JDK Tutorials - Herong's Tutorial Notes
Dr. Herong Yang, Version 4.32, 2006

JCA - KeyStore and Related Classes

Part:   1  2   3 

JDK Tutorials - Herong's Tutorial Notes © Dr. Herong Yang

Internationalization

Character Set and Encoding

Socket Communication

Document Object Model (DOM)

XSD Validation in Java

XSL - Transformer in Java

JCA - Private and Public Key Pairs

JCE - Secret Key

SSL (Secure Socket Layer)

SSL - Client Authentication

... Table of Contents

(Continued from previous part...)

Here is the result of my first test. It is done with JDK 1.3.1. 

java -cp . JcaCertificateTest my_home.crt temp.crt

CertificateFactory Object Info:
Type = X.509
Provider = SUN version 1.2
toString = java.security.cert.CertificateFactory@7f5ea7

Certificate Object Info:
Type = X.509
toString = [
[
  Version: V1
  Subject: CN=Herong Yang, OU=My Unit, O=My Home, L=My City, ST=My...
  Signature Algorithm: SHA1withDSA, OID = 1.2.840.10040.4.3

  Key:  Sun DSA Public Key
    Parameters:DSA
        p:     fd7f5381 1d751229 52df4a9c 2eece4e7 f611b752 3cef44...
    455d4022 51fb593d 8d58fabf c5f5ba30 f6cb9b55 6cd7813b 801d346f...
    6b9950a5 a49f9fe8 047b1022 c24fbba9 d7feb7c6 1bf83b57 e7c6a8a6...
    83f6d3c5 1ec30235 54135a16 9132f675 f3ae2b61 d72aeff2 2203199d...
        q:     9760508f 15230bcc b292b982 a2eb840b f0581cf5
        g:     f7e1a085 d69b3dde cbbcab5c 36b857b9 7994afbb fa3aea...
    5159578e bad4594f e6710710 8180b449 167123e8 4c281613 b7cf0932...
    3c167a8b 547c8d28 e0a3ae1e 2bb3a675 916ea37f 0bfa2135 62f1fb62...
    cca4f1be a8519089 a883dfe1 5ae59f06 928b665e 807b5525 64014c3b...

  y:
    9750b0c9 487f59e1 e13fc766 f55e96db 2b4c6103 d75f0290 6424893b...
    ca0cb9dc e2f0ad22 beea9b49 a573fcb4 f327f581 552777a2 809acc4d...
    78d16462 60ce96a3 28f74f81 fbdcb10a 2c3c9a29 33cf0a40 f541e358...
    9de5f594 24367988 0353fa09 1478dc47 8099d4d4 94af32e9 1593b2b3...

  Validity: [From: Sat Jun 1 07:14:44 EDT 2002,
               To: Sat Aug 31 07:14:44 EDT 2002]
  Issuer: CN=Herong Yang, OU=My Unit, O=My Home, L=My City, ST=My ...
  SerialNumber: [    407928a4 ]

]
  Algorithm: [SHA1withDSA]
  Signature: 
0000: 30 2C 02 14 38 CC 05 0E   3D 67 B5 C1 D8 B0 C9 EF  0,..8...=...
0010: 57 0E C5 4F 70 A4 B5 C7   02 14 59 37 68 93 A4 48  W..Op.......
0020: 79 E0 8C 44 8C AD 2B 07   13 3A 8E FF AA 93        y..D..+.....

]

PublicKey Object Info:
Algorithm = DSA
Format = X.509
toString = Sun DSA Public Key
    Parameters:DSA
        p:     fd7f5381 1d751229 52df4a9c 2eece4e7 f611b752 3cef44...
    455d4022 51fb593d 8d58fabf c5f5ba30 f6cb9b55 6cd7813b 801d346f...
    6b9950a5 a49f9fe8 047b1022 c24fbba9 d7feb7c6 1bf83b57 e7c6a8a6...
    83f6d3c5 1ec30235 54135a16 9132f675 f3ae2b61 d72aeff2 2203199d...
        q:     9760508f 15230bcc b292b982 a2eb840b f0581cf5
        g:     f7e1a085 d69b3dde cbbcab5c 36b857b9 7994afbb fa3aea...
    5159578e bad4594f e6710710 8180b449 167123e8 4c281613 b7cf0932...
    3c167a8b 547c8d28 e0a3ae1e 2bb3a675 916ea37f 0bfa2135 62f1fb62...
    cca4f1be a8519089 a883dfe1 5ae59f06 928b665e 807b5525 64014c3b...

  y:
    9750b0c9 487f59e1 e13fc766 f55e96db 2b4c6103 d75f0290 6424893b...
    ca0cb9dc e2f0ad22 beea9b49 a573fcb4 f327f581 552777a2 809acc4d...
    78d16462 60ce96a3 28f74f81 fbdcb10a 2c3c9a29 33cf0a40 f541e358...
    9de5f594 24367988 0353fa09 1478dc47 8099d4d4 94af32e9 1593b2b3...

The result looks very good:

  • The input certificate file was created by "keytool", see the previous chapter for details. It was written in a binary format (DER).

The program can also be used to read in certificate files written in printable format (RFC). Assuming my_home.rfc is a certificate file created by "keytool" in RFC format, the following command will read in the certificate in my_home.rfc without any problem: 

java -cp . JcaCertificateTest my_home.rfc temp.crt

KeyStore Class

java.security.KeyStore is a class representing a key store database in memory. It offers the following major methods:

  • getIntance() - Returns a KeyStore object of the specified key store type of the implementation of the specified security package provider. If not specified, the default provider will be used.
  • load() - Deletes all entries and loads all entries of a key store from the specified input stream with the specified password.
  • store() - Stores all entries to the output stream with the specified password.
  • size() - Returns the number of entries.
  • aliases() - Returns alias names of all entries as Enumeration object.
  • deleteEntry() - Deletes the entry of the specified alias name.
  • getCertificate() - Returns the certificate of the entry of the specified alias name. If the specified entry is a key entry, it returns the first certificate of the certificate chain.
  • getCertificateChain() - Returns the certificate chain as a Certificate array of the entry of the specified alias name. If the specified entry is a certificate entry, it returns null.
  • getKey() - Returns the key of the entry of the specified alias name with the specified password. If the specified entry is a certificate entry, it returns null.
  • setCertificateEntry() - Inserts a new certificate entry with the specified alias name and the specified certificate.
  • setKeyEntry() - Inserts a new key entry with the specified alias name, the specified certificate chain, and the specified password.
  • isKeyEntry() - Returns true if the entry with the specified alias name is a key entry.
  • isCertificateEntry() - Returns true if the entry with the specified alias name is a certificate entry.
  • getType() - Returns the type of this KeyStore.
  • getProvider() - Returns the security package provider of this KeyStore.

(Continued on next part...)

Part:   1  2   3 

Dr. Herong Yang, updated in 2006
JDK Tutorials - Herong's Tutorial Notes - JCA - KeyStore and Related Classes