Hi Andy,
My prior post might help you (below). I basically decrypted the
original key (using "openssl pkcs8") I had generated with OpenSSL (a RSA
key), and at the same time, it was converted to a PKCS8 format.
I stripped off the header and footer from the decrypted PKSC8 file
("-----BEGIN RSA PRIVATE KEY-----" and "-----END RSA PRIVATE KEY-----").
Then, I read in the file (FileInputStream) and Base 64 decrypted the
file read.
>From that, I had the Base 64 decrypted bytes, and you can follow from
the Java code I posted below.
Hope this helps,
Mike
-----Original Message-----
From: McCune, Michael
Sent: Thursday, May 27, 2004 12:58 PM
To: 'Tim Bond'; [EMAIL PROTECTED]
Subject: RE: Store an OpenSSL generated private key in a Java (Sun)
keystore
Tim,
Thanks for your suggestion...it looks like I've got it to work. I
initially generated a RSA key with "des3", using "openssl genrsa".
I took that key (keytest.pem), and fed it into:
openssl pkcs8 -nocrypt -in keytest.pem -topk8 -out keytest8.pem
That gave me an unencrypted PKCS8 key, which I fed the Base 64 decoded
bytes into the following Java code:
PKCS8EncodedKeySpec privKeySpec = new
PKCS8EncodedKeySpec( keyBytes );
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
privKey = keyFactory.generatePrivate( privKeySpec );
Then, I programmatically added it to the Java KeyStore.
Thanks again,
Mike
-----Original Message-----
From: Tim Bond [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 26, 2004 11:08 AM
To: [EMAIL PROTECTED]
Subject: Re: Store an OpenSSL generated private key in a Java (Sun)
keystore
Mike,
Encrypted private keys are usually in PKCS#8 EncryptedPrivateKeyInfo
format. In order to get it into a Java keystore, you should put the
keypair into a PKCS#12 file and import it. See the pkcs8 and pkcs12 man
pages . . .
-- Tim
>>Hi All,
>>
>>I want to store an OpenSSL generated private key in a Java (Sun)
>>keystore.
>>
>>The OpenSSL private key is password protected. Can anyone tell me the
>>basics of how it's encrypted? A simple cipher? Or, can someone point
>>me to the OpenSSL code to look at for this?
>>
>>If I know how to de-cipher it, I can load it into a Java security
>>class for a PrivateKey, and then get it into a Java keystore.
>>
>>I guess my other option is to generate the private key without
>>password protection. In this case, is the key simply stored in a Base
>>64 encoded format?
>>
>>Thanks,
>>Mike
>>
>>
>______________________________________________________________________
>OpenSSL Project http://www.openssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
>
>
>
--
Tim
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Andrew B.
Michaelis
Sent: Thursday, June 24, 2004 12:19 PM
To: [EMAIL PROTECTED]
Subject: Question on Converting a private key file.
Greetings all,
I am new to this list. I am also new to understanding a lot of SSL
encryction. What I am attemting to/need to do is to take an existing
private key created with the openSSL tool and the certificate reponse
from verisign and be able to use it with tomcat. We have just installed
/ converted from apache listener ( bundled with oracle 9ias ) to the
Jakarta tomcat. Tomcat uses java's keytool to generate a "keystore"
which consists of the private key and the CAs certificate. I am able to
load the CAs root, and the CAs certificate into keytore. But I am unable
to load the original private key file created with openSSL. The keytool
says it is not x509 format. Is there a way using openssl, subcommands of
x509 or other to convert an existing key file from PEM or DER to x509
or PKCS#7 ( this format can be used by keytool as well ) Many thanks in
advance for any help you can offer.
--
Andy
Andrew B. Michaelis
Database Administrator & Systems Manager
Office of Administrative Technologies
Oswego State University
[EMAIL PROTECTED]
315.312.3514
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
