0

I am trying to connect to a SSL web server. We currently have a pkcs12 file and connect, that is our private-key and certificate. Is it possible to connect using Java code with a public-key and certificate. Imagine I have a file (it is digital but here is the pem output).

> Myfile.pk12 / Myfile.pem > > -----BEGIN CERTIFICATE----- ... > -----END CERTIFICATE----- > > -----BEGIN ENCRYPTED PRIVATE KEY----- ... > -----END ENCRYPTED PRIVATE KEY-----

And we can connect to the server with this:

import org.apache.commons.httpclient.DefaultHttpMethodRetryHandler; import org.apache.commons.httpclient.params.HttpMethodParams; import org.apache.http.HttpEntity; import org.apache.http.HttpHost; import org.apache.http.HttpResponse; import org.apache.http.client.methods.HttpGet; import org.apache.http.client.methods.HttpPost; import org.apache.http.conn.params.ConnRoutePNames; import org.apache.http.conn.scheme.Scheme; import org.apache.http.conn.ssl.SSLSocketFactory; import org.apache.http.conn.ssl.X509HostnameVerifier; import org.apache.http.impl.client.DefaultHttpClient; KeyStore keyStore = generateKeyStore(); System.out.println("==>" + keyStore); SSLSocketFactory socketFactory = new SSLSocketFactory( SSLSocketFactory.TLS, keyStore, KEYSTORE_PASSCODE, null, null, (X509HostnameVerifier) SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

This works, but let's say we connect with the certificate and public key. Wouldn't Java internally create a private key based on the keystore we provide and that would allow us to connect? E.g.

> MyfileNEW.pk12 / MyfileNEW.pem > > -----BEGIN CERTIFICATE----- ... > -----END CERTIFICATE----- > > -----BEGIN PUBLIC KEY----- ... > -----END PUBLIC KEY-----

If the public key is embedded in the certificate? Can I use Java to send a request to the server without pre-creating a private key?

Improve this question

1 Answer 1

Reset to default
1

A certificate is a public key and the matching private key.

What you are referring to as the certificate between the BEGIN CERTIFICATE and END CERTIFICATE tags is likely a public key.

The basis of public-private key cryptography is that it is computationally infeasible to generate a private key from a given public key. The public key and private key (i.e., the certificate) are generated together. The private key is used to encrypt messages that can only be decrypted with the public key. The public key is used to encrypt messages that can only be decrypted with the private key.

Without the private key, the public key cannot be used for SSL encryption, as the message could not be decrypted on the receiving end (or could not be encrypted on the sending end).

A PKCS #12 file usually contains both the private key and the public key and is typically encrypted and stored in a binary format. The formats you are describing with the BEGIN and END tags is typically a PEM format, a Base-64 representation of the DER formatted keys.

Improve this answer
4
  • So if you look at my : MyfileNEW.pk12 Is that pretty much useless trying to communicate with the SSL server. I believe I used openssl to extract the public key from the .p12 file. I guess the part I am missing. Is it possible for Java internally create a private key so that we don't have to explicitly/manually create one private key? How do browsers do it? When they connect to a ssl server, the user doesn't create a private key to browse a site. Commented Dec 10, 2013 at 17:44
  • Set the keystoreType to pkcs12 when reading the keystore from disk, and then you can use the .p12 file as is. See stackoverflow.com/a/19937891/64217 for code. Commented Dec 10, 2013 at 20:50
  • Another question, how is the private key and public key used in this case? For encrypting traffic? Commented Dec 10, 2013 at 22:04
  • @berlin-brown: Technically, the private and public key are used to encrypt a key that is used to encrypt the traffic. See en.wikipedia.org/wiki/Transport_Layer_Security. Commented Dec 10, 2013 at 22:26

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.