JKS file generated is more than 3 fold in size compare to same file creation using keytool #44
Comments
|
Hi, That sounds odd. What do you have inside the jks? Only key and certificate, or a chain as well? How long is the chain? Can you share? Thanks. |
|
No, I can't share
It key ,certificate and certificate chain.
Thanks and Regards,
Shivakumar
…On Mon, 17 Sep 2018, 01:48 Magnus Watn, ***@***.***> wrote:
Hi,
That sounds odd. What do you have inside the jks? Only key and
certificate, or a chain as well? How long is the chain? Can you share?
Thanks.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#44 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ApC0mOyH4S95h31xH6f-5N8xSgA9yrBbks5ubrH-gaJpZM4Wo2Qe>
.
|
|
Can you share your code for creating the jks? |
|
HI ,
Yes sure I can share the code . I am using following steps to generate jks.
pke = jks.PrivateKeyEntry.new(alias_name,certs,pk,'rsa_raw')
keystore = jks.keystore.new('jks',[pke])
keystore.save('\tmp\keystore.jks',passwd)
certs -- This is the concatenation of exported certificate of certificate
and chain_certificate (which is in PEM format )
pk -- This is the private key generated during the export of certificate
(this is also in PEM format )
The above certificates are ACM (Amazon certificate Manager) certificates.
Please let me know if u need any additional information. As it i is been
critical to me, As the generated JKS if we import to springBoot app we are
not able to secure the application, I am not sure why.Although if I query
JKS using keytool it lists the certificate details which I have imported.
So wanted to know did I miss any steps while generating this.
Thanks and Regards,
Shivakumar
…On Wed, Sep 19, 2018 at 12:39 AM Magnus Watn ***@***.***> wrote:
Can you share your code for creating the jks?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#44 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ApC0mA_7eobt_PEHhQYjzmC3WuhpEFdbks5ucUTTgaJpZM4Wo2Qe>
.
|
|
You can't import the certificates and key in PEM format directly into the jks keystore. You must decode them into binary/DER first. Using pyopenssl you can do like this: I'm guessing that's your problem - base64 encoding is less efficient and will increase the size of the keystore (in addition to making it useless). |
|
Thanks Magnus ,
For quick reply. I will try this.
Thanks and Regards,
Shivakumar
…On Wed, Sep 26, 2018 at 12:15 AM Magnus Watn ***@***.***> wrote:
You can't import the certificates and key in PEM format directly into the
jks keystore. You must decode them into binary/DER first.
Using pyopenssl you can do like this:
loaded_cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert)
loaded_key = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, pk)
dumped_cert = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_ASN1, loaded_cert)
dumped_key = OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_ASN1, loaded_key)
I'm guessing that's your problem - base64 encoding is less efficient and
will increase the size of the keystore (in addition to making it useless).
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#44 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ApC0mAYnoXmG6eq8xmO1dhrFacFEXUPyks5uenndgaJpZM4Wo2Qe>
.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
HI Team ,
I am generating keystore using keytool iam getting jks file with size 3kb.But I am using the same procedure to generate using Jks I am getting file size as 10kb. May I know the reason.
Thanks and Regards,
Shivakumar
The text was updated successfully, but these errors were encountered: