C
C
Create JCEKS Containing Secret Keys
See more Java KeyStore (JKS) Examples
Demonstrates how to create a JCEKS keystore file containing symmetric secret keys (for AES, Blowfish, HMAC SHA25, ChaCha20, etc.)This example requires Chilkat v9.5.0.66 or greater.
Chilkat C Downloads
#include <C_CkJavaKeyStore.h>
#include <C_CkPrng.h>
#include <C_CkStringBuilder.h>
#include <C_CkJsonObject.h>
void ChilkatSample(void)
{
BOOL success;
HCkJavaKeyStore jceks;
HCkPrng prng;
const char *aesKey;
const char *blowfishKey;
const char *hmacKey;
const char *chachaKey;
const char *encoding;
const char *password;
const char *filePassword;
HCkStringBuilder sbJson;
HCkJsonObject json;
success = FALSE;
// IMPORTANT: This example requires Chilkat v9.5.0.66 or greater.
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
jceks = CkJavaKeyStore_Create();
// We'll need a pseudo-random number generator (PRNG) to generate symmetric keys.
prng = CkPrng_Create();
// Generate some keys..
// 128-bit AES key (16 bytes)
aesKey = CkPrng_genRandom(prng,16,"base64");
// 256-bit Blowfish key (32 bytes)
blowfishKey = CkPrng_genRandom(prng,32,"base64");
// HMAC SHA256 key
// (An HMAC key can be anything, and any length. We'll use the following string:
hmacKey = "This is my HMAC key";
// ChaCha20 256-bit
chachaKey = CkPrng_genRandom(prng,32,"base64");
// Add each secret key to the JCEKS
encoding = "base64";
password = "secret";
CkJavaKeyStore_AddSecretKey(jceks,aesKey,encoding,"AES","my aes key",password);
CkJavaKeyStore_AddSecretKey(jceks,blowfishKey,encoding,"BLOWFISH","my blowfish key",password);
// For HMAC, we're using the us-ascii bytes for the key..
CkJavaKeyStore_AddSecretKey(jceks,hmacKey,"ascii","HMAC_SHA256","my hmac key",password);
CkJavaKeyStore_AddSecretKey(jceks,chachaKey,encoding,"CHACHA","my chacha20 key",password);
filePassword = "password";
// Write the JCEKs to a file.
success = CkJavaKeyStore_ToFile(jceks,filePassword,"qa_output/secretKeys.jceks");
if (success != TRUE) {
printf("%s\n",CkJavaKeyStore_lastErrorText(jceks));
CkJavaKeyStore_Dispose(jceks);
CkPrng_Dispose(prng);
return;
}
// We can also emit as a JWK Set..
sbJson = CkStringBuilder_Create();
success = CkJavaKeyStore_ToJwkSet(jceks,"secret",sbJson);
if (success != TRUE) {
printf("%s\n",CkJavaKeyStore_lastErrorText(jceks));
CkJavaKeyStore_Dispose(jceks);
CkPrng_Dispose(prng);
CkStringBuilder_Dispose(sbJson);
return;
}
// Emit the JSON in pretty-printed (indented) form:
json = CkJsonObject_Create();
CkJsonObject_LoadSb(json,sbJson);
CkJsonObject_putEmitCompact(json,FALSE);
printf("%s\n",CkJsonObject_emit(json));
// Output is:
// {
// "keys": [
// {
// "kty": "oct",
// "alg": "AES",
// "k": "vHekQQB0Gc1NvppapUTW2g",
// "kid": "my aes key"
// },
// {
// "kty": "oct",
// "alg": "BLOWFISH",
// "k": "qHsdXaJsXicVCZbK8l8hJQpYOa0GkiO9gsRK9WLtht8",
// "kid": "my blowfish key"
// },
// {
// "kty": "oct",
// "alg": "HMAC_SHA256",
// "k": "VGhpcyBpcyBteSBITUFDIGtleQ",
// "kid": "my hmac key"
// },
// {
// "kty": "oct",
// "alg": "CHACHA",
// "k": "yNv832U43C9BcWvaQAH2_rG-GwfmpgT5JBRllWGQY1o",
// "kid": "my chacha20 key"
// }
// ]
// }
//
CkJavaKeyStore_Dispose(jceks);
CkPrng_Dispose(prng);
CkStringBuilder_Dispose(sbJson);
CkJsonObject_Dispose(json);
}