7

I am trying to get private Key from a .keystore File that I created.

So far, this is working:

        try {
        FileInputStream is = new FileInputStream("C:\\Program Files\\Java\\...mykeystore.keystore");

        KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
        keystore.load(is, "mypassword".toCharArray());
        Key privKey = keystore.getKey("alias", "mypassword".toCharArray());

        StringWriter stringWriter = new StringWriter();
        JcaPEMWriter pemWriter = new JcaPEMWriter(stringWriter);
        pemWriter.writeObject(privKey);
        pemWriter.close();
        System.out.println(stringWriter);

For the System.out.println(stringWriter) I get the following output:

-----BEGIN RSA PRIVATE KEY-----

PRIVATE KEY IS HERE

-----END RSA PRIVATE KEY-----

I now would like to use this private key to create a ssh connection to a Unix Server. On the unix server side I already put the public key in to the authorized_key files.

For the ssh connection I use JSch. According to JSCH - Invalid private key I now need to convert this key to PEM Format. I did this with the example from Abdelhameed Mahmoud:

        StringWriter stringWriter = new StringWriter();
        JcaPEMWriter pemWriter = new JcaPEMWriter(stringWriter);
        pemWriter.writeObject(privKey);
        pemWriter.close();
        System.out.println(stringWriter);
        byte[] privateKeyPEM = stringWriter.toString().getBytes();

And here it is where I am stuck.

How can I use the privateKeyPEM byte object? I want to use this with the jsch.addIdentity()

But I do not really understand how I can use this byte[] privateKeyPEM variable to set the identity?

Here an Example for my JSch part:

     JSch jsch = new JSch();
        jsch.addIdentity(**What to put here??**);
        session = jsch.getSession(user, getIP(), getPort());
        session.setConfig("PreferredAuthentications", "publickey");
        //session.setPassword(pwd);
        session.setConfig("StrictHostKeyChecking", "no");
        session.connect(3000);

Has anyone experience with this?

Sorry for the missing comments, as I am still figuring out how to get this working I did not add any comments yet.

Thanks in advance for any helpful input.

Cheers Armin

Community
  • 1
  • 1
ArBei
  • 105
  • 1
  • 6

2 Answers2

8

Is nothing about this in the jsch documentation?

The parameters are:

JSch.addIdentity(String name, byte[] prvkey, byte[] pubkey, byte[] passphrase)

In your case (unencrypted PEM):

jsch.addIdentity(user, privateKeyPEM, null, null);
Omikron
  • 4,072
  • 1
  • 27
  • 28
  • Hi Omikron. Thanks a lot for your feedback. I was just confused regarding the string / the byte pubkey / passphrase params that you can use. For some reasons I was confused by this. In the start I always received some strange errors, probably I got the wrong user as the string. Anyway, thanks a lot for your feedback. With this everything is working now. Cheers – ArBei Feb 16 '17 at 15:47
  • awesome ! really helpful and nowhere else to be found. No docs no nothing... especially the original question is useful thing to be asked – kosta5 Jan 17 '20 at 12:19
0

You can use your privateKeyPEM as byte array:

jsch.identityRepository.add(privateKeyPEM)

Here is implementation of LocalIdentityRepository:

public synchronized boolean add(byte[] identity) {
  try{
    Identity _identity = IdentityFile.newInstance("from remote:", identity, null, jsch);
    add(_identity);
    return true;
  }
  catch(JSchException e){
    return false;
  }
}

Please keep in mind that -----BEGIN RSA PRIVATE KEY----- is a part of private key. Jsch check the key type.

if(buf[i]=='B'&& i+3<len && buf[i+1]=='E'&& buf[i+2]=='G'&& buf[i+3]=='I') {
  ....

  if(buf[i]=='R'&& buf[i+1]=='S'&& buf[i+2]=='A'){ type=RSA; }
  ....
}

# Refer to: https://github.com/is/jsch/blob/master/src/main/java/com/jcraft/jsch/KeyPair.java#L210
Shin Kim
  • 4,911
  • 3
  • 29
  • 31