Sample code for 30+ languages & platforms
Unicode C

Create JCEKS Containing Secret Keys

See more Java KeyStore (JKS) Examples

Demonstrates how to create a JCEKS keystore file containing symmetric secret keys (for AES, Blowfish, HMAC SHA25, ChaCha20, etc.)

This example requires Chilkat v9.5.0.66 or greater.

Chilkat Unicode C Downloads

Unicode C
#include <C_CkJavaKeyStoreW.h>
#include <C_CkPrngW.h>
#include <C_CkStringBuilderW.h>
#include <C_CkJsonObjectW.h>

void ChilkatSample(void)
    {
    BOOL success;
    HCkJavaKeyStoreW jceks;
    HCkPrngW prng;
    const wchar_t *aesKey;
    const wchar_t *blowfishKey;
    const wchar_t *hmacKey;
    const wchar_t *chachaKey;
    const wchar_t *encoding;
    const wchar_t *password;
    const wchar_t *filePassword;
    HCkStringBuilderW sbJson;
    HCkJsonObjectW json;

    success = FALSE;

    // IMPORTANT: This example requires Chilkat v9.5.0.66 or greater.

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    jceks = CkJavaKeyStoreW_Create();

    // We'll need a pseudo-random number generator (PRNG) to generate symmetric keys.
    prng = CkPrngW_Create();

    // Generate some keys..

    // 128-bit AES key (16 bytes)
    aesKey = CkPrngW_genRandom(prng,16,L"base64");

    // 256-bit Blowfish key (32 bytes)
    blowfishKey = CkPrngW_genRandom(prng,32,L"base64");

    // HMAC SHA256 key
    // (An HMAC key can be anything, and any length. We'll use the following string:
    hmacKey = L"This is my HMAC key";

    // ChaCha20 256-bit
    chachaKey = CkPrngW_genRandom(prng,32,L"base64");

    // Add each secret key to the JCEKS
    encoding = L"base64";
    password = L"secret";
    CkJavaKeyStoreW_AddSecretKey(jceks,aesKey,encoding,L"AES",L"my aes key",password);
    CkJavaKeyStoreW_AddSecretKey(jceks,blowfishKey,encoding,L"BLOWFISH",L"my blowfish key",password);
    // For HMAC, we're using the us-ascii bytes for the key..
    CkJavaKeyStoreW_AddSecretKey(jceks,hmacKey,L"ascii",L"HMAC_SHA256",L"my hmac key",password);
    CkJavaKeyStoreW_AddSecretKey(jceks,chachaKey,encoding,L"CHACHA",L"my chacha20 key",password);

    filePassword = L"password";
    // Write the JCEKs to a file.
    success = CkJavaKeyStoreW_ToFile(jceks,filePassword,L"qa_output/secretKeys.jceks");
    if (success != TRUE) {
        wprintf(L"%s\n",CkJavaKeyStoreW_lastErrorText(jceks));
        CkJavaKeyStoreW_Dispose(jceks);
        CkPrngW_Dispose(prng);
        return;
    }

    // We can also emit as a JWK Set..
    sbJson = CkStringBuilderW_Create();
    success = CkJavaKeyStoreW_ToJwkSet(jceks,L"secret",sbJson);
    if (success != TRUE) {
        wprintf(L"%s\n",CkJavaKeyStoreW_lastErrorText(jceks));
        CkJavaKeyStoreW_Dispose(jceks);
        CkPrngW_Dispose(prng);
        CkStringBuilderW_Dispose(sbJson);
        return;
    }

    // Emit the JSON in pretty-printed (indented) form:
    json = CkJsonObjectW_Create();
    CkJsonObjectW_LoadSb(json,sbJson);
    CkJsonObjectW_putEmitCompact(json,FALSE);
    wprintf(L"%s\n",CkJsonObjectW_emit(json));

    // Output is:

    // { 
    //   "keys": [
    //     { 
    //       "kty": "oct",
    //       "alg": "AES",
    //       "k": "vHekQQB0Gc1NvppapUTW2g",
    //       "kid": "my aes key"
    //     },
    //     { 
    //       "kty": "oct",
    //       "alg": "BLOWFISH",
    //       "k": "qHsdXaJsXicVCZbK8l8hJQpYOa0GkiO9gsRK9WLtht8",
    //       "kid": "my blowfish key"
    //     },
    //     { 
    //       "kty": "oct",
    //       "alg": "HMAC_SHA256",
    //       "k": "VGhpcyBpcyBteSBITUFDIGtleQ",
    //       "kid": "my hmac key"
    //     },
    //     { 
    //       "kty": "oct",
    //       "alg": "CHACHA",
    //       "k": "yNv832U43C9BcWvaQAH2_rG-GwfmpgT5JBRllWGQY1o",
    //       "kid": "my chacha20 key"
    //     }
    //   ]
    // }
    // 


    CkJavaKeyStoreW_Dispose(jceks);
    CkPrngW_Dispose(prng);
    CkStringBuilderW_Dispose(sbJson);
    CkJsonObjectW_Dispose(json);

    }