one of tasks of java application building connect remote sftp server. in order have certificate of remote machine , local identity (id_rsa , id_rsa.pub in .ssh folder). working fine.
i'd put certificate , identity in password protected java keystore easier , more secure configuration. have working certificate, having problems storing ssh identity in jks or pkcs12 keystore (either 1 work).
to isolate problem have tried following steps:
i use ssh-keygen -b 2048 create 2 identity files id_rsa_demo , id_rsa_demo.pub in te local directory. understand these private , public keys of identity, try combine identity.p12 file:
openssl pkcs12 -export \ -inkey "id_rsa_demo" \ -in "id_rsa_demo.pub" \ -out "identity.p12" \ -password "pass:topsecret" \ -name "demoalias" this gives me error unable load certificates. searched around , seems openssl expects certificate complete chain -in parameter. since generated identity not have that, tried -nocerts option, so:
openssl pkcs12 -export \ -inkey "id_rsa_demo" \ -in "id_rsa_demo.pub" \ -out "identity.p12" \ -password "pass:topsecret" \ -name "demoalias" \ -nocerts i no errors, -nocerts option lives promise , not add public key pkcs12 file:
openssl pkcs12 -info -in identity.p12 enter import password: mac iteration 2048 mac verified ok pkcs7 data shrouded keybag: pbewithsha1and3-keytripledes-cbc, iteration 2048 bag attributes friendlyname: demoalias key attributes: <no attributes> enter pem pass phrase: verifying - enter pem pass phrase: -----begin encrypted private key----- miifdjbabgkqhkig9w0bbq0wmzabbgkqhkig9w0bbqwwdgqiaoxpzckbb28cagga mbqgccqgsib3dqmhbajpq9ibr445xqscbmi5ilok5f28kqpb5d97afiub5d3it46 ... ejwyfhtj6bm+deouk68znrwwkqwujx5azv3u8sm1cicvmh9w0hpl5tsmmmpds1ey uos= -----end encrypted private key----- is there way store ssh identity pkcs12 or jks keystore?
supposing have private key looks this:
id_rsa
-----begin rsa private key----- miicwgibaakbgqch3czej+keeraesxts3xp6kx+co/fu8roc/k4hsl7fo9jfz6lm osglzsrsi8vdg9n/fh6ifng/umgnfd4j0iilqihsrynvyosqqxbij8mbtydqo4s+ cjzlldrsemx3dw6ghfocq7xyyoeumny8qfidpn2ljurfmxg9xworcww8rwibjqkb gga+sspjzcajv9p7yx4jxrcqgx99lnlrepsy4lj7ybuqgoqug6t84dg1woays8dh eroxgsibmr3d+l2jhd0v4ntckqzjm6nf1fe27v0hvpzzl3fnax4ni/cixm78zbx4 lbblr5qmyntsd5eadicdy7tzhuscrpkpviq2x9qpayq9akea67lfoxfej8ityhdu ykvj0xqcs/pedx5nyxcej2xecxgxfkyvbqpazo5acgp1vsgfmcsd4rdswahoagke rgfgcwjbak/kfksqmclga8m19uqofttq+ghfc0o1lchwq0a99+b9rcs0yae10gcn sbgremmuxeqs1emt6zhm7kih2p7kig0cqqdspyxh/tzjiwdzf0cjirdmit+ncjks 9dkw2fltkh2nwsraap1858mleowkoys/j81gov76nbunlhwppy2uhiivakbybor8 g11+aa6qrwhkqmd4vuzresgr62gtpt+dnde74o4i8c3bfnowyllu3asp5rhjgdbc svheksmbyha2ohnnakaikqdv08uag77piji09ofiecettiq/wy9zeb6fmeumfzst 2ar6x0d43oxqagckfgfuzqdxgxqhp/n9/eiqxdva -----end rsa private key-----
do 2 things:
1) create certificate wrap key , expose public key certificate, keytool understands it.
openssl x509 -signkey id_rsa -req -in example.req 2) create self-signed certificate new request.
openssl x509 -signkey id_rsa -req -in example.req -out example.cer then, combine certificate , private key, , import keytool.
cat example.cer id_rsa > example.full keytool -import -keystore example.jks -file example.full this keys in there. utilizing private , public keys , interacting ssh/sftp library of choice left exercise.
Comments
Post a Comment