Sample code for 30+ languages & platforms
C#

Add Private Key to Java Keystore

See more Java KeyStore (JKS) Examples

Adds a private key to an existing Java keystore.

Chilkat C# Downloads

C#
bool success = false;

//  This requires the Chilkat API to have been previously unlocked.
//  See Global Unlock Sample for sample code.

Chilkat.JavaKeyStore jks = new Chilkat.JavaKeyStore();

string jksPassword = "myJksPassword";
string jksPath = "/someDir/keyStore.jks";

//  Load the Java keystore from a file.
success = jks.LoadFile(jksPassword,jksPath);
if (success != true) {
    Debug.WriteLine(jks.LastErrorText);
    return;
}

//  A JKS private key entry consists of both the private key,
//  it's associated certificate (which contains the matching public key
//  within the X.509 of the certificate), and the certificates in the
//  chain of authentication to the root.
//  
//  Therefore, to add a private key entry to a JKS requires
//  a Chilkat certificate object that has a private key and which also
//  has the certificate chain (up to the root) available.

//  There are many ways to get a Chilkat certificate object
//  that contains (within it) the private key and the certificate chain
//  This example will show two possibilities:
//  (1) Where the cert and issuing root are provided in PEM format in .crt files,
//  and the private key is also provided in unencrypted PEM format (.key file).
//  (2) Where the cert, private key, and issuing root are provided in a single PFX.

//  First for the .crt / .key files:
Chilkat.Cert cert = new Chilkat.Cert();

//  Chilkat will automatically determine the format of the cert file and load it correctly.
success = cert.LoadFromFile("/mycerts/alice.crt");
if (success != true) {
    Debug.WriteLine(cert.LastErrorText);
    return;
}

//  Certificates required for building the chain of authentication can be
//  added to an XML certificate vault object, and then provided as
//  a source for obtaining certs when building the chain.
Chilkat.XmlCertVault certVault = new Chilkat.XmlCertVault();
success = certVault.AddCertFile("/mycerts/ca.crt");
if (success != true) {
    Debug.WriteLine(certVault.LastErrorText);
    return;
}

success = cert.UseCertVault(certVault);
if (success != true) {
    Debug.WriteLine(cert.LastErrorText);
    return;
}

//  Now provide the associated private key to the certificate object.
//  The Chilkat private key class provides methods for loading from many formats (both
//  encrypted and unencrypted).
Chilkat.PrivateKey privKey = new Chilkat.PrivateKey();
success = privKey.LoadPemFile("/mycerts/alice.key");
if (success != true) {
    Debug.WriteLine(privKey.LastErrorText);
    return;
}

//  Provide the certificate object with the private key:
success = cert.SetPrivateKey(privKey);
if (success != true) {
    Debug.WriteLine(cert.LastErrorText);
    return;
}

//  Our certificate object now contains all that we need to add it as a private key entry
//  to the Java keystore:
string alias = "alice";
success = jks.AddPrivateKey(cert,alias,jksPassword);
if (success != true) {
    Debug.WriteLine(jks.LastErrorText);
    return;
}

//  Write the updated JKS, which contains the new private key entry w/ certificate chain.
success = jks.ToFile(jksPassword,jksPath);
if (success != true) {
    Debug.WriteLine(jks.LastErrorText);
    return;
}

Debug.WriteLine("Added new private key entry (from .crt and .key files) to the JKS!");

//  Now let's add a new private key entry from a PFX that contains a single
//  private key with associated cert and cert chain.
Chilkat.Pfx pfx = new Chilkat.Pfx();

success = pfx.LoadPfxFile("/myPfxFiles/my.pfx","pfxPassword");
if (success != true) {
    Debug.WriteLine(pfx.LastErrorText);
    return;
}

//  This is easy -- simply add the PFX to the JKS
alias = "bob";
success = jks.AddPfx(pfx,alias,jksPassword);
if (success != true) {
    Debug.WriteLine(jks.LastErrorText);
    return;
}

//  Write the updated JKS, which contains the new private key entry w/ certificate chain
//  that came from the PFX.
success = jks.ToFile(jksPassword,jksPath);
if (success != true) {
    Debug.WriteLine(jks.LastErrorText);
    return;
}

Debug.WriteLine("Added new private key entry (from PFX) to the JKS!");