tag:blogger.com,1999:blog-2648073517459434852.post5557323151249831557..comments2024-01-10T08:12:30.187+00:00Comments on G's Blog: Storing a password somewhere safeGerard Davisonhttp://www.blogger.com/profile/16521924431312439170noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-2648073517459434852.post-64543803790783126962015-01-05T20:45:26.042+00:002015-01-05T20:45:26.042+00:00Would PKCS12 keystore work, too? It seems to me th...Would PKCS12 keystore work, too? It seems to me that it could solve the interoperability/compatibility issue edward wrote about.peci1https://www.blogger.com/profile/14306747948015472665noreply@blogger.comtag:blogger.com,1999:blog-2648073517459434852.post-90994888901168779002014-11-06T22:03:05.288+00:002014-11-06T22:03:05.288+00:00I think you mean ks.store(...) ?
Keystore does not...I think you mean ks.store(...) ?<br />Keystore does not have a save(...) method.<br /><br />Here's a full working example adapted from your code.<br /><br />Thanks,<br />Dan.<br /><br /><br />import java.io.IOException;<br />import java.nio.file.Files;<br />import java.nio.file.Path;<br />import java.security.*;<br />import java.security.KeyStore.PasswordProtection;<br />import java.security.KeyStore.SecretKeyEntry;<br />import java.security.cert.CertificateException;<br />import java.security.spec.InvalidKeySpecException;<br /><br />import javax.crypto.SecretKey;<br />import javax.crypto.SecretKeyFactory;<br />import javax.crypto.spec.PBEKeySpec;<br /><br /><br />public class SecretKeyUtil {<br /><br /><br /> private SecretKeyFactory factory;<br /><br /> private KeyStore ks;<br /><br /> private Path keystoreLocation;<br /><br /> private char[] keystorePassword;<br /><br /> public SecretKeyUtil(Path keystoreLocation, char[] keystorePassword, boolean loadExisting)<br /> throws KeyStoreException, IOException,<br /> NoSuchAlgorithmException, CertificateException {<br /><br /> this.keystoreLocation = keystoreLocation;<br /> this.keystorePassword = keystorePassword;<br /><br /> ks = KeyStore.getInstance("JCEKS");<br /> if (loadExisting) {<br /> ks.load(Files.newInputStream(keystoreLocation), keystorePassword);<br /> } else {<br /> if (Files.exists(keystoreLocation)) {<br /> throw new IOException("Cannot create new keystore, keystore file " + keystoreLocation<br /> + " already exists");<br /> }<br /> ks.load(null, keystorePassword);<br /> }<br /><br /> factory = SecretKeyFactory.getInstance("PBE");<br /> }<br /><br /> public void createKeyEntry(String alias, char[] password) throws KeyStoreException, NoSuchAlgorithmException,<br /> CertificateException, IOException,<br /> InvalidKeySpecException {<br /><br /> SecretKey generatedSecret = factory.generateSecret(new PBEKeySpec(password));<br /><br /> ks.setEntry(alias, new SecretKeyEntry(generatedSecret), new PasswordProtection(keystorePassword));<br /><br /> ks.store(Files.newOutputStream(keystoreLocation), keystorePassword);<br /><br /> }<br /><br /> public char[] retrieveEntryPassword(String alias) throws NoSuchAlgorithmException, UnrecoverableEntryException,<br /> KeyStoreException, InvalidKeySpecException {<br /><br /> SecretKeyEntry entry = (SecretKeyEntry) ks.getEntry(alias, new PasswordProtection(keystorePassword));<br /> PBEKeySpec keySpec = (PBEKeySpec) factory.getKeySpec(entry.getSecretKey(), PBEKeySpec.class);<br /><br /> return keySpec.getPassword();<br /><br /> }<br /><br /><br /><br />}dan chttps://www.blogger.com/profile/00110272593363163116noreply@blogger.comtag:blogger.com,1999:blog-2648073517459434852.post-63847375154723967172014-11-06T11:07:34.711+00:002014-11-06T11:07:34.711+00:00Sorry that should have been ks.save, sorry for the...Sorry that should have been ks.save, sorry for the typo.Gerard Davisonhttps://www.blogger.com/profile/16521924431312439170noreply@blogger.comtag:blogger.com,1999:blog-2648073517459434852.post-39772545142414843862014-10-20T00:23:52.324+01:002014-10-20T00:23:52.324+01:00ls.save(...)
What is ls, where did this come from...ls.save(...)<br /><br />What is ls, where did this come from?dan chttps://www.blogger.com/profile/00110272593363163116noreply@blogger.comtag:blogger.com,1999:blog-2648073517459434852.post-30344478581924265302012-08-21T19:24:15.622+01:002012-08-21T19:24:15.622+01:00Good article. But I am confused as to how I can se...Good article. But I am confused as to how I can secure my keystore password.Kamal Girihttps://www.blogger.com/profile/01646234912977814798noreply@blogger.comtag:blogger.com,1999:blog-2648073517459434852.post-63740719508208051842011-03-27T17:05:27.208+01:002011-03-27T17:05:27.208+01:00The SecretKey storage is provider-dependent in JCE...The SecretKey storage is provider-dependent in JCEKS: what you write in an IBM JRE can't be read in a Sun/Oracle one and vice-versa. Is there a workaround for that?Unknownhttps://www.blogger.com/profile/03113742777933553031noreply@blogger.comtag:blogger.com,1999:blog-2648073517459434852.post-52918129523932985942011-03-27T16:32:37.770+01:002011-03-27T16:32:37.770+01:00This works but storing secret keys in JCEKS seems ...This works but storing secret keys in JCEKS seems to be provider-dependent: what's stored in an IBM JRE can't be read from a Sun/Oracle one and vice-versa. This is not the case for private keys. Any workaround for this?Unknownhttps://www.blogger.com/profile/03113742777933553031noreply@blogger.com