Accessing Public Keys

A Java java.security.KeyStore implementation is used to store the public keys for this application. The Gemalto SAFENET provider implementation of the KeyStore is known as CRYPTOKI, and enables access to the keys stored on the hardware. At present, this KeyStore only supports storage of Key objects and does not provide any support for the storage of Certificate objects. Additionally, this KeyStore will ignore the password parameter supplied to the getKey() method.

Creating the KeyStore

Creating a KeyStore instance and populating it is generally a two step process. First, we create the instance and then use the KeyStore.load() method to initialize it with the key data. The load() method accepts an InputStream instance which allows for keys to be stored on an arbitrary data source. The CRYPTOKI KeyStore, however, accesses key storage on the hardware directly and so ignores the load() method completely.

static final String PROVIDER = "SAFENET";
static final String KS_NAME = "CRYPTOKI";

KeyStore loadKeyStore()
{
   KeyStore ks = KeyStore.getInstance(KS_NAME, PROVIDER);
   ks.load(null, null);

   return ks;
}

Retrieving the Public Key

Our application needs to determine the recipient's public key in order to encrypt the file. The standard mechanism for accessing public keys is to extract the Certificate for the recipient by using the KeyStore.getCertificate() method and then use the Certificate.getPublicKey method to recover the key. However with the CRYPTOKI KeyStore we will simply use the KeyStore.getKey() method.

PublicKey publicKey = (PublicKey)ks.getKey(recipientAlias, 
                       null);

Retrieving the Private Key

To decrypt the file we need to look up the private key. To access private keys stored in a KeyStore use the KeyStore.getKey() method.

PrivateKey privateKey = (PrivateKey)ks.getKey(myAlias, 
                         null);