Login/Register
configuring SSLContext using existing SSL key/certificate pair in java (JSSE API)
Asked Answered
Solved sslpublic-key-encryptionpublic-keyjsse
W

2

0

I'm working on a Java project where I should implement the SSL-protocol on the server-side. This is the first time I will use SSL in my application, so I read a lot about SSL/TLS, and now I want to implement something in Java. I will implement this process using the JSSE API:

  1. Client will connect to me

  2. I will authenticate with my pubic key certificate. I means that I will send the client a public key and its corresponding certificate

  3. The client encrypts the secret-key using my public key and RSA-algorithm and send it to me

I already have the private key and certificate saved on a keystore on my computer. So I am hesitated how to access them from my Java application. I do not know, which are the steps to do to access them, since it is the first time I'm dealing with this kind of stuff

I will use an SSLEngine. So I should first initialize an SSLContext using this code:

// First initialize the key and trust material.
KeyStore ksKeys = KeyStore.getInstance("JKS");
ksKeys.load(new FileInputStream("/.../myKey"), passphrase);
KeyStore ksTrust = KeyStore.getInstance("JKS");
ksTrust.load(new FileInputStream("/../myCertificate"), passphrase);

sslContext = SSLContext.getInstance("TLS");
sslContext.init( kmf.getKeyManagers(), tmf.getTrustManagers(), null);
// We're ready for the engine.
SSLEngine engine = sslContext.createSSLengine(hostname, port);

// Use as client
engine.setUseClientMode(true);

I'm really new to cryptography, and this is the first time I programming this stuff. Any idea?

Womb answered 7/9, 2015 at 8:4 Comment(7)
You have also the private key where? Why isn't all this stuff already in a keystore?Idiographic
I do know. I am really new in this field. I know at least the path to them. Shoud I use InputStream to read them and then load them to my Keystore?Womb
is it the right way?Womb
I am really sorry. I have said that I do not know why?. I have them on my computer (I know at least the path to them)Womb
And they got there how? Magic? Who generated the private key? In what format? Who generated the CSR? Who signed it? How was the signed certificate and its signer chain provided?Idiographic
sorry. I think, it is already in a Keystore like you said in your first comment. It was already generated and is already on my computer. I should access that keystore with my java-application.Womb
When I have already the keystore on my computer, How can I access them from my java-application to be able to send my public key and certificate to the client?Womb
W
1

After being confused, I did a lot of research and I could find the solution. First of all, I will describe the situation then I will give the steps to solve the problem. Like I said in my Post, I had the private key (.key-file) and the certificate (.cer file) and I need to use them in my java-application (server using ssl-protocol). So the first step to do is to create a keystore named.jks-file containing the certificate/key so that I can be able to use them for your java-based-server. To do this step I used the steps described in this link http://blog.jgc.org/2011/06/importing-existing-ssl-keycertificate.html

Now, how can I use my.jks-file in the above posted code?

Well this is a piece of code how to initialize your SSLEngine:

char [] keyphrase="xxx".toCharArray();
char [] passphrase= "yyy".toCharArray();

// First initialize the key and trust material.
KeyStore ksKeys = KeyStore.getInstance("JKS");
InputStream readStream = new FileInputStream(new File("/.../file.jks"));
ks.load(readStream, passphrase );
// create an factory for key-managers
KeyManagerFactory   =KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, keyphrase);
SSLContext sslContext = SSLContext.getInstance("TLS");
//initialize the ssl-context
sslContext.init(kmf.getKeyManagers(),null,null);
// We're ready for the engine.
SSLEngine engine = sslContext.createSSLEngine(host, port);
// Use as client
engine.setUseClientMode(true);
Womb answered 8/9, 2015 at 9:48 Comment(2)
As I already said in my answer, you don't need to write code for this. You can do it all with system properties.Idiographic
Ok. Yes I know. This was new for me. I have used this link https://mcmap.net/q/36045/-ssl-and-cert-keystore to get an idea about it. The first problem that I had (in my post) is how to get a .jks-file, since I cannot use the materials without having .jks-format. Thank you for your adviceWomb
I
1

At the server, both the public key and its certificate go into the KeyStore, along with the original private key, all under the same alias.

If the certificate is self-signed, you'll need to export it from there into the client's truststore.

You don't need to write code for this. Just set the system properties:

javax.net.ssl.keyStore
javax.net.ssl.keyStorePassword
javax.net.ssl.trustStore

as appropriate.

Idiographic answered 7/9, 2015 at 8:27 Comment(2)
the certificate is not self signed. So should I send the public key and the certificate to client, so that it can identifiy me?Womb
If you read my answer again, attentively, you will see that I didn't specify any required action if your certificate isn't self-signed,Idiographic
W
1

After being confused, I did a lot of research and I could find the solution. First of all, I will describe the situation then I will give the steps to solve the problem. Like I said in my Post, I had the private key (.key-file) and the certificate (.cer file) and I need to use them in my java-application (server using ssl-protocol). So the first step to do is to create a keystore named.jks-file containing the certificate/key so that I can be able to use them for your java-based-server. To do this step I used the steps described in this link http://blog.jgc.org/2011/06/importing-existing-ssl-keycertificate.html

Now, how can I use my.jks-file in the above posted code?

Well this is a piece of code how to initialize your SSLEngine:

char [] keyphrase="xxx".toCharArray();
char [] passphrase= "yyy".toCharArray();

// First initialize the key and trust material.
KeyStore ksKeys = KeyStore.getInstance("JKS");
InputStream readStream = new FileInputStream(new File("/.../file.jks"));
ks.load(readStream, passphrase );
// create an factory for key-managers
KeyManagerFactory   =KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, keyphrase);
SSLContext sslContext = SSLContext.getInstance("TLS");
//initialize the ssl-context
sslContext.init(kmf.getKeyManagers(),null,null);
// We're ready for the engine.
SSLEngine engine = sslContext.createSSLEngine(host, port);
// Use as client
engine.setUseClientMode(true);
Womb answered 8/9, 2015 at 9:48 Comment(2)
As I already said in my answer, you don't need to write code for this. You can do it all with system properties.Idiographic
Ok. Yes I know. This was new for me. I have used this link https://mcmap.net/q/36045/-ssl-and-cert-keystore to get an idea about it. The first problem that I had (in my post) is how to get a .jks-file, since I cannot use the materials without having .jks-format. Thank you for your adviceWomb

© 2022 - 2024 — McMap. All rights reserved.