storing SecretKey in keystore

J

jimgardener

hi
i created a keystore as below

public static void makeKeyStore(){
try{
KeyStore ks=KeyStore.getInstance(KeyStore.getDefaultType());

ks.load(null,"".toCharArray());
FileOutputStream ksout=new FileOutputStream("myks.keystore");
char[] password = new char[] {'m','y','n','a','m','e'};
ks.store(ksout, password);
Arrays. fill(password, '\u0000' ) ;

}
catch(Exception e){
e.printStackTrace();
}

}

then i tried to store a generated key using an alias

public static void putEntriestoKS(){
try{
KeyStore ks=KeyStore.getInstance(KeyStore.getDefaultType());;
FileInputStream fin=new FileInputStream("myks.keystore");
char[] password = new char[] {'m','y','n','a','m','e'};
ks.load(fin,password);
FileOutputStream fout=new FileOutputStream("myks.keystore");
KeyGenerator kg=KeyGenerator.getInstance("AES");
SecretKey skey=kg.generateKey();
ks.setKeyEntry("mysecretkey", skey, password,null);
ks.store(fout,password);
Arrays.fill(password,'\u0000');

}
catch(Exception e){
e.printStackTrace();
}
}



when i run this i am getting a java.security.KeyStoreException: Cannot
store non-PrivateKeys
How then can i store SecretKey ?Do i have to use another provider?can
someone explain?
thanks
Jim
 
R

Roedy Green

when i run this i am getting a java.security.KeyStoreException: Cannot
store non-PrivateKeys
How then can i store SecretKey ?Do i have to use another provider?can
someone explain?
thanks
Click to expand...

You can extract the raw key bytes and store that. However it is then
totally unprotected. When you store things in a keystore, they have an
additional layer of encryption.

Just guessing here, but perhaps the problem surrounds providing a
password for the keystore file.

You might experiment creating the keystore with keytool and adding
your key to it rather than trying to create a keystore out of thin
air.

see http://mindprod.com/jgloss/keytool.html
 
S

subhasish.das

You can extract the raw key bytes and store that.  However it is then
totally unprotected. When you store things in a keystore, they have an
additional layer of encryption.

Just guessing here, but perhaps the problem surrounds providing a
password for the keystore file.

You might experiment creating the keystore with keytool and adding
your key to it rather than trying to create a keystore out of thin
air.

seehttp://mindprod.com/jgloss/keytool.html
Click to expand...

This error normally comes up when you have not specified the keystore
type as JCEKS. The default value is JKS but Secret Keys require JCEKS
so you have to explicitly specify that.

-- SD
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

incorrect decryption using AES/CBC 2
KeyStore/ Certificates stored by the JRE Runtime 0
Dynamically retrieve SSL client certificate 0
a little question about DES 1
using CipherInputStream 6
PBE 3
Using hybrid encryption/decryption 2
SSLServerSocket and SSLHandshakeException 0

Members online

Total: 29 (members: 1, guests: 28)
Robots: 462

Forum statistics

Threads
473,769
Messages
2,569,579
Members
45,053
Latest member
BrodieSola

Latest Threads

Top