I need to use a digital signature in application running on WebSphere Portal 6.1. Is there any API for retriving java.security.PrivateKey from server key storage? I want to avoid explicit path to key storage and storage password in my application source code.
Asked
Active
Viewed 3,353 times
1 Answers
5
Check out the IBM KeySetHelper API.
First, define a KeyStore in WAS admin. This is what will reference the key database (JKS, PKCS12, etc) on the filesystem via path. Then define a named KeySet and reference the KeyStore. Create an alias in the key set that matches a label in the KeyStore. This limits access to specific keys if you have several in the store.
You can then "lookup" the named keystore via KeySetHelper by name. Note: you'll need to know what type of key is in the store. You won't need to know labels within the key database (or even passwords) in your code. However, you'll need to know whether or not the key is a shared secret (in which case you'll receive a java.security.SecretKey implementation. Since you want a java.security.PrivateKey, make sure you load a personal certificate into the key database that is represented in WAS as your keystore.
If you manually load a certificate into your keydatabase backing your keystore, you can leave off the key generator class name parameter of the keyset. That's used if you want to have WAS generate keys. If you also need a java.security.PublicKey, be sure to check the "generates key pair" option. In that case, you are returned from your KeySetHelper::getLatestKeysForKeySet call a com.ibm.websphere.crypto.KeyPair which contains both a java.security.PrivateKey and a java.security.PublicKey (plus access to a java.security.Certificate).
See also:
Scott Heaberlin
- 3,364
- 1
- 23
- 22
-
Will definitely going to use that in the future – Aviram Segal Dec 14 '12 at 09:53