Extract Public/Private Keys and Certs from PFX into String Variables

Demonstrates how to export certificates and public/private keys from a PFX file into in-memory strings.

Download Chilkat Java Library

import com.chilkatsoft.*;

public class ChilkatExample {

  static {
    try {
        System.loadLibrary("chilkat");
    } catch (UnsatisfiedLinkError e) {
      System.err.println("Native code library failed to load.\n" + e);
      System.exit(1);
    }
  }

  public static void main(String argv[])
  {
    boolean success;
    CkCertStore certStore = new CkCertStore();

    //  Load the PFX file into a certificate store object
    String password;
    password = "*myPassword2*";
    success = certStore.LoadPfxFile("chilkat.pfx",password);
    if (success != true) {
        System.out.println(certStore.lastErrorText());
        return;
    }

    int i;
    int numCerts;
    numCerts = (int) certStore.get_NumCertificates();

    //  Loop over each certificate in the PFX.
    CkCert cert;
    String fname;
    for (i = 0; i <= numCerts - 1; i++) {

        cert = certStore.GetCertificate(i);

        System.out.println(cert.subjectDN());
        System.out.println("---");

        String encodedCert;
        encodedCert = cert.getEncoded();

        //  This string may now be stored in a relational database string field.
        //  To re-create the cert, do this:
        CkCert cert2 = new CkCert();
        cert2.SetFromEncoded(encodedCert);

        //  Does this cert have a private key?
        if (cert.HasPrivateKey() == true) {

            //  Get the private key.
            CkPrivateKey pvkey;
            pvkey = cert.ExportPrivateKey();

            //  The private key can be exported into
            //  a string in PKCS8, RSA PEM, or XML format:
            String pemPvKey;
            String pkcs8PvKey;
            String xmlPvKey;

            pemPvKey = pvkey.getRsaPem();
            pkcs8PvKey = pvkey.getPkcs8Pem();
            xmlPvKey = pvkey.getXml();

            System.out.println(pemPvKey);
            System.out.println(pkcs8PvKey);
            System.out.println(xmlPvKey);

            //  Any of these formatted strings may
            //  be stored in a relational database field.
            //  to restore, call LoadPem or LoadXml
            //  LoadPem accepts either RSA PEM or
            //  PKCS8 PEM:
            CkPrivateKey pvKey2 = new CkPrivateKey();

            pvKey2.LoadPem(pemPvKey);
            pvKey2.LoadPem(pkcs8PvKey);
            pvKey2.LoadXml(xmlPvKey);

        }

        //  Now for the public key:
        CkPublicKey pubkey;
        pubkey = cert.ExportPublicKey();

        //  It can be exported to a string as OpenSSL PEM
        //  or XML:
        String pubKeyPem;
        String pubKeyXml;

        pubKeyPem = pubkey.getOpenSslPem();
        pubKeyXml = pubkey.getXml();

        System.out.println(pubKeyPem);
        System.out.println(pubKeyXml);

        //  To re-load a PublicKey object, call LoadXml
        //  or LoadOpenSslPem:
        CkPublicKey pubKey2 = new CkPublicKey();

        pubKey2.LoadOpenSslPem(pubKeyPem);
        pubKey2.LoadXml(pubKeyXml);
        fname = "pubkey" + Integer.toString(i) + "_openSsl.der";
        pubkey.SaveOpenSslDerFile(fname);

    }

    //  The Chilkat Certificate, Certificate Store, Private Key,
    //  Public Key, and Key Container classes / objects are freeware.

    //  They are used by and included with the Chilkat Email,
    //  Crypt, S/MIME, and other commercial Chilkat components.

  }
}