Sample code for 30+ languages & platforms
Objective-C

Create JCEKS Containing Secret Keys

See more Java KeyStore (JKS) Examples

Demonstrates how to create a JCEKS keystore file containing symmetric secret keys (for AES, Blowfish, HMAC SHA25, ChaCha20, etc.)

This example requires Chilkat v9.5.0.66 or greater.

Chilkat Objective-C Downloads

Objective-C
#import <CkoJavaKeyStore.h>
#import <CkoPrng.h>
#import <NSString.h>
#import <CkoStringBuilder.h>
#import <CkoJsonObject.h>

BOOL success = NO;

// IMPORTANT: This example requires Chilkat v9.5.0.66 or greater.

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

CkoJavaKeyStore *jceks = [[CkoJavaKeyStore alloc] init];

// We'll need a pseudo-random number generator (PRNG) to generate symmetric keys.
CkoPrng *prng = [[CkoPrng alloc] init];

// Generate some keys..

// 128-bit AES key (16 bytes)
NSString *aesKey = [prng GenRandom: [NSNumber numberWithInt: 16] encoding: @"base64"];

// 256-bit Blowfish key (32 bytes)
NSString *blowfishKey = [prng GenRandom: [NSNumber numberWithInt: 32] encoding: @"base64"];

// HMAC SHA256 key
// (An HMAC key can be anything, and any length. We'll use the following string:
NSString *hmacKey = @"This is my HMAC key";

// ChaCha20 256-bit
NSString *chachaKey = [prng GenRandom: [NSNumber numberWithInt: 32] encoding: @"base64"];

// Add each secret key to the JCEKS
NSString *encoding = @"base64";
NSString *password = @"secret";
[jceks AddSecretKey: aesKey encoding: encoding algorithm: @"AES" alias: @"my aes key" password: password];
[jceks AddSecretKey: blowfishKey encoding: encoding algorithm: @"BLOWFISH" alias: @"my blowfish key" password: password];
// For HMAC, we're using the us-ascii bytes for the key..
[jceks AddSecretKey: hmacKey encoding: @"ascii" algorithm: @"HMAC_SHA256" alias: @"my hmac key" password: password];
[jceks AddSecretKey: chachaKey encoding: encoding algorithm: @"CHACHA" alias: @"my chacha20 key" password: password];

NSString *filePassword = @"password";
// Write the JCEKs to a file.
success = [jceks ToFile: filePassword path: @"qa_output/secretKeys.jceks"];
if (success != YES) {
    NSLog(@"%@",jceks.LastErrorText);
    return;
}

// We can also emit as a JWK Set..
CkoStringBuilder *sbJson = [[CkoStringBuilder alloc] init];
success = [jceks ToJwkSet: @"secret" sbJwkSet: sbJson];
if (success != YES) {
    NSLog(@"%@",jceks.LastErrorText);
    return;
}

// Emit the JSON in pretty-printed (indented) form:
CkoJsonObject *json = [[CkoJsonObject alloc] init];
[json LoadSb: sbJson];
json.EmitCompact = NO;
NSLog(@"%@",[json Emit]);

// Output is:

// { 
//   "keys": [
//     { 
//       "kty": "oct",
//       "alg": "AES",
//       "k": "vHekQQB0Gc1NvppapUTW2g",
//       "kid": "my aes key"
//     },
//     { 
//       "kty": "oct",
//       "alg": "BLOWFISH",
//       "k": "qHsdXaJsXicVCZbK8l8hJQpYOa0GkiO9gsRK9WLtht8",
//       "kid": "my blowfish key"
//     },
//     { 
//       "kty": "oct",
//       "alg": "HMAC_SHA256",
//       "k": "VGhpcyBpcyBteSBITUFDIGtleQ",
//       "kid": "my hmac key"
//     },
//     { 
//       "kty": "oct",
//       "alg": "CHACHA",
//       "k": "yNv832U43C9BcWvaQAH2_rG-GwfmpgT5JBRllWGQY1o",
//       "kid": "my chacha20 key"
//     }
//   ]
// }
//