Most of the operations that keytool
(at least those that I know) can be recreated using java.security.*
classes with some aditional utilities classes, for example, to create a new pair of keys you can use:
private static final String ALGORITHM = "RSA";
private static final String PROVIDER = "BC";
private PrivateKey privateKey;
private PublicKey publicKey;
...
public void generateNewKeyPair() {
try {
KeyPairGenerator keyGen = KeyPairGenerator.getInstance(ALGORITHM, PROVIDER);
keyGen.initialize(2048, new SecureRandom());
KeyPair keypair = keyGen.genKeyPair();
privateKey = keypair.getPrivate();
publicKey = keypair.getPublic();
} catch (Exception e) {
LOG.error("Error creating keyPair", e);
}
}
Here is an example of retrieving a KeyPair
from a KeyStore
Here is an (more elaborated) example that not only creates the KeyPair
, but also stores it in a file
You can also serialize the KeyPair
alongside a expiration timestamp as a SealedObject to simulate both the validity
parameter and the storage provided by keytool
EDIT: SealedObject alone won't give you the validity
parameter simulation, is the timestamp stored alongside with the keypair (in a SealedObject
) that will "simulate" an expiration date (which can be seen as the validity of the key). For example:
class KeyWithExpiration {
private PublicKey publicKey;
private Date expirationDate;
}
public static void serializeEncrypted(File file, Serializable instance) {
// With these lines, I hope to expose some of the craft that is needed to work with the API
PBEKeySpec keySpecObj = new PBEKeySpec(PASSWORD, SALT, ITERATIONS);
Cipher ecipherObj = Cipher.getInstance(keyObj.getAlgorithm());
SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(ALGORITHM);
SecretKey keyObj = secretKeyFactory.generateSecret(keySpecObj);
SealedObject sealedObject = new SealedObject(instance, ecipherObj);
ObjectOutputStream objOutputStream = new ObjectOutputStream(new FileOutputStream(file));
objOutputStream.writeObject(sealedObject);
objOutputStream.close();
}
// Generate a new KeyWithExpiration
KeyWithExpiration key = new KeyWithExpiration(keyPair, DateUtil.future().days(365));
serializeEncrypted(new File(".key"), key);
Thats why the API plus some utility classes are needed to achieve some of the functionality provided by keytool