Extracting Private key from pkcs12 and text encryption
I don't know what is wrong with your code, but I have code that reads stuff from a key store. I read the file into a KeyStore instance and then access the key or entry as appropriate. Here are some of the relevant calls:
char[] password;
String alias;
java.security.KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
keyStore.load(inputStream, password);
java.security.PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, password);
java.security.keystore.PrivateKeyEntry privateKeyEntry = (PrivateKeyEntry) keyStore.getEntry(alias, new KeyStore.PasswordProtection(password));
To find the alias of the entry you are interested in, I suggest using keytool (comes with JDK):
keytool -list -v -keystore keystore.pkcs12 -storetype pkcs12
You will be prompted for the keystore password and then get information like this:
Keystore type: PKCS12
Keystore provider: SunJSSE
Your keystore contains 1 entry
Alias name: thealias
Creation date: Aug 30, 2013
Entry type: PrivateKeyEntry
Certificate chain length: 2
[... lots of info about the certificates deleted ...]
user2662294
Updated on June 04, 2022Comments
-
user2662294 almost 2 years
I have .p12 file, I am extracting the private key using openssl, I have a password for extracting it.
openssl pkcs12 -in my.p12 -nocerts -out privateKey.pem
And after I get my private key, I'm trying to use that key for encryption:
public static void main(String[] args) throws Exception { Security.addProvider(new BouncyCastleProvider()); KeyPair keyPair = readKeyPair(privateKey, "testpassword".toCharArray()); Cipher cipher = Cipher.getInstance("RSA"); cipher.init(Cipher.ENCRYPT_MODE, keyPair.getPublic()); byte[] textEncrypted = cipher.doFinal("hello world".getBytes()); System.out.println("encrypted: "+new String(textEncrypted)); cipher.init(Cipher.DECRYPT_MODE, keyPair.getPrivate()); byte[] textDecrypted = cipher.doFinal(textEncrypted); System.out.println("decrypted: "+new String(textDecrypted)); } private static KeyPair readKeyPair(File privateKey, char[] keyPassword) throws IOException { FileReader fileReader = new FileReader(privateKey); PEMReader r = new PEMReader(fileReader, new DefaultPasswordFinder(keyPassword)); try { return (KeyPair) r.readObject(); // this returns null } catch (IOException ex) { throw new IOException("The private key could not be decrypted", ex); } finally { r.close(); fileReader.close(); } }
r.readObject(); returns null. But when I create a private key by myself by this command:
openssl genrsa -out privkey.pem 2048
The above code works fine.
- How can I extract private key from p12 file properly?
- Or is there any way to use p12 file for encrypt/decrypt the text without extracting through command line?
I know it is just PKCS#12 is just archaive file which stores keys.