Re: ftp ssl cert
On Thu, 26 Aug 2010, bcr666 wrote:
I need to write a ftp/ssl program (done actually) but I need to secure
it, and I was provided 2 files from the destination (keycert.txt &
trusted.txt).
The keycert.txt has the following in it:
-----BEGIN ENCRYPTED PRIVATE KEY-----
MII ...snip...
-----END ENCRYPTED PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MII ...snip...
-----END CERTIFICATE-----
The trusted.txt has the following in it:
-----BEGIN CERTIFICATE-----
MII ...snip...
-----END CERTIFICATE-----=
Notice the MII in the certificate/key areas. I suspect that it is RSA.
The OpenSSL command-line tools will let you verify this, inspect the
contents, convert them into other formats, and so on and so forth. It's a
very useful package to have if you're doing crypto stuff. For instance:
x509 -text -inform PEM -in trusted.txt
Will tell you all about the certificate, if it is indeed PEM.
I guess I'm supposed to import these into a keystore then use
.....
KeyManager keyManager = null;
TrustManager trustManager = null;
try {
keyManager = getKeyManagers()[0];
trustManager = getTrustManagers()[0];
}
catch (Exception ex) {
ex.printStackTrace();
}
ftps.setControlEncoding("UTF-8");
ftps.setKeyManager(keyManager);
ftps.setTrustManager(trustManager);
.....
Can someone tell me if I'm on the right track, and how to import the
files into a keystore?
The JDK's keytool will do this. Something like:
keytool -importcert -file trusted.txt
For the private key, keytool will import from anything it considers a
keystore. Your file looks like it's PKCS#8, which i don't think keytool
supports (although you could try). You could use OpenSSL to convert it to
PKCS#12 (i think?), which i think keytool can import.
To be honest, i find this whole business of cryptographic file formats and
key management operations completely baffling, so this could all be
nonsense.
tom
--
I'd get more sense out of a crossed line with the Krankies