0

I am trying to import an existing RSA private / public key into the android keystore (Android 7.0.3.2, Emulator).

I have both keys as PCKS 1 inside PEM files. I tried making them a pcks12 file with openssl, but when I try to import those with the below code:

private void getCertsFromP12(String pathToFile, String passphrase){
        try {
            File folder = Environment.getExternalStoragePublicDirectory(Environment.DIRECTORY_DOWNLOADS);
            File myFile = new File(folder, "Tokkey.p12");
            KeyStore p12 = KeyStore.getInstance("pkcs12");
            p12.load(new FileInputStream(myFile), passphrase.toCharArray());
            Enumeration e = p12.aliases();
            while (e.hasMoreElements()) {
                String alias = (String) e.nextElement();
                X509Certificate c = (X509Certificate) p12.getCertificate(alias);
                addCertificateToKeyStore(c);
            }
        }
        catch (Exception e) {

            Log.d(TAG,"error",e);
        }
}

private void addCertificateToKeyStore(X509Certificate c) {
    try {
        KeyStore ks = KeyStore.getInstance("AndroidKeyStore");
        ks.load(null);
        ks.setCertificateEntry("myCertAlias", c);
    } catch (Exception e){}
}

It says file corrupt or password invalid. When I try to install them via the settings, it won't accept any password, constantly telling me its wrong.

I have been bashing my head against this for hours now and would really appreciate some help!

The keys are in the following format:

-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEArQ2gq2Y3HE9PfFTkEcJcVBNhme0vFF4uk4wgh3AJa/GgSu5o
PyAbPmE/kzE1Ye7+S/1WlRYfYLUyzF2lZJuc/1Q2ZBCwdMuJ2TFxuHlqo00zKBNH
RhsdzmXyY+NbCUFuH5DPMs3QRs/jQvYle2mTlslULC5ndoQrT229+GxgdR3zScKJ
Olheqa81nEfFkVKjFTcLeYslCNO3sX/DP/m+WDomeFtp1k73tk14EBMtQlUb895c
xu27b5bdbsbJNdDcSonXsqzxwZtW3mZZN494qkMCrAdiYyFQ17UOmHlP+7wGNqpn
L/XLeP8k2ufpHfo/j2rgD21zqjncQ1WCstFi8QIDAQABAoIBAQCPbdIS/V8D+cAZ
foqhJYQ8suucFneE3CKia+uyFWvZqaR/NmX0m/m4lAWLS6fBCcJ+3PRcEL/k+Ymm
1J72afuPrA6AlUyLIP+Zol9s1EVMH/ocZw4Vzve/T8O8gn27iB1r0CvLIcZUSo1D
vJuIVBLdUPSQwc1C73yuEnj3Y2v25IUA6We2Mlo1wJATMg7a99J1v+IofpDizQ/G
fjXXAcbN4g4pbcNZ6pzCqPlRP9kjJCR9K9uLiMBnQWN+mIXo+OoXXo9OAzy8LkSi
HWwAWR7BQTVQN5eyq7Foldx7d4E10B+reSYZRfIxFswEUv3uMxuMpry7+itkcRbl
HRpEqywBAoGBANZLYaTPjRJqIVsTN7dktS7cXG/YJEV3jy8fRBJgkssHxaBpUamJ
4SUXG2ZsR0HgRboQcIQ7xdNYWcgwkEBChs/k8Tk8eSROydwdXnz7072F0mAYn5f9
sGIY8M/NRR7SSG72RxtkVzB9yRlYHSIxjK9kRMA15Vx6TAI1L4mDgHwhAoGBAM67
hKRcMWhRfPQlm9BkQN2H9IBjO/DgY7sReXUugbiZ+663JCi4ksde5JGT16JWJihC
3/Z26FG8ryviYC0w3YDaeaReflSGg4qunxvg6xAk3URH9KcaqvL3egeR9cK4lCG4
kK8kpczIg3lf8IR2/ouUSO2Rdz1qhMiY77YByozRAoGBAMX1Wt1B8iLpsaiNhzG+
MXV5kVash0041ieErYCAf/pYUqMNx6djPH3j66bhLa5YPHFWkGpHQUcsXbwFyKvk
CN9xsbja+VmmAul4o/m3NHHmdmHZPUzNyKvGOGbuTATd4pXGogdW2QhtmmD0Oe2F
cl3vtWcOIrQcMaz0btaMiRuhAoGARqC94kE1CAS/AdJPd1So7IZkO/CrK9IdgG2p
5yTqYJ0K5VfgXKEiVEbRJAM0aluwUZT3WwaovDQQTJfcb9P/+OOrJ0K5OjtyeVDL
PwUKictuZMOIjAaKXNO7txZgthPFV/fsRkno8xuV/0ONslPNBva0K6XE7RCVKMtH
KhFWl+ECgYBgNrlbK5J5JreTXsql1DYMQGpf07DBxWhksY1/bLvz6qL2fURA1WLO
n2MEQpygCw3/PnUSHCuvvtgZtpiejz9xNQq2P8s/66/ZEItbd69b7SLC0z5M/MWD
WCWo43bvnvE2exWaiSEkbSIrFLyWbszVsY2FjbtCN9hago8fD3lPuQ==
-----END RSA PRIVATE KEY-----
Martijn Deleij
  • 91
  • 1
  • 16
  • Are you aware that cert and private key installed via settings go into Android Keychain not AndroidKeystore? Also your code only uses the certificate and ignores the private key, is this what you want? In difference to .Net languages in Java a certificate is just the certificate with it's public key, the private key is a different class. – Robert Sep 12 '22 at 21:16
  • Yeah, like I said, I am not very good at this. I need both the private key and the certificate installed in the KeyStore, not the keyChain.... – Martijn Deleij Sep 12 '22 at 21:17
  • Then try [this answer](https://stackoverflow.com/a/36805098/150978). Note that is uses DER encoded cert and key, not PEM encoded. You can convert your PEM files to DER files using openSSL (or just apply base64 decode on the part between the `---` lines and save that to a file then it is DER encoded). – Robert Sep 13 '22 at 07:29

0 Answers0