1

I want to store a private key in a java keystore. My file looks like

-----BEGIN PRIVATE KEY-----
actual key
-----END PRIVATE KEY-----

All examples I get by googling involve storing a certificate as well. I do not have a certificate and I do not need it.

How do I store only a private key on a linux machine via the command line? (There seem to be some examples in java, but a sysadmin would be doing adding it in all machines where the application will be deployed, so a command line method is needed)

I need to read the private key from a java application, I hope that something similar to

  final Key key = (PrivateKey) keystore.getKey(alias, password.toCharArray());

will work, but haven't been able to test it as I haven't been able to store a private key in the first place.

I would need to read that key from my java application

ranban282
  • 148
  • 1
  • 14
  • The relevant Java commandline tool, keytool, cannot read a privatekey-PEM file like yours at all, neither with nor without a certificate. If you have OpenSSL (which Linuxes I've used do, but that doesn't mean all) `openssl pkcs12 -export -inkey privkeypem -nocerts -name alias -out p12file` creates a file Java can use (read) as a keystore, although programs other than yours may crash on the no-cert case. Below 8u40 or so you must specify the storetype; above that it's either handled by a compatibility shim (updates of 8) or defaulted (9 up). – dave_thompson_085 May 20 '22 at 11:07
  • ... Except the most recent OpenSSL (3.0.x) by default encrypts PKCS12 with PBES2+HmacSHA256+AES which older Java versions can't read and some versions read _incorrectly_ (symptom is BadPaddingException and it may claim the password is wrong when it isn't); see https://stackoverflow.com/questions/72270379/ and https://stackoverflow.com/questions/71220426/ – dave_thompson_085 May 20 '22 at 11:11

0 Answers0