javawebspherekeystorekeytoolkeyset

Websphere keyset not get the latest key


I have a problem with a Websphere keyset. I create a keystore using a public key that was generated on another computer with keytool using this command:

keytool -import -noprompt -alias eeccstore -keystore eeccstore.jks -file D:\Keys\eecc_public.key -storepass password

After that, in Websphere Server I create the KeyStore as follows in the next image:

Keystore usages: Key set keystores

Create keystore in Websphere Server

I use the same password that I use to create the KeyStore with Keytool.

Then I create the keySet in WebSphere Server as follows in the next image:

Create keyset in Websphere Server

In my java code I use the keyset as follows:

KeySetHelper ksh = KeySetHelper.getInstance();
KeyPair key = (KeyPair)ksh.getLatestKeyForKeySet("eeccKeySet");

And the console shows me this:

java.lang.NullPointerException
com.ibm.ws.crypto.config.WSKeySet.getLatestKey(WSKeySet.java:257)
com.ibm.websphere.crypto.KeySetHelper.getLatestKeyForKeySet

I understand that the server can not find any key in the KeySet but I don't know what I could be doing wrong.

Thank you in advance for your support.

Reggard!


Solution

  • After days of searching, I found a solution. Instead to access a KeySet, I access to KeyStore directly and get not the key, but the X509 certificate with wich can create the public key and use it to encrypt any text.

        char [] passch = password.toCharArray();
    
        com.ibm.crypto.provider.JavaKeyStore keystore = new JavaKeyStore();
    
        keystore.engineLoad(new FileInputStream(new File(pathKeyFileJKS)), null);
        KeyStore.TrustedCertificateEntry privKeyEntry =  (TrustedCertificateEntry) 
        keystore.engineGetEntry("eecc-KeyStore", new KeyStore.PasswordProtection(passch)); 
    
        X509CertImpl cert = (X509CertImpl) privKeyEntry.getTrustedCertificate();
    
        cert.checkValidity();
    
        PublicKey publicKey  = cert.getPublicKey();
    

    Where password variable contains the password that I use to create the eecc_public.key file, pathKeyFileJKS contains the path where create the jks file and "eecc-KeyStore" is the name that I use to create my keyStore in WebSphere Server.