[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-jce] Repost: How to read a PKCS12 File



Normally this should work. However, you should verify the MAC before decrypting the key. IAIK-JCE 2.6 beta also shows the parsing and decrypting usage in class demo.pkcs.PKCS12Create:
 
 
public void start(String fileName) {
 
    try {
 
      // get the certificate chain
      X509Certificate[] certs = IaikKeyStore.getCertificateChain(IaikKeyStore.RSA, IaikKeyStore.SZ_1024);
      // get the private key
      PrivateKey privateKey = IaikKeyStore.getPrivateKey(IaikKeyStore.RSA, IaikKeyStore.SZ_1024);
 
      System.out.println("creating PKCS#12 object...");
      // and now create a new PKCS12 object
      byte[] keyId = new byte[] {0x01, 0x02, 0x03, 0x04};
      KeyBag keyBag = new KeyBag(privateKey, "Wolfgang Platzer's Test ID", keyId);
         
      CertificateBag[] certBags = new CertificateBag[certs.length];
      certBags[0] = new CertificateBag(certs[1]);
      // this certificate corresponds to the private key; I think :-)
      certBags[1] = new CertificateBag(certs[0]);
      certBags[1].setFriendlyName("Wolfgang Platzer's Test ID");
      certBags[1].setLocalKeyID(keyId);
 
      char[] password = "test".toCharArray();
      PKCS12 test_write = new PKCS12(keyBag, certBags, false);
      test_write.encrypt(password);
      OutputStream os;
      if (fileName == null)
        os = new ByteArrayOutputStream();
      else
        os = new FileOutputStream(fileName);
      test_write.writeTo(os);
      os.close();
     
      // now parse the PKCS#12 object
      PKCS12 pkcs12 = null;
      InputStream is = null;
      if (fileName == null) {
         is = new ByteArrayInputStream(((ByteArrayOutputStream)os).toByteArray());
         pkcs12 = new PKCS12(is);
      } else {
         is = new FileInputStream(fileName);
         pkcs12 = new PKCS12(is);
      } 
      if (!pkcs12.verify(password))
        throw new PKCSException("Verification error!");
          
      pkcs12.decrypt(password);
      CertificateBag[] certBag = pkcs12.getCertificateBags();
      java.security.cert.Certificate[] certChain =
            CertificateBag.getCertificates(certBag);
 
      KeyBag kB = pkcs12.getKeyBag();
      PrivateKey pk = kB.getPrivateKey();
 
     
      X509Certificate[] certArray = iaik.utils.Util.convertCertificateChain(certChain);
      int chainLen = certArray.length;
      for (int i = 0; i < chainLen; i++) {
       
        System.out.println(certArray[i].toString());
      }
 
    } catch (Exception ex) {
      ex.printStackTrace();
      throw new RuntimeException();
    }
  }
 
Dieter Bratko

----- Original Message -----
From: Markus Weimer
To: iaik-jce@iaik.at
Sent: Wednesday, March 15, 2000 5:35 PM
Subject: [iaik-jce] Repost: How to read a PKCS12 File


Hi!

my 1st posting was unreadable in  some Mailreaders, so here is a (hopefully)
better version:

--------
I just created a PKCS12-File using the program demo.pkcs.pkcs12.PKCS12Create.
Now I want to read the Certificate in this file using the following lines of
code:


public static X509Certificate readCertificate (String Filename)

 {

  //read the certificate

  PKCS12 PKCS12_OBJECT = new PKCS12(new FileInputStream(Filename));

    // Decrypt the PKCS12-Object using the password "test"

   PKCS12_OBJECT.decrypt("test".toCharArray() );



    // Get the CertificateBags

    CertificateBag[] Cert_Bag = PKCS12_OBJECT.getCertificateBags();

  // Return the certificate

    return Cert_Bag[0].getCertificate();

 }

}

When I start this method with the generated file as parameter it throws the
Exception "iaik.pkcs.PKCSException: Unable to decrypt PrivateKey!" in the
decrypt-line.

Does anyone have any idea what the reason maybe? I'm a total newbie to
java/security/iaik... so any help would be nice.

Thanks in advance.

Markus Weimer



--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-jce