AppletTalk.com Java discussions newsgroups   Archives   FAQ   Search   Memberlist   Usergroups   Register   Profile   Log in to check your private messages   Log in  Storing PublicKey and PrivateKey in a program          AppletTalk.com Forum Index -> Java Help View previous topic :: View next topic   Author Message pershing Guest Posted: Tue Nov 21, 2006 9:36 pm    Post subject: Storing PublicKey and PrivateKey in a program Is it possible to store in permanance a pair of cryptographic Public/Private keys in a program ? I know I can dump it into a file but I would like to have 2 constants in my program instead of reading each time from the files. I would like something that would look like this: private final PublicKey publicKey = some gibberish goes here private final PrivateKey privateKey = some more gibberish goes here So far I have tried the following: I have generated a pair of keys, turned the private key into byte[] format, dumped the result into my screen, copy/pasted whatever appeared into a String variable which in turn was transformed into byte[] and then I tried without success to convert into PKCS8EncodedKeySpec. Any help would be much appreciated Thanks Back to top Luc The Perverse Guest Posted: Wed Nov 22, 2006 6:24 pm    Post subject: Re: Storing PublicKey and PrivateKey in a program "bver" <bverbeken (AT) gmail (DOT) com> wrote in message news:1164194118.565966.206800 (AT) e3g2000cwe (DOT) googlegroups.com... Quote: What I would do is use the Keystore. All you need is a keystore file (which should be a secure safe for all your keys), load that file in a KeyStore object and get your keys from it. FileInputStream is = new FileInputStream("pat-to-keystore-file"); KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); char[] pwd = "keystore-pwd".toCharArray(); keystore.load(is, pwd); And from then on, you can just reference keys by alias e.g. Key key = keystore.getKey("anAlias", pwd); See the KeyStore doc for more info: http://java.sun.com/j2se/1.4.2/docs/api/java/security/KeyStore.html You can also use the keytool to create your keystore file: http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html Is it prudent to advise people to store a keypair in an unencrypted file? -- LTP :) Back to top bver Guest Posted: Wed Nov 22, 2006 7:51 pm    Post subject: Re: Storing PublicKey and PrivateKey in a program On Nov 22, 1:24 pm, "Luc The Perverse" <sll_noSpamlicious_z_XX...@cc.usu.edu> wrote: Quote: "bver" <bverbe...@gmail.com> wrote in messagenews:1164194118.565966.206800 (AT) e3g2000cwe (DOT) googlegroups.com... What I would do is use the Keystore. All you need is a keystore file (which should be a secure safe for all your keys), load that file in a KeyStore object and get your keys from it. FileInputStream is = new FileInputStream("pat-to-keystore-file"); KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); char[] pwd = "keystore-pwd".toCharArray(); keystore.load(is, pwd); And from then on, you can just reference keys by alias e.g. Key key = keystore.getKey("anAlias", pwd); See the KeyStore doc for more info: http://java.sun.com/j2se/1.4.2/docs/api/java/security/KeyStore.html You can also use the keytool to create your keystore file: http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.htmlIs it prudent to advise people to store a keypair in an unencrypted file? -- LTP :) Well, first of all: keystore files are encrypted. From the keytool manual (http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html ): "keytool stores the keys and certificates in a so-called keystore. The default keystore implementation implements the keystore as a file. It protects private keys with a password." Secondly, if you 'encrypt' the file containing your keys, where are you going to keep the key to decrypt your keyfile? In an unencrypted file? Or an encrypted one, for which you need to store the key somewhere, and so on. I mean, there is always a vulnerability, and if you use asymmetric algorithms, the vulnerability is the private key. Or am I wrong? Back to top pershing Guest Posted: Wed Nov 22, 2006 11:56 pm    Post subject: Re: Storing PublicKey and PrivateKey in a program bver wrote: Quote: What I would do is use the Keystore. All you need is a keystore file (which should be a secure safe for all your keys), load that file in a KeyStore object and get your keys from it. FileInputStream is = new FileInputStream("pat-to-keystore-file"); KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); char[] pwd = "keystore-pwd".toCharArray(); keystore.load(is, pwd); And from then on, you can just reference keys by alias e.g. Key key = keystore.getKey("anAlias", pwd); See the KeyStore doc for more info: http://java.sun.com/j2se/1.4.2/docs/api/java/security/KeyStore.html You can also use the keytool to create your keystore file: http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html That sounds like a good idea, however I am also making an applet which would contain only the public key (it is an Applet-to-server application). Since the applet will be signed (with a different key), the integrity of my code will be preserved thus I don`t need to worry if someone changes the public key inside the Applet code. I know I can request the certificate from the server side to get the public key for the applet each time I want to send encrypted data but it would save me some validations if the public key would be already embedded in the signed Applet. Thanks for any help Back to top Display posts from previous: All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First         AppletTalk.com Forum Index -> Java Help All times are GMT Page 1 of 1   Jump to: Select a forum Java Newsgroups----------------Java DiscussionsWeb-based java games comp.lang.java 3D Graphics API's for Java Java: Support and criticism Java System Announcements comp.lang.java.api JavaBeans Java and CORBA Java and Databases comp.lang.java.developer Java GUI Toolkits Java Help comp.lang.java.javascript JVM, native methods and hardware comp.lang.java.misc Java Language Programming Security and Java comp.lang.java.setup Java Software Tools comp.lang.java.tech ibm.software.java.linux  Non-English Java Newsgroups----------------Java Language (German)Language Java (Français)Java (Italian)  You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum Powered by phpBB © 2001, 2006 phpBB Group SEO toolkit © 2004-2006 webmedic.