Objective-C
Objective-C
Create JCEKS Containing Secret Keys
See more Java KeyStore (JKS) Examples
Demonstrates how to create a JCEKS keystore file containing symmetric secret keys (for AES, Blowfish, HMAC SHA25, ChaCha20, etc.)This example requires Chilkat v9.5.0.66 or greater.
Chilkat Objective-C Downloads
#import <CkoJavaKeyStore.h>
#import <CkoPrng.h>
#import <NSString.h>
#import <CkoStringBuilder.h>
#import <CkoJsonObject.h>
BOOL success = NO;
// IMPORTANT: This example requires Chilkat v9.5.0.66 or greater.
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
CkoJavaKeyStore *jceks = [[CkoJavaKeyStore alloc] init];
// We'll need a pseudo-random number generator (PRNG) to generate symmetric keys.
CkoPrng *prng = [[CkoPrng alloc] init];
// Generate some keys..
// 128-bit AES key (16 bytes)
NSString *aesKey = [prng GenRandom: [NSNumber numberWithInt: 16] encoding: @"base64"];
// 256-bit Blowfish key (32 bytes)
NSString *blowfishKey = [prng GenRandom: [NSNumber numberWithInt: 32] encoding: @"base64"];
// HMAC SHA256 key
// (An HMAC key can be anything, and any length. We'll use the following string:
NSString *hmacKey = @"This is my HMAC key";
// ChaCha20 256-bit
NSString *chachaKey = [prng GenRandom: [NSNumber numberWithInt: 32] encoding: @"base64"];
// Add each secret key to the JCEKS
NSString *encoding = @"base64";
NSString *password = @"secret";
[jceks AddSecretKey: aesKey encoding: encoding algorithm: @"AES" alias: @"my aes key" password: password];
[jceks AddSecretKey: blowfishKey encoding: encoding algorithm: @"BLOWFISH" alias: @"my blowfish key" password: password];
// For HMAC, we're using the us-ascii bytes for the key..
[jceks AddSecretKey: hmacKey encoding: @"ascii" algorithm: @"HMAC_SHA256" alias: @"my hmac key" password: password];
[jceks AddSecretKey: chachaKey encoding: encoding algorithm: @"CHACHA" alias: @"my chacha20 key" password: password];
NSString *filePassword = @"password";
// Write the JCEKs to a file.
success = [jceks ToFile: filePassword path: @"qa_output/secretKeys.jceks"];
if (success != YES) {
NSLog(@"%@",jceks.LastErrorText);
return;
}
// We can also emit as a JWK Set..
CkoStringBuilder *sbJson = [[CkoStringBuilder alloc] init];
success = [jceks ToJwkSet: @"secret" sbJwkSet: sbJson];
if (success != YES) {
NSLog(@"%@",jceks.LastErrorText);
return;
}
// Emit the JSON in pretty-printed (indented) form:
CkoJsonObject *json = [[CkoJsonObject alloc] init];
[json LoadSb: sbJson];
json.EmitCompact = NO;
NSLog(@"%@",[json Emit]);
// Output is:
// {
// "keys": [
// {
// "kty": "oct",
// "alg": "AES",
// "k": "vHekQQB0Gc1NvppapUTW2g",
// "kid": "my aes key"
// },
// {
// "kty": "oct",
// "alg": "BLOWFISH",
// "k": "qHsdXaJsXicVCZbK8l8hJQpYOa0GkiO9gsRK9WLtht8",
// "kid": "my blowfish key"
// },
// {
// "kty": "oct",
// "alg": "HMAC_SHA256",
// "k": "VGhpcyBpcyBteSBITUFDIGtleQ",
// "kid": "my hmac key"
// },
// {
// "kty": "oct",
// "alg": "CHACHA",
// "k": "yNv832U43C9BcWvaQAH2_rG-GwfmpgT5JBRllWGQY1o",
// "kid": "my chacha20 key"
// }
// ]
// }
//