1

How can I manage keystore in java without using keytool command ?

I know how to load the Key Store from the java code, but this is not what I just want, I want to create a Keystore, Display keys from a keystore or delete a Key entry from a keystore.

Is it possible to do with the java code ?

This is how i am loading the keystore,

KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());

    // get user password and file input stream
    char[] password = getPassword();

    java.io.FileInputStream fis = null;
    try {
        fis = new java.io.FileInputStream("keyStoreName");
        ks.load(fis, password);
    } finally {
        if (fis != null) {
            fis.close();
        }
    }

The instructions are given here to generate a new keystore,

https://docs.oracle.com/javase/6/docs/api/java/security/KeyStore.html

but it just generate an empty keystore, not a keystore with the key inside it.

Improve this question
2
  • 1
    Is keyStoreName in the FileInputStream() an existing keystore? Or did you try to create a new keystore using that name? Commented Dec 1, 2014 at 13:13
  • 1
    @SufiyanGhori When you edit the title, don't add tags. Tags should be in the tags section. Also note that you shouldn't capitalize everything. Commented Dec 1, 2014 at 16:01

2 Answers 2

Reset to default
3

First of all, you have to create an empty keystore before adding a key inside it, and your code wouldn't work because,

To create an empty keystore using the above load method, pass null as the InputStream argument.

See the following example to see how to pass null as argument.

Creating a Keystore,

public static void createStore(String path, String keyStoreName,
            String storePassword) throws KeyStoreException,
            NoSuchAlgorithmException, CertificateException, IOException {
        KeyStore store = KeyStore.getInstance("BKS");
        char[] password = storePassword.toCharArray();
        store.load(null, password);

        FileOutputStream fos = new FileOutputStream(path + keyStoreName);
        store.store(fos, password);
        System.out.println("New Store Created !");
        fos.close();
    }

The above code is copied from my repo, aes-256-java-bks

According to its description, it has all the features which you need,

This simple code allows you to encrypt/decrypt any kind of file using AES-256 standard. It uses Bouncy Castle Keystore for Key Management. Beside Encryption, the code allows you to manage your keystore, like Creating a new Keystore, Loading an existing keystore, adding key to an existing keystore, generating new Key with user Password, deleting key from a keystore or displaying keys from given keystore, all these features could be accessed at runtime, all you need to do is execute the program.

The following codes are from the same repository as mentioned above,

Loading store,

static KeyStore loadStore() throws KeyStoreException,
            FileNotFoundException, IOException, NoSuchAlgorithmException,
            CertificateException {

        KeyStore store = KeyStore.getInstance("BKS");

        InputStream keystoreStream = new FileInputStream(keyStoreLocation);
        store.load(keystoreStream, storePassword.toCharArray());
        System.out.println("Key Store loaded!\n");
        return store;
    }

For security reasons, you cannot display actual keys from the keystore, but you sure could get the list of all the aliases of keys from the keystore,

Check this code,

private static void getAliases() throws KeyStoreException,
            FileNotFoundException, NoSuchAlgorithmException,
            CertificateException, IOException {
        if (store.size() == 0)
            System.out.println("Store is Empty!");
        Enumeration<String> enumeration = store.aliases();
        while (enumeration.hasMoreElements()) {
            String alias = (String) enumeration.nextElement();
            System.out.println("Key Alias: " + alias);
        }
    }

Deleting a Key from keystore,

public static void deleteAlias(String alias) throws KeyStoreException {
        store.deleteEntry(alias);
    }
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

wonderful answer (Y) +1, however, there is just one error. I am running it in eclipse and it is giving error "BKS not found".
add bouncy castle jar in your project then. In Eclipse, right-click on your project, then properties -> Java Build Path -> Libraries -> Add External Jars.
1

Your FileInputStreamis not reading "keystorename" cause it does not exists or it does, but in another location.

According to documentation:

To create an empty keystore using the above load method, pass null as the InputStream argument.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.