Sample code for 30+ languages & platforms
Delphi DLL

Create JCEKS Containing Secret Keys

See more Java KeyStore (JKS) Examples

Demonstrates how to create a JCEKS keystore file containing symmetric secret keys (for AES, Blowfish, HMAC SHA25, ChaCha20, etc.)

This example requires Chilkat v9.5.0.66 or greater.

Chilkat Delphi DLL Downloads

Delphi DLL
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, JavaKeyStore, Prng, StringBuilder, JsonObject;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Boolean;
jceks: HCkJavaKeyStore;
prng: HCkPrng;
aesKey: PWideChar;
blowfishKey: PWideChar;
hmacKey: PWideChar;
chachaKey: PWideChar;
encoding: PWideChar;
password: PWideChar;
filePassword: PWideChar;
sbJson: HCkStringBuilder;
json: HCkJsonObject;

begin
success := False;

// IMPORTANT: This example requires Chilkat v9.5.0.66 or greater.

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

jceks := CkJavaKeyStore_Create();

// We'll need a pseudo-random number generator (PRNG) to generate symmetric keys.
prng := CkPrng_Create();

// Generate some keys..

// 128-bit AES key (16 bytes)
aesKey := CkPrng__genRandom(prng,16,'base64');

// 256-bit Blowfish key (32 bytes)
blowfishKey := CkPrng__genRandom(prng,32,'base64');

// HMAC SHA256 key
// (An HMAC key can be anything, and any length. We'll use the following string:
hmacKey := 'This is my HMAC key';

// ChaCha20 256-bit
chachaKey := CkPrng__genRandom(prng,32,'base64');

// Add each secret key to the JCEKS
encoding := 'base64';
password := 'secret';
CkJavaKeyStore_AddSecretKey(jceks,aesKey,encoding,'AES','my aes key',password);
CkJavaKeyStore_AddSecretKey(jceks,blowfishKey,encoding,'BLOWFISH','my blowfish key',password);
// For HMAC, we're using the us-ascii bytes for the key..
CkJavaKeyStore_AddSecretKey(jceks,hmacKey,'ascii','HMAC_SHA256','my hmac key',password);
CkJavaKeyStore_AddSecretKey(jceks,chachaKey,encoding,'CHACHA','my chacha20 key',password);

filePassword := 'password';
// Write the JCEKs to a file.
success := CkJavaKeyStore_ToFile(jceks,filePassword,'qa_output/secretKeys.jceks');
if (success <> True) then
  begin
    Memo1.Lines.Add(CkJavaKeyStore__lastErrorText(jceks));
    Exit;
  end;

// We can also emit as a JWK Set..
sbJson := CkStringBuilder_Create();
success := CkJavaKeyStore_ToJwkSet(jceks,'secret',sbJson);
if (success <> True) then
  begin
    Memo1.Lines.Add(CkJavaKeyStore__lastErrorText(jceks));
    Exit;
  end;

// Emit the JSON in pretty-printed (indented) form:
json := CkJsonObject_Create();
CkJsonObject_LoadSb(json,sbJson);
CkJsonObject_putEmitCompact(json,False);
Memo1.Lines.Add(CkJsonObject__emit(json));

// Output is:

// { 
//   "keys": [
//     { 
//       "kty": "oct",
//       "alg": "AES",
//       "k": "vHekQQB0Gc1NvppapUTW2g",
//       "kid": "my aes key"
//     },
//     { 
//       "kty": "oct",
//       "alg": "BLOWFISH",
//       "k": "qHsdXaJsXicVCZbK8l8hJQpYOa0GkiO9gsRK9WLtht8",
//       "kid": "my blowfish key"
//     },
//     { 
//       "kty": "oct",
//       "alg": "HMAC_SHA256",
//       "k": "VGhpcyBpcyBteSBITUFDIGtleQ",
//       "kid": "my hmac key"
//     },
//     { 
//       "kty": "oct",
//       "alg": "CHACHA",
//       "k": "yNv832U43C9BcWvaQAH2_rG-GwfmpgT5JBRllWGQY1o",
//       "kid": "my chacha20 key"
//     }
//   ]
// }
// 

CkJavaKeyStore_Dispose(jceks);
CkPrng_Dispose(prng);
CkStringBuilder_Dispose(sbJson);
CkJsonObject_Dispose(json);

end;