This code snippet gets the default keystore used by the Java keytool and displays the list of aliases along with the key type (certificate or private key). import java.io.File; import java.io.FileInputSt... The default keystore used by the above code is: $HOME/.keystore .

This procedure sets up an IPSec vpn server on Linux with Preshared Key (PSK) using Openswan . Install Openswan: # yum install openswan Edit /etc/ipsec.conf . This is about the minimum needed to run IPSec server. Instead of running L2TP on port 1701, I'm running TCP on port 8080 so that I can test the setup with nc later. # /etc/ipsec.conf - Openswan IPsec configurati... Edit /etc/ipsec.secrets . # # Preshared key for clients connecting from a... Start IPSec: # /etc/init.d/ipsec start Check status: # ipsec auto --status Monitor IPSec log: # less /var/log/secure If IPSec is running KLIPS, you should see a new nic ( ipsec0 ). There's no ipsec0 if IPSec is running NETKEY. # ifconfig eth0 Link encap:Ethernet HWadd...

This exception occurs when trying to get a private key: PrivateKey privateKey = (PrivateKey) keyStore.getK... Stack trace: Exception in thread "main" java.security.Unrecover... which was caused by giving a wrong private key password. The solution is to correct the key password in your code, or change the password in the keystore to match that in your code: keytool -keypasswd -alias mykey -keypass oldpasswo...

To convert a private key from PEM to DER: openssl pkey –in privateKey.pem –inform PEM –out p... To convert a private key from DER to PEM: openssl pkey –in privateKey.der –inform DER –out p...

This works for JDK1.6 and later. Export the key to a PKCS#12 store, using -importkeystore ! keytool -importkeystore -srckeystore ~/.keystore \... Use openssl to convert the key to PEM (which produces a des3 encrypted key): openssl pkcs12 -in androidplatform.p12 -out androi... If you don't want DES encryption: openssl pkcs12 -in androidplatform.p12 -out androi... Convert both private key and cert to PEM: openssl pkcs12 -in androidplatform.p12 -out androi...

Private key: -----BEGIN PRIVATE KEY----- MIIEvAIBADANBgkqhki... Certificate: -----BEGIN CERTIFICATE----- MIIEqDCCA5CgAwIBAgI... Import the key pair to the debug keystore: $ cat platform.pem platform.x509.pem >platform-key...

When you create a new key with Java keytool , it wraps the public key in a self signed certificate. You can generate a certificate signing request with the keytool -certreq command. After a certificate authority (CA) signs the certificate request, you can import the certificate received (a .crt file) back into the key store. Instead of using a CA, you can sign the certificate request with another key (with openssl, for example). If the certificate is not signed by a CA, you'll receive an error: $ keytool -import -alias android-root -file androi... To fix the problem, import the certificate of the signer: $ keytool -import -trustcacerts -file openssl.crt ... Import the certificate again (alias is the alias of the private key whose certificate was...

Format Name Description PKCS #7 Cryptographic Message Syntax Standard A PKCS #7 file can be used to store certificates, which is a SignedData structure without data (just the certificates). The file name extension is usually .p7b , .p7c PKCS #8 Private-Key Information Syntax Standard. Used to carry private certificate keypairs (encrypted or unencrypted). PKCS #12 Personal Information Exchange Syntax Standard. Defines a file format commonly used to store private keys with accompanying public key certificates, protected with a password-based symmetric key. It is the successor to PFX from Microsoft. DER Distinguished Encoding Rules A binary format for keys or certificates. It is a message transfer syntax specified by the ITU in X.690. PEM Privacy Enhanced Mail Base64 encoded DER certificates or keys, with additional header...

Create an openssl configuration file which enables subject alternative names ( openssl.cnf ): [req] distinguished_name = req_distinguished_... Create a certificate request using above configuration file: C:\work>openssl req -new -key testServer.key -out ... Verify the request was created successfully: C:\work>openssl req -text -noout -in testServer.cs... (Optional) self-sign the certificate request: C:\work>openssl x509 -req -days 3650 -in testServe...

Java's built-in classes are way too complex/flexible for a simple protocol like HTTP. This is a wrapper to simplify HTTP GET and POST. import java.io.*; import java.net.*; imp... A simple test: import java.io.*; import java.util.*; ...