|
6.0 (c) 2002 IAIK, (c) 2003 - 2022 SIC |
|
public class P12StoreParameter extends java.lang.Object implements java.security.KeyStore.LoadStoreParameter, P12Algorithms
storing it to an output stream.
P12 store parameters may be used to specify output stream, password and algorithm for protecting
the integrity of the PKCS#12 keystore when storing it to an output stream, e.g.:
// the protection algorithm name
String protectionAlg = "PBES2";
// the keystore password
char[] password = ...;
// create a new PKCS12 KeyStore
KeyStore ks = KeyStore.getInstance("PKCS12", "IAIK");
ks.load(null, null);
// add a key entry
PrivateKey privateKey = ...;
X509Certificate[] certChain = ...;
String keyAlias = ...;
KeyStore.PrivateKeyEntry keyEntry = new KeyStore.PrivateKeyEntry(privateKey, certChain);
P12PasswordProtection pwdProtection = new P12PasswordProtection(password, protectionAlg);
ks.setEntry(keyAlias, keyEntry, pwdProtection);
// add a cert entry
X509Certificate trustedCert = ...;
String certAlias = ...;
KeyStore.TrustedCertificateEntry certEntry = new KeyStore.TrustedCertificateEntry(trustedCert);
P12CertEntryProtection p12Protection = new P12CertEntryProtection(protectionAlg);
ks.setEntry(certAlias, certEntry, p12Protection);
// store keystore
OutputStream os = ...;
P12StoreParameter storeParams = new P12StoreParameter(os, password, protectionAlg);
ks.store(storeParams);
Although it is possible to use any specific supported MAC
algorithm, it is recommended to use the "PBES2" (for security reasons) or
"PBES1" algorithm set (for backwards interoperability reasons to PKCS#12
applications that do not support PBES2 yet).P12KeyStoreP_ALG_DEFAULT, P_ALG_LEGACY, P_ALG_PBES1, P_ALG_PBES2| Constructor and Description |
|---|
P12StoreParameter(java.io.OutputStream os,
char[] password)
Creates P12 store protection parameters for the given output stream and password.
|
P12StoreParameter(java.io.OutputStream os,
char[] password,
java.lang.String protectionAlgorithm)
Creates P12 store protection parameters for the given output stream, password and
protection algorithm.
|
| Modifier and Type | Method and Description |
|---|---|
java.security.KeyStore.ProtectionParameter |
getProtectionParameter()
Gets the protection parameters to be used to protect the integrity of the PKCS#12 KeyStore.
|
void |
setBlockSize(int blockSize)
Sets the block size to be used for encoding the inherent Data package.
|
public P12StoreParameter(java.io.OutputStream os,
char[] password)
throws java.security.NoSuchAlgorithmException
When using this constructor, the PBES2
algorithm set (with HMAC_SHA256) is used to protect the integrity of the PKCS#12 Keystore
when storing it to an output stream.
os - the output stream to which to write the KeyStorepassword - the passwordjava.security.NoSuchAlgorithmException - if the PBES2 algorithm (set) is not supportedpublic P12StoreParameter(java.io.OutputStream os,
char[] password,
java.lang.String protectionAlgorithm)
throws java.security.NoSuchAlgorithmException
os - the output stream to which to write the KeyStorepassword - the passwordprotectionAlgorithm - the name of the protection algorithm (set) to be used,
e.g. "PBES2" or "PBES1"java.security.NoSuchAlgorithmException - if the requested algorithm (set) is not supportedpublic java.security.KeyStore.ProtectionParameter getProtectionParameter()
getProtectionParameter in interface java.security.KeyStore.LoadStoreParameterpublic void setBlockSize(int blockSize)
blockSize - the blockSize to be used for Data encoding (default: 1024 for
indefinite constructed OCTET_STRING encoding; if not positive,
definite primitive encoding will be used)