Exporting PKCS #12 credentials

Export private keying material to a PKCS #12 file.

Obtaining the user password

Prompt the user for the password.

SecureStringBuffer pwd = new SecureStringBuffer(...);

A user's password must contain the following.

  • at least 8 characters

  • at least one uppercase character

  • at least one lowercase character

  • at least one numeric character

A user's password may contain the following.

  • non-alpha-numeric characters

  • uppercase and lowercase characters

  • spaces

  • repeated characters

By default, a user's password has no expiry date, but if a user changes a password, it cannot be the same as one of the previous eight passwords chosen by that user.

Creating a user

Create a user object.

com.entrust.toolkit.User user = new User();

Connecting to the key management server

Connect to the CA key management server and the Directory, specifying IP addresses and port numbers for both entities.

ManagerTransport mt = new ManagerTransport(<ip>, <port>);
JNDIDirectory jndiDir = new JNDIDirectory(<ip>, <port>);
user.setConnections(jndiDir, mt);

The default timers are set to 0 (no limit). This can cause long wait times if your environment has network-related issues. Use the setters to set reasonable timer values for your network.

Instantiating a PKCS #12 writer

Instantiate a PKCS12Writer object.

com.entrust.toolkit.credentials.FilenameProfileReader reader = new FilenameProfileReader(<epf file>);
com.entrust.toolkit.credentials.PKCS12Writer writer = new PKCS12Writer(new FileOutputStream(p12), PKCS12Writer.SIGNING_AND_DECRYPTION_KEYS, 10000);
user.setCredentialWriter(writer);

The PKCS12Writer constructor requires the following arguments.

  • The output stream to which you want to write the PKCS #12 file,

  • The type of keys you want to export, as one of the following values:

    • PKCS12Writer.SIGNING_KEY

    • PKCS12Writer.DECRYPTION_KEY

    • PKCS12Writer.SIGNING_AND_DECRYPTION_KEYS

    • PKCS12Writer.ALL_LATEST_KEYS

    • PKCS12Writer.ALL_KEYS

  • The hash count you want to use to protect the PKCS #12 file—should be 10000 unless you are using old or slow equipment and significant loss of performance occurs.

Setting the credential writer

Set the credential writer.

user.setCredentialWriter(writer);

Logging the user

Log in the user with the selected credentials.

user.login(credReader, <password>);

Exporting the credentials

Export the PKCS #12 file using the following method.

user.write();