Sample code for 30+ languages & platforms
Android™

Add Private Key to Java Keystore

See more Java KeyStore (JKS) Examples

Adds a private key to an existing Java keystore.

Chilkat Android™ Downloads

Android™
// Important: Don't forget to include the call to System.loadLibrary
// as shown at the bottom of this code sample.
package com.test;

import android.app.Activity;
import com.chilkatsoft.*;

import android.widget.TextView;
import android.os.Bundle;

public class SimpleActivity extends Activity {

  private static final String TAG = "Chilkat";

  // Called when the activity is first created.
  @Override
  public void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);

    boolean success = false;

    // This requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    CkJavaKeyStore jks = new CkJavaKeyStore();

    String jksPassword = "myJksPassword";
    String jksPath = "/someDir/keyStore.jks";

    // Load the Java keystore from a file.
    success = jks.LoadFile(jksPassword,jksPath);
    if (success != true) {
        Log.i(TAG, jks.lastErrorText());
        return;
        }

    // A JKS private key entry consists of both the private key,
    // it's associated certificate (which contains the matching public key
    // within the X.509 of the certificate), and the certificates in the
    // chain of authentication to the root.
    // 
    // Therefore, to add a private key entry to a JKS requires
    // a Chilkat certificate object that has a private key and which also
    // has the certificate chain (up to the root) available.

    // There are many ways to get a Chilkat certificate object
    // that contains (within it) the private key and the certificate chain
    // This example will show two possibilities:
    // (1) Where the cert and issuing root are provided in PEM format in .crt files,
    // and the private key is also provided in unencrypted PEM format (.key file).
    // (2) Where the cert, private key, and issuing root are provided in a single PFX.

    // First for the .crt / .key files:
    CkCert cert = new CkCert();

    // Chilkat will automatically determine the format of the cert file and load it correctly.
    success = cert.LoadFromFile("/mycerts/alice.crt");
    if (success != true) {
        Log.i(TAG, cert.lastErrorText());
        return;
        }

    // Certificates required for building the chain of authentication can be
    // added to an XML certificate vault object, and then provided as
    // a source for obtaining certs when building the chain.
    CkXmlCertVault certVault = new CkXmlCertVault();
    success = certVault.AddCertFile("/mycerts/ca.crt");
    if (success != true) {
        Log.i(TAG, certVault.lastErrorText());
        return;
        }

    success = cert.UseCertVault(certVault);
    if (success != true) {
        Log.i(TAG, cert.lastErrorText());
        return;
        }

    // Now provide the associated private key to the certificate object.
    // The Chilkat private key class provides methods for loading from many formats (both
    // encrypted and unencrypted).
    CkPrivateKey privKey = new CkPrivateKey();
    success = privKey.LoadPemFile("/mycerts/alice.key");
    if (success != true) {
        Log.i(TAG, privKey.lastErrorText());
        return;
        }

    // Provide the certificate object with the private key:
    success = cert.SetPrivateKey(privKey);
    if (success != true) {
        Log.i(TAG, cert.lastErrorText());
        return;
        }

    // Our certificate object now contains all that we need to add it as a private key entry
    // to the Java keystore:
    String alias = "alice";
    success = jks.AddPrivateKey(cert,alias,jksPassword);
    if (success != true) {
        Log.i(TAG, jks.lastErrorText());
        return;
        }

    // Write the updated JKS, which contains the new private key entry w/ certificate chain.
    success = jks.ToFile(jksPassword,jksPath);
    if (success != true) {
        Log.i(TAG, jks.lastErrorText());
        return;
        }

    Log.i(TAG, "Added new private key entry (from .crt and .key files) to the JKS!");

    // Now let's add a new private key entry from a PFX that contains a single
    // private key with associated cert and cert chain.
    CkPfx pfx = new CkPfx();

    success = pfx.LoadPfxFile("/myPfxFiles/my.pfx","pfxPassword");
    if (success != true) {
        Log.i(TAG, pfx.lastErrorText());
        return;
        }

    // This is easy -- simply add the PFX to the JKS
    alias = "bob";
    success = jks.AddPfx(pfx,alias,jksPassword);
    if (success != true) {
        Log.i(TAG, jks.lastErrorText());
        return;
        }

    // Write the updated JKS, which contains the new private key entry w/ certificate chain
    // that came from the PFX.
    success = jks.ToFile(jksPassword,jksPath);
    if (success != true) {
        Log.i(TAG, jks.lastErrorText());
        return;
        }

    Log.i(TAG, "Added new private key entry (from PFX) to the JKS!");

  }

  static {
      System.loadLibrary("chilkat");

      // Note: If the incorrect library name is passed to System.loadLibrary,
      // then you will see the following error message at application startup:
      //"The application <your-application-name> has stopped unexpectedly. Please try again."
  }
}