Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>The PKCS#12 format is intended for storing a private key associated with a certificate chain, and both are required (although you might not need the whole chain). Although the <code>PKCS12</code> keystore type does a good job for mapping this format to a Java <code>KeyStore</code>, not everything is supported for this reason.</p> <p>What you're trying to do in your first attempt is storing a certificate on its own, which won't work.</p> <p>What you're trying to do in your second attempt (<code>ks.setKeyEntry("SomeAlias", userCert.getPublicKey().getEncoded(), chain)</code>) is to for a public key in place of what should be a private key (see <a href="http://download-llnw.oracle.com/javase/6/docs/api/java/security/KeyStore.html#setKeyEntry%28java.lang.String,%20byte[],%20java.security.cert.Certificate[]%29" rel="noreferrer"><code>KeyStore#setKeyEntry</code></a>).</p> <p><code>.cer</code> file tend to be just for certificates not private keys (although of course, the extension is ultimately just an indication). If you export your <code>.cer</code> file from <em>Keychain Access.app</em>, you won't get the private key with it (that's what the <code>.p12</code> export format is for).</p> <p><strong>EDIT</strong> about KeychainStore:</p> <p>If the reason you're trying to do this conversion is ultimately to access private keys and certificates that are already in the keychain you could load them from the <code>KeychainStore</code> directly:</p> <pre><code>KeyStore ks = KeyStore.getInstance("KeychainStore", "Apple"); ks.load(null, "-".toCharArray()); </code></pre> <p>A couple of notes for this:</p> <ul> <li>Any non-null, non-empty password will do to use the private key (e.g. <code>"-".toCharArray()</code>), as access will be prompted by the OS's security service (like it would in other applications).</li> <li>As far as I'm aware, there is still a bug and <a href="http://lists.apple.com/archives/java-dev/2007/Aug/msg00278.html" rel="noreferrer">it only allows access to one private key/certificate pair</a> (even if a number of pairs of private key/certificate pairs are present in the keychain)</li> </ul>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload