- Java Cryptography Tutorial
- Java Cryptography - Home
- Java Cryptography - Introduction
- Message Digest and MAC
- Java Cryptography - Message Digest
- Java Cryptography - Creating a MAC
- Keys and Key Store
- Java Cryptography - Keys
- Java Cryptography - Storing keys
- Java Cryptography - Retrieving keys
- Generating Keys
- KeyGenerator
- KeyPairGenerator
- Digital Signature
- Creating Signature
- Verifying Signature
- Java Cryptography Resources
- Java Cryptography - Quick Guide
- Java Cryptography - Resources
- Java Cryptography - Discussion
Java Cryptography - Storing keys
The Keys and certificates used/generated are stored in a data base called as keystore. By default this database is stored in a file named .keystore.
You can access the contents of this database using the KeyStore class of the java.security package. This manages three different entries namely, PrivateKeyEntry, SecretKeyEntry, TrustedCertificateEntry.
- PrivateKeyEntry
- SecretKeyEntry
- TrustedCertificateEntry
Storing a Key in keystore
In this section, we will learn how to store a key in a keystore. To store a key in the keystore, follow the steps given below.
Step 1: Create a KeyStore object
The getInstance() method of the KeyStore class of the java.security package accepts a string value representing the type of the keystore and returns a KeyStore object.
Create an object of the KeyStore class using the getInstance() method as shown below.
//Creating the KeyStore object
KeyStore keyStore = KeyStore.getInstance("JCEKS");
Step 2: Load the KeyStore object
The load() method of the KeyStore class accepts a FileInputStream object representing the keystore file and a String parameter specifying the password of the KeyStore.
In general, the KeyStore is stored in the file named cacerts, in the location C:/Program Files/Java/jre1.8.0_101/lib/security/ and its default password is changeit, load it using the load() method as shown below.
//Loading the KeyStore object char[] password = "changeit".toCharArray(); String path = "C:/Program Files/Java/jre1.8.0_101/lib/security/cacerts"; java.io.FileInputStream fis = new FileInputStream(path); keyStore.load(fis, password);
Step 3: Create the KeyStore.ProtectionParameter object
Instantiate the KeyStore.ProtectionParameter as shown below.
//Creating the KeyStore.ProtectionParameter object KeyStore.ProtectionParameter protectionParam = new KeyStore.PasswordProtection(password);
Step 4: Create a SecretKey object
Create the SecretKey (interface) object by instantiating its Sub class SecretKeySpec. While instantiating you need to pass password and algorithm as parameters to its constructor as shown below.
//Creating SecretKey object SecretKey mySecretKey = new SecretKeySpec(new String(keyPassword).getBytes(), "DSA");
Step 5: Create a SecretKeyEntry object
Create an object of the SecretKeyEntry class by passing the SecretKey object created in the above step as shown below.
//Creating SecretKeyEntry object KeyStore.SecretKeyEntry secretKeyEntry = new KeyStore.SecretKeyEntry(mySecretKey);
Step 6: Set an entry to the KeyStore
The setEntry() method of the KeyStore class accepts a String parameter representing the keystore entry alias, a SecretKeyEntry object, a ProtectionParameter object and, stores the entry under the given alias.
Set the entry to the keystore using the setEntry() method as shown below.
//Set the entry to the keystore
keyStore.setEntry("secretKeyAlias", secretKeyEntry, protectionParam);
Example
The following example stores keys into the keystore existing in the “cacerts” file (windows 10 operating system).
import java.io.FileInputStream;
import java.security.KeyStore;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
public class StoringIntoKeyStore{
public static void main(String args[]) throws Exception {
//Creating the KeyStore object
KeyStore keyStore = KeyStore.getInstance("JCEKS");
//Loading the KeyStore object
char[] password = "changeit".toCharArray();
String path = "C:/Program Files/Java/jre1.8.0_101/lib/security/cacerts";
java.io.FileInputStream fis = new FileInputStream(path);
keyStore.load(fis, password);
//Creating the KeyStore.ProtectionParameter object
KeyStore.ProtectionParameter protectionParam = new KeyStore.PasswordProtection(password);
//Creating SecretKey object
SecretKey mySecretKey = new SecretKeySpec("myPassword".getBytes(), "DSA");
//Creating SecretKeyEntry object
KeyStore.SecretKeyEntry secretKeyEntry = new KeyStore.SecretKeyEntry(mySecretKey);
keyStore.setEntry("secretKeyAlias", secretKeyEntry, protectionParam);
//Storing the KeyStore object
java.io.FileOutputStream fos = null;
fos = new java.io.FileOutputStream("newKeyStoreName");
keyStore.store(fos, password);
System.out.println("data stored");
}
}
Output
The above program generates the following output −
System.out.println("data stored");