I am generating Elliptic Curve Private and Public keys. After this, I generate certificate and create a Java Key Store (JKS) with this same private key and certificate. I have used the following commands:
openssl ecparam -name prime256v1 -genkey -noout -out private-key.pem
openssl ec -in private-key.pem -pubout -out public-key.pem
openssl req -new -x509 -key private-key.pem -out cert.pem -days 360
openssl pkcs12 -export -inkey private-key.pem -in cert.pem -name consumer-connector -out vault-filesystem-keystore.p12
keytool -importkeystore -srckeystore vault-filesystem-keystore.p12 -srcstoretype pkcs12 -destkeystore vault-filesystem-keystore.jks
Now, the problem is that in Keystore Explorer, when I try to export the private key after selecting "OpenSSL" as the Export Private Key Option as can be seen in the below image, the private key that I exported is not equal to the private key that was generated in the beginning
The private key generated after the 1st command was this
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEICxNNxwW1iXRv6n6RnlOhxuVCDFrwLrIDtX6qM7CYtXtoAoGCCqGSM49
AwEHoUQDQgAEkYGETlRgz8C6p7MzwOTm+fRULtIGKYj3La3cICqGmVMyXTRl1fi9
HmrmXaxGGQ1Q9sEcHPm+wAnmKLF+KNJ6Ag==
-----END EC PRIVATE KEY-----
but the private key that I got after exporting it from the java key store using the Keystore Explorer was this:
-----BEGIN EC PRIVATE KEY-----
MGsCAQEEICxNNxwW1iXRv6n6RnlOhxuVCDFrwLrIDtX6qM7CYtXtoUQDQgAEkYGE
TlRgz8C6p7MzwOTm+fRULtIGKYj3La3cICqGmVMyXTRl1fi9HmrmXaxGGQ1Q9sEc
HPm+wAnmKLF+KNJ6Ag==
-----END EC PRIVATE KEY-----
As can be seen that there is a small change in both keys. I am also loading the keys of the java keystore in my Java application and in my code, when I load the keys from this Java Keystore in PEM format, I get the key that I obtained after exporting it from the Keystore explorer that slightly differs from the actual key due to this I get exceptions and my application is unable to parse the keys. My Java Code is given below:
public static void loadKeyStore() throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException, UnrecoverableEntryException {
KeyStore ks = KeyStore.getInstance("JKS");
InputStream readStream = Main.class.getResourceAsStream("/vault-filesystem-keystore.jks");
ks.load(readStream, "password".toCharArray());
KeyStore.PrivateKeyEntry keyEnt = (KeyStore.PrivateKeyEntry) ks.getEntry("consumer-connector",
new KeyStore.PasswordProtection("password".toCharArray()));
PrivateKey privateKey = keyEnt.getPrivateKey();
ECPrivateKey ecPrivateKey = (ECPrivateKey)privateKey;
var writer = new StringWriter();
try (var jcaPEMWriter = new JcaPEMWriter(writer)) {
jcaPEMWriter.writeObject(ecPrivateKey);
} catch (IOException e) {
}
String privateKeyInPEMFormat = writer.toString();
System.out.println(privateKeyInPEMFormat);
}
I have already spent a lot of time to figure out this issue. Can anyone tell me how to fix this problem or what I am doing wrong? why the exported private key from the keystore is not exactly equal to the actual private key generated using the first command.
Finally, I have solved the problem. Instead of using the commands, in the end I had to generate keypairs using Keystore Explorer and now things are working. Now my private key loads successfully in my application. Spent a complete day on figuring it out but in the end, solution was that much simple. Still could not figure out why the loaded key does not match the actual private key if I create keystore using the above commands but anyway I have found another way.