Programmer Works: July 2015

PEM:Privacy Enhanced Mail is a Base64 encoded DER certificate
PEM files are used to represent Certificate/PrivateKey in an understandable format. They have a distinct header and footer for every key, where the body is composed of Base64 encoded Key.
They are represented as shown below for (Certificate/PrivateKey/Certificate Signing Request/PublicKey)

Java Program to generate PEM files.

package bc;

import java.io.File;
import java.io.FileWriter;
import java.io.PrintWriter;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Date;

import javax.security.auth.x500.X500Principal;

import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMWriter;
import org.bouncycastle.x509.X509V1CertificateGenerator;

public class PEMWrite {
    public static void main(String[] args) throws Exception {
        generateSelfSignedX509Certificate();
    }

    static {
        // adds the Bouncy castle provider to java security
        Security.addProvider(new BouncyCastleProvider());
    }

    /**
     * Generate a self signed X509 certificate with Bouncy Castle.
     */
    static void generateSelfSignedX509Certificate() throws Exception {

        // yesterday
        Date validityBeginDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000);
        // in 2 years
        Date validityEndDate = new Date(System.currentTimeMillis() + 2 * 365 * 24 * 60 * 60 * 1000);

        // GENERATE THE PUBLIC/PRIVATE RSA KEY PAIR
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(1024, new SecureRandom());

        KeyPair keyPair = keyPairGenerator.generateKeyPair();

        // GENERATE THE X509 CERTIFICATE
        X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
        X500Principal dnName = new X500Principal("CN=RaviTeja");
        certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
        certGen.setSubjectDN(dnName);
        certGen.setIssuerDN(dnName); // use the same
        certGen.setNotBefore(validityBeginDate);
        certGen.setNotAfter(validityEndDate);
        certGen.setPublicKey(keyPair.getPublic());
        certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
        X509Certificate cert = certGen.generate(keyPair.getPrivate(), "BC");
        System.out.println(cert);

        // PEM format representing Certificate
        PEMWriter pemWriter = new PEMWriter(new PrintWriter(System.out));
        pemWriter.writeObject(cert);
        pemWriter.flush();

        //Loads Private Key as PEM format into private_key.pem file
        File file = new File("private_key.pem");
        PEMWriter pw1 = new PEMWriter(new FileWriter(file));
        pw1.writeObject(keyPair.getPrivate());
        pw1.flush();
        pw1.close();

        //PEM format representing PrivateKey
        pemWriter.writeObject(keyPair.getPrivate());
        pemWriter.flush();

        //PEM format representing PublicKey
        pemWriter.writeObject(keyPair.getPublic());
        pemWriter.flush();
        pemWriter.close();

    }
}

Programmer Works

Wednesday, July 15, 2015

PEM File Creation

Labels