1

I am having a RSA public key (without certificate) which I want to add in my existing jks file.

-----BEGIN PUBLIC KEY-----
MIIBIjA.... // key here
-----END PUBLIC KEY-----

Is it possible? I don't have private key of it so if I create a self signed certificate with other key will it work (I think it won't)?

Niket Sharma
  • 25
  • 7

1 Answers1

3

Java keystores can only store Secret Keys, Key Pairs (private key + certificate chain) and Certificates. Public keys cannot stand on their own, they are usually embedded in the certificate.

So to answer your question, you cannot store your public key. You need to work with whoever provided you the public key and see if they can provide you the certificate. And you cannot create a self-signed certificate because you don't have its private key, and you won't be able to use a different private key either.

If you need to use your public key in code, this solution shows you how to do it provided you store your public key as a file.

always_a_rookie
  • 4,515
  • 1
  • 25
  • 46
  • 1
    ... and if you want to you can encrypt that public key with a private key that **is** in the key store using a self signed certifcate. – Maarten Bodewes Aug 04 '20 at 00:12
  • You can't create a self-signed cert, _or_ a standard (PKCS10) CSR, without the matching privatekey, but you _can_ create your own ad-hoc nonstandard CA and issue a cert for the publickey and whatever subject name(s) and data you choose. You don't even need to store the CA's key and cert, although you probably would want to. Java allows trustedCert in KeyStore to be non-root, and does path validation using generic anchors per 3280/5280 not specifically self-signed/root certs per 2459. – dave_thompson_085 Aug 11 '20 at 03:56