storing SecretKey in keystore

Discussion in 'Java' started by jimgardener, Jun 19, 2008.

  1. jimgardener

    jimgardener Guest

    i created a keystore as below

    public static void makeKeyStore(){
    KeyStore ks=KeyStore.getInstance(KeyStore.getDefaultType());

    FileOutputStream ksout=new FileOutputStream("myks.keystore");
    char[] password = new char[] {'m','y','n','a','m','e'};, password);
    Arrays. fill(password, '\u0000' ) ;

    catch(Exception e){


    then i tried to store a generated key using an alias

    public static void putEntriestoKS(){
    KeyStore ks=KeyStore.getInstance(KeyStore.getDefaultType());;
    FileInputStream fin=new FileInputStream("myks.keystore");
    char[] password = new char[] {'m','y','n','a','m','e'};
    FileOutputStream fout=new FileOutputStream("myks.keystore");
    KeyGenerator kg=KeyGenerator.getInstance("AES");
    SecretKey skey=kg.generateKey();
    ks.setKeyEntry("mysecretkey", skey, password,null);,password);

    catch(Exception e){

    when i run this i am getting a Cannot
    store non-PrivateKeys
    How then can i store SecretKey ?Do i have to use another provider?can
    someone explain?
    jimgardener, Jun 19, 2008
    1. Advertisements

  2. jimgardener

    Roedy Green Guest

    You can extract the raw key bytes and store that. However it is then
    totally unprotected. When you store things in a keystore, they have an
    additional layer of encryption.

    Just guessing here, but perhaps the problem surrounds providing a
    password for the keystore file.

    You might experiment creating the keystore with keytool and adding
    your key to it rather than trying to create a keystore out of thin

    Roedy Green, Jun 20, 2008
    1. Advertisements

  3. This error normally comes up when you have not specified the keystore
    type as JCEKS. The default value is JKS but Secret Keys require JCEKS
    so you have to explicitly specify that.

    -- SD
    subhasish.das, Jun 25, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.