0

I need use ssl(2 way handshake) socket for connection in my project. So for creating keys, i used openssl with this comands :

for server : 

req -x509 -days 3650 -nodes -newkey rsa:2048 -keyout a_private.key -out a_certificate.cert

rsa -in a_private.key -des3 -out a_private_des.key

rsa -in a_private_des.key -pubout -out a_pub.key

for client :

req -x509 -days 3650 -nodes -newkey rsa:2048 -keyout b_private.key -out b_certificate.cert

rsa -in b_private.key -des3 -out b_private_des.key

rsa -in b_private_des.key -pubout -out b_pub.key

for import to jks file i used keytool:

keytool -import -alias a_private -file a_private_des.key -keystore a.jks

keytool error: java.lang.Exception: Input not an X.509 certificate

after that, I made der file with this command :

pkcs8 -topk8 -in a_private_des.key -out a_private_des.der -outform DER

and retry to import key to jks file:

keytool -import -alias a_private -file a_private_des.der -keystore a.jks

keytool error: java.lang.Exception: Input not an X.509 certificate

and I get same exception with b_pub.key

how can I import encrypted private key and public key in jks file ?

tanx alot.

President James K. Polk
  • 40,516
  • 21
  • 95
  • 125
Ardeshir Ayati
  • 113
  • 1
  • 5

2 Answers2

1

To import a key pair (key and cert) into a java keystore, you first need to create a p12 file. Whilst the question is "import encrypted private key to jks", I don't actually believe the key in question is encrypted as the "nodes" option is used.

So to import a key, and cert into a JKS use:

# create p12
openssl pkcs12 -export \
  -name a_private \
  -out a_private.p12 \
  -inkey a_private.key \
  -in a_certificate.cert \
  -passin "pass:changeit" \
  -passout "pass:changeit"
    
# create jks
keytool -v -importkeystore -deststoretype pkcs12 -destkeystore \
  "a.jks" \
  -srckeystore "a_private.p12" -srcstoretype pkcs12 \
  -alias "a_private" -srcstorepass "changeit" \
  -deststorepass "changeit" -destkeypass "changeit"

Actually change the password "changeit" as well.

JoSSte
  • 2,953
  • 6
  • 34
  • 54
Jordan Stewart
  • 3,187
  • 3
  • 25
  • 37
0

I believe the -import option only let's you import certificates, not keys. Looking at this post it seems you may have to write some kind of workaround.

Community
  • 1
  • 1
Garreth
  • 1,057
  • 2
  • 9
  • 24
  • tanx for your response. I need use encrypted key for ssl socket conection. how can I use public key in my client socket ? – Ardeshir Ayati Feb 06 '15 at 17:37
  • I think the process would be to create your private key, create a self signed certificate using that key and then create and add the certificate to a jks truststore which you can then deploy for your application to use. So I think the item you need to change is to import the certificate you created (a_certificate.cert) into a.jks instead of trying to import the key. Once done you can then verify by using `keytool -list -v -keystore a.jks` to view the contents of the keystore. – Garreth Feb 09 '15 at 15:25