Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

openssl der files importing into java keystore

Tags:

java

openssl

public-key-encryption

I created a keypair with openssl and want them to import into the java-keystore:

1) openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out my_privatekey.pem
2) openssl rsa -pubout -outform DER -in my_privatekey.pem -out mypublic_key.der
3) openssl pkcs8 -topk8 -nocrypt -outform DER -in my_privatekey.pem -out my_privatekey.der

First, I create a private-key (in .pem-Format), then I create a public key and at the end I convert the private key into a format that can be used in java (pkcs8).

Now, I want to use those keys in a secure way in my java application, so I did some research and the solution seems to be by using the java-keystore.

However, if I am correct, you are not able to store the public key directly into the keystore, because you must create a certificate first:

convert your certificate in a DER format :

openssl x509 -outform der -in certificate.pem -out certificate.der

import into the keystore

keytool -import -alias your-alias -keystore cacerts -file certificate.der

This brings me now to my question. Is it possible to import the private and public key into the keystore without a certificate? I don't need a certificate, as I only want to store my keys securely, so they are password-protected.

If this is not possible, than you could create and sign your own certificate. However, a certificate can be expired, so after some time I have to always renew it or am I wrong?

I share this public key with a third-party (they need this key to verify the data which I signed with my private key) and I also get a public key from them, to encrypt some data. So I need to store 2 public keys at the end (my key and the public key which I receive).

How do I do that? Do I need to create 2 certificates as a hack, in order to be able to store them into the java-keystore?

like image 639
Thomas8271 Avatar asked Oct 15 '25 20:10

Thomas8271

1 Answers

The "keytool -importcert" command had no trouble reading the certificate in both PEM and DER formats.

keytool -importcert -file <openssl_crt.pem> -keystore <jks-file-name.jks> -storepass jkspass -alias <alias-name> -keypass <keypass>

keytool Importing Certificates in DER and PEM

like image 64
Ali Tofigh Avatar answered Oct 18 '25 08:10

Ali Tofigh

Sign in to Comment

Related questions

Order of declaring methods in java

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!