Sample code for 30+ languages & platforms
Delphi DLL

Add Private Key to Java Keystore

See more Java KeyStore (JKS) Examples

Adds a private key to an existing Java keystore.

Chilkat Delphi DLL Downloads

Delphi DLL
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, XmlCertVault, JavaKeyStore, PrivateKey, Cert, Pfx;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Boolean;
jks: HCkJavaKeyStore;
jksPassword: PWideChar;
jksPath: PWideChar;
cert: HCkCert;
certVault: HCkXmlCertVault;
privKey: HCkPrivateKey;
alias: PWideChar;
pfx: HCkPfx;

begin
success := False;

// This requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

jks := CkJavaKeyStore_Create();

jksPassword := 'myJksPassword';
jksPath := '/someDir/keyStore.jks';

// Load the Java keystore from a file.
success := CkJavaKeyStore_LoadFile(jks,jksPassword,jksPath);
if (success <> True) then
  begin
    Memo1.Lines.Add(CkJavaKeyStore__lastErrorText(jks));
    Exit;
  end;

// A JKS private key entry consists of both the private key,
// it's associated certificate (which contains the matching public key
// within the X.509 of the certificate), and the certificates in the
// chain of authentication to the root.
// 
// Therefore, to add a private key entry to a JKS requires
// a Chilkat certificate object that has a private key and which also
// has the certificate chain (up to the root) available.

// There are many ways to get a Chilkat certificate object
// that contains (within it) the private key and the certificate chain
// This example will show two possibilities:
// (1) Where the cert and issuing root are provided in PEM format in .crt files,
// and the private key is also provided in unencrypted PEM format (.key file).
// (2) Where the cert, private key, and issuing root are provided in a single PFX.

// First for the .crt / .key files:
cert := CkCert_Create();

// Chilkat will automatically determine the format of the cert file and load it correctly.
success := CkCert_LoadFromFile(cert,'/mycerts/alice.crt');
if (success <> True) then
  begin
    Memo1.Lines.Add(CkCert__lastErrorText(cert));
    Exit;
  end;

// Certificates required for building the chain of authentication can be
// added to an XML certificate vault object, and then provided as
// a source for obtaining certs when building the chain.
certVault := CkXmlCertVault_Create();
success := CkXmlCertVault_AddCertFile(certVault,'/mycerts/ca.crt');
if (success <> True) then
  begin
    Memo1.Lines.Add(CkXmlCertVault__lastErrorText(certVault));
    Exit;
  end;
success := CkCert_UseCertVault(cert,certVault);
if (success <> True) then
  begin
    Memo1.Lines.Add(CkCert__lastErrorText(cert));
    Exit;
  end;

// Now provide the associated private key to the certificate object.
// The Chilkat private key class provides methods for loading from many formats (both
// encrypted and unencrypted).
privKey := CkPrivateKey_Create();
success := CkPrivateKey_LoadPemFile(privKey,'/mycerts/alice.key');
if (success <> True) then
  begin
    Memo1.Lines.Add(CkPrivateKey__lastErrorText(privKey));
    Exit;
  end;

// Provide the certificate object with the private key:
success := CkCert_SetPrivateKey(cert,privKey);
if (success <> True) then
  begin
    Memo1.Lines.Add(CkCert__lastErrorText(cert));
    Exit;
  end;

// Our certificate object now contains all that we need to add it as a private key entry
// to the Java keystore:
alias := 'alice';
success := CkJavaKeyStore_AddPrivateKey(jks,cert,alias,jksPassword);
if (success <> True) then
  begin
    Memo1.Lines.Add(CkJavaKeyStore__lastErrorText(jks));
    Exit;
  end;

// Write the updated JKS, which contains the new private key entry w/ certificate chain.
success := CkJavaKeyStore_ToFile(jks,jksPassword,jksPath);
if (success <> True) then
  begin
    Memo1.Lines.Add(CkJavaKeyStore__lastErrorText(jks));
    Exit;
  end;

Memo1.Lines.Add('Added new private key entry (from .crt and .key files) to the JKS!');

// Now let's add a new private key entry from a PFX that contains a single
// private key with associated cert and cert chain.
pfx := CkPfx_Create();

success := CkPfx_LoadPfxFile(pfx,'/myPfxFiles/my.pfx','pfxPassword');
if (success <> True) then
  begin
    Memo1.Lines.Add(CkPfx__lastErrorText(pfx));
    Exit;
  end;

// This is easy -- simply add the PFX to the JKS
alias := 'bob';
success := CkJavaKeyStore_AddPfx(jks,pfx,alias,jksPassword);
if (success <> True) then
  begin
    Memo1.Lines.Add(CkJavaKeyStore__lastErrorText(jks));
    Exit;
  end;

// Write the updated JKS, which contains the new private key entry w/ certificate chain
// that came from the PFX.
success := CkJavaKeyStore_ToFile(jks,jksPassword,jksPath);
if (success <> True) then
  begin
    Memo1.Lines.Add(CkJavaKeyStore__lastErrorText(jks));
    Exit;
  end;

Memo1.Lines.Add('Added new private key entry (from PFX) to the JKS!');

CkJavaKeyStore_Dispose(jks);
CkCert_Dispose(cert);
CkXmlCertVault_Dispose(certVault);
CkPrivateKey_Dispose(privKey);
CkPfx_Dispose(pfx);

end;