Topic
1 reply Latest Post - ‏2012-03-06T14:30:53Z by pbaze
pbaze
pbaze
2 Posts
ACCEPTED ANSWER

Pinned topic IBMJCE KeyStore fails to retrieve private key entry from pkcs12 file

‏2012-03-02T19:15:04Z |
Problem:
When I load a PKCS12 file into a KeyStore with provider IBMJCE the private key entry alias is only recognized as a trusted certificate entry. However, when I use BouncyCastle or SUN as the provider for the KeyStore I'm able to obtain the private key from the pkcs12 file.

Sample code for loading the PKCS12 file:



final KeyStore pkcs12Store = KeyStore.getInstance(
"PKCS12"); pkcs12Store.load(pkcs12File, password.toCharArray());   

for (Enumeration<String> aliases = pkcs12Store.aliases(); aliases.hasMoreElements();) 
{ alias = aliases.nextElement(); 

if (pkcs12Store.isKeyEntry(alias)) 
{ 
// Never 
} 

else 

if (pkcs12Store.isCertificateEntry(alias)) 
{ 
// Always Key k = pkcs12Store.getKey(alias, password.toCharArray()); 

if (k == 

null) 
// Always 
} 
}


PKCS12 file generation:

I'm programatically generating the PKCS12 file. I use KeyStore (Provider: SUN) to generate the key pair and X509Certificate to create the certificate. The only certificate extension I specify is the key usage for digital_signature and non_repudiation.

Thanks.
Updated on 2012-03-06T14:30:53Z at 2012-03-06T14:30:53Z by pbaze
  • pbaze
    pbaze
    2 Posts
    ACCEPTED ANSWER

    Re: IBMJCE KeyStore fails to retrieve private key entry from pkcs12 file

    ‏2012-03-06T14:30:53Z  in response to pbaze
    Solution:
    I only had CN defined in the distinguished name of the Subject for the X509 cert. The minimum to get it to work properly seems to be two attributes, i.e. CN & OU.