stackoom
  简体   繁体   中英

how to load private key in windows store using Java KeyStore

 原文  2017-11-03 18:23:57       java/ windows/ keystore/ mscapi

Question

I am working on this Java project, where i need to load a private key from Windows KeyStore using the provider SunMSCAPI, but i don't supply any password at all, i don't know if i need to do so. this is sample test case of what i'm doing: 

public static void main(String[] args) throws Throwable {
    Provider provider = Security.getProvider("SunMSCAPI");
    KeyStore wins=KeyStore.getInstance("Windows-MY", provider);
    wins.load(null, null);
    Enumeration<String> aliases = wins.aliases();
    while (aliases.hasMoreElements()) {
        String alias = (String) aliases.nextElement();
        System.out.println(alias);
        Certificate[] chain = wins.getCertificateChain(alias);
        X509Certificate[] x509 = CERManager.toX509(chain);
        for (int i = 0; i < x509.length; i++) {
            System.out.println(x509[i].getSubjectX500Principal());
        }
        Key key = wins.getKey(alias, "1234".toCharArray());
        System.out.println(key);

    }

}

when i run this i get some certificate that i imported previously from a pfx file using Adobe Reader, but i can't get the private key corresponding to that certificate, instead, i just get null.

any help around this issue? thanks in advance

1 answers

solution1
 0  2017-11-03 19:02:05

I think i found a solution that solved my problem. I tried to import a pfx in Java using this piece of code 

private static void importPFX(File pfxFile, char pass[]) throws Exception {
    SunMSCAPI providerMSCAPI = new SunMSCAPI();
    Security.addProvider(providerMSCAPI);
    KeyStore wins=KeyStore.getInstance("Windows-MY", providerMSCAPI);
    wins.load(null, null);
    BouncyCastleProvider bcp = new BouncyCastleProvider();
    Security.addProvider(bcp);
    KeyStore pfx = KeyStore.getInstance("PKCS12","BC");
    pfx.load(new FileInputStream(pfxFile), pass);

    Enumeration<String> aliases = pfx.aliases();
    while (aliases.hasMoreElements()) {
        String alias = (String) aliases.nextElement();
        Certificate[] chain = pfx.getCertificateChain(alias);
        X509Certificate x509[]=new X509Certificate[chain.length];
        for (int i = 0; i < chain.length; i++) {
            x509[i]=(X509Certificate) chain[i];
        }
        X500Name x500name = new JcaX509CertificateHolder(x509[0]).getSubject();
        RDN cn = x500name.getRDNs(BCStyle.CN)[0];

        String commonName = IETFUtils.valueToString(cn.getFirst().getValue());
        PrivateKey pkey = (PrivateKey) pfx.getKey(alias, pass);
        System.out.println(pkey);
        wins.setKeyEntry(commonName, pkey, "1234".toCharArray(), new X509Certificate[]{x509[0]});
        wins.store(null, null);
    }
}

and then i used the first code from the question to list the keys and certificates of Windows Key Store, and i got the private key OK.

A important detail, when importing the certificate and the private key, you should just pass the user certificate, no the whole chain. at least is the only way it worked for me.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to use keystore in Java to store private key? Load certificate and private key into Java KeyStore java - how to store a key in keystore How to store private key in android keystore? java using private key with Certificates and Keystore? How to store and load keys using java.security.KeyStore class Store own made key using KeyStore -Java Get private key from MacOS X keystore using Java Import elliptic curve Certificate and Private Key into Java Keystore using java.security.KeyStore How to import certificate chain and private key into java keystore
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM