See below for how to log in to a key store to retrieve keys and certificates.

Obtaining the user password

Prompt the user for the password.

SecureStringBuffer pwd = new SecureStringBuffer(...);

A user's password must contain the following.

at least 8 characters
at least one uppercase character
at least one lowercase character
at least one numeric character

A user's password may contain the following.

non-alpha-numeric characters
uppercase and lowercase characters
spaces
repeated characters

By default, a user's password has no expiry date, but if a user changes a password, it cannot be the same as one of the previous eight passwords chosen by that user.

Creating a user

Create a user object.

com.entrust.toolkit.User user = new User();

Connecting to the key management server

Connect to the CA key management server and the Directory, specifying IP addresses and port numbers for both entities.

ManagerTransport mt = new ManagerTransport(<ip>, <port>);
JNDIDirectory jndiDir = new JNDIDirectory(<ip>, <port>);
user.setConnections(jndiDir, mt);

The default timers are set to 0 (no limit). This can cause long wait times if your environment has network-related issues. Use the setters to set reasonable timer values for your network.

Logging the user

Log in the user with the selected credentials.

user.login(credReader, <password>);

Loading the key store

Create an instance of the java.security.KeyStore class.

KeyStore keyStore = KeyStore.getInstance("Entrust");

If you have not installed the Entrust Cryptographic Service Provider (CSP), the method will throw a KeyStoreException indicating that the Entrust key store type is not available.

Load a key store.

keyStore.load(new FileInputStream(<ini_file_path>), 
password.toCharArray());

Where password is an instance of the SecureStringBuffer class.

Retrieving keys and certificates

Retrieve the encryption public key and encryption public certificate from the key store.

Key encryptionKey= keyStore.getKey("encryption", null);
Certificate[] encryptionCertChain = keyStore.getCertificateChain("encryption");
Certificate encryptionCert = keyStore.getCertificate("encryption");

Retrieve the signing private key and verification public certificate from the key store.

Key signingKey = keyStore.getKey("signing", null);
Certificate[] signingCertChain = keyStore.getCertificateChain("signing");
Certificate signingCert = keyStore.getCertificate("signing");

Retrieve certificates from the certificate repository.

Certificate c1 = keyStore.getCertificate(<DN>);
Certificate c3 = keyStore.getCertificate(<DN>);
Certificate c6 = keyStore.getCertificate(<DN>);
Certificate c7 = keyStore.getCertificate(<DN>);

If you have established a connection to a certificate repository, you can retrieve certificates using the distinguished name (DN) of the entity to whom the certificate belongs.

Writing certificates

Write the encryption and verification certificates to a read/write certificate store.

keyStore.setCertificateEntry("encCert", encryptionCert);
keyStore.setCertificateEntry("sigCert", signingCert);

Verify that the certificates were written to the certificate store.

if(keyStore.getCertificate("sigCert") != null && keyStore.getCertificate("encCert") != null)
{
  System.out.println("All certificates could be read from the read/write certificate store.");
}
else
{
  System.out.println("All certificates could not be read from the read/write certificate store.");
}

Write the key store.

keyStore.store(null, null);

Close the connection.

keyStore.store(null, EntrustKeyStoreSpi.CLOSE_KEY_STORE);