using a search. In this case that would be hard (even though the topic in this case is rather obscure). So I'm all for pointing to the other question, but not for closing this question. – Maarten Bodewes Apr 13 '14 at 20:19
  • How are you faring with this? Please do not abandon questions; follow up on them with comments indicating what is missing or - if applicable - and accept. – Maarten Bodewes Apr 15 '14 at 19:56

2 Answers2

1

It sounds like you've developed your own RSA algorithm implementation and have your own private and public key classes. I'm going to assume this is for educational purposes and avoid a rant about using existing implementations.

However, to use an existing KeyStore provider, you would need to convert your keys into the format required by that provider for storage. Once you retrieve the keys back from the key store, you'd need to perform the reverse conversion back into your own private/public key classes.

To me, that seems like an awful lot of effort to get the minimal benefits of shoving the keys into a KeyStore object. I would suggest you consider making your own simple storage scheme using serialized data.

Duncan Jones
  • 67,400
  • 29
  • 193
  • 254
1

According to this article the public and private key are not that different from "normal" RSA keys. So you can use the same RSAPublicKey and RSAPrivateCrtKey as containers. The problem is that the KeyStore implementations are very limited (pkcs#12, jks, jceks) - they cannot be used to store a single private key. You would need to create a certificate chain for the public key. This could be a self signed certificate, but it is quite a hassle just to store a key.

You could also create your own KeyStore implementation but that seems to be a huge load of work. Implementing KeyStoreSpi in your own provider is slightly less complicated, but it requires your provider to be signed with a private key and a certificate signed by Oracle.

Basically I would go with the self signed certificate trick explained above or with the serialization scheme proposed by Duncan.

For non believers:

Exception in thread "main" java.lang.IllegalArgumentException: invalid zero-length input chain
    at java.security.KeyStore$PrivateKeyEntry.<init>(KeyStore.java:393)

and 

Exception in thread "main" java.lang.NullPointerException: invalid null input
    at java.security.KeyStore$PrivateKeyEntry.<init>(KeyStore.java:390)
Community
  • 1
  • 1
Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • What exactly is KeyStore.Entry.PrivateKeyEntry for, if you can't store private keys? Of course you can. The [Javadoc](http://docs.oracle.com/javase/7/docs/api/java/security/KeyStore.html) even gives examples. – user207421 Apr 13 '14 at 01:30
  • 2
    @EJP " This type of entry holds a cryptographic PrivateKey, which is optionally stored in a protected format to prevent unauthorized access. **It is also accompanied by a certificate chain for the corresponding public key.** " – Maarten Bodewes Apr 13 '14 at 01:44
  • @EJP Basically the current KeyStore class and its implementations are only targeting X5.09 based PKI. This is even true of Sun's PKCS#11 provider. There has been talk about extending these classes, but talk != implementation. – Maarten Bodewes Apr 13 '14 at 01:59