I'm working on a Java project where I should implement the SSL-protocol on the server-side. This is the first time I will use SSL in my application, so I read a lot about SSL/TLS, and now I want to implement something in Java. I will implement this process using the JSSE API:
Client will connect to me
I will authenticate with my pubic key certificate. I means that I will send the client a public key and its corresponding certificate
The client encrypts the secret-key using my public key and RSA-algorithm and send it to me
I already have the private key and certificate saved on a keystore on my computer. So I am hesitated how to access them from my Java application. I do not know, which are the steps to do to access them, since it is the first time I'm dealing with this kind of stuff
I will use an SSLEngine. So I should first initialize an SSLContext using this code:
// First initialize the key and trust material.
KeyStore ksKeys = KeyStore.getInstance("JKS");
ksKeys.load(new FileInputStream("/.../myKey"), passphrase);
KeyStore ksTrust = KeyStore.getInstance("JKS");
ksTrust.load(new FileInputStream("/../myCertificate"), passphrase);
sslContext = SSLContext.getInstance("TLS");
sslContext.init( kmf.getKeyManagers(), tmf.getTrustManagers(), null);
// We're ready for the engine.
SSLEngine engine = sslContext.createSSLengine(hostname, port);
// Use as client
engine.setUseClientMode(true);
I'm really new to cryptography, and this is the first time I programming this stuff. Any idea?
After being confused, I did a lot of research and I could find the solution. First of all, I will describe the situation then I will give the steps to solve the problem. Like I said in my Post, I had the private key (.key-file) and the certificate (.cer file) and I need to use them in my java-application (server using ssl-protocol). So the first step to do is to create a keystore named.jks-file containing the certificate/key so that I can be able to use them for your java-based-server. To do this step I used the steps described in this link http://blog.jgc.org/2011/06/importing-existing-ssl-keycertificate.html
Now, how can I use my.jks-file in the above posted code?
Well this is a piece of code how to initialize your SSLEngine:
char [] keyphrase="xxx".toCharArray();
char [] passphrase= "yyy".toCharArray();
// First initialize the key and trust material.
KeyStore ksKeys = KeyStore.getInstance("JKS");
InputStream readStream = new FileInputStream(new File("/.../file.jks"));
ks.load(readStream, passphrase );
// create an factory for key-managers
KeyManagerFactory =KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, keyphrase);
SSLContext sslContext = SSLContext.getInstance("TLS");
//initialize the ssl-context
sslContext.init(kmf.getKeyManagers(),null,null);
// We're ready for the engine.
SSLEngine engine = sslContext.createSSLEngine(host, port);
// Use as client
engine.setUseClientMode(true);