0

I am new in java. I have certificate file ( .cer, Signature algorithm name: SHA1withRSA ) file. And their requirement is to encrypt user password in web application.

I got several link over google none of them using .cer file extention,i imported that file in our key store using 

keytool -importcert -file C:\Users\Admin\Downloads\xyz.cer -keystore test.jks -alias demo

i am getting these key using following code :

public SecretKey getSecretKey(final String typeKeyStore,
                                      final String pathToKeyStore,
                                      final String storePassword,
                                      final String keyAlias,
                                      final String aliasPassword) throws KeyStoreException,
                IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableEntryException {

            KeyStore ks = KeyStore.getInstance(typeKeyStore);
            ks.load(new FileInputStream(pathToKeyStore),
                    storePassword.toCharArray());

            SecretKeyEntry entry = (SecretKeyEntry) ks.getEntry(
                    keyAlias,
                    new KeyStore.PasswordProtection(aliasPassword
                            .toCharArray()));
            return entry.getSecretKey();
        }

Following Exception is comming :

Exception in thread "main" java.lang.UnsupportedOperationException: trusted certificate entries are not password-protected
    at java.security.KeyStoreSpi.engineGetEntry(Unknown Source)
    at java.security.KeyStore.getEntry(Unknown Source)
    at com.aes256.MyAESCrypto.getSecretKey(MyAESCrypto.java:71)
    at com.aes256.MyAESCrypto.main(MyAESCrypto.java:100)

Can any one help me whether i am right ?

Noman Akhtar
  • 690
  • 1
  • 12
  • 17
  • Are the certificates password protected? – Nurjan Oct 19 '16 at 08:08
  • Your `.cer` file is either malformed or is missing the private key from it. – px06 Oct 19 '16 at 08:08
  • Possible duplicate of [trusted certificate entries are not password-protected Spring SAML](http://stackoverflow.com/questions/26164109/trusted-certificate-entries-are-not-password-protected-spring-saml) – px06 Oct 19 '16 at 08:08
  • @Nurzhan: yes, I have password for .cer file but how can i know it is password protected or not?? – Noman Akhtar Oct 19 '16 at 08:46
  • 1
    I have no idea what you're trying to do: 1) SHA1withRSA is a signature algorithm which has nothing to do with encryption. 2) What does this (RSA) have to do AES? 3) Passwords should never be signed or encrypted. They should be hashed repeatedly. – Artjom B. Oct 19 '16 at 18:30
  • .cer file doesn't contain the private key. It only contains the public key to encrypt data. – Dante Jun 12 '17 at 10:33

0 Answers0