Sample code for 30+ languages & platforms
Pascal (Lazarus/Delphi)

Create JCEKS Containing Secret Keys

See more Java KeyStore (JKS) Examples

Demonstrates how to create a JCEKS keystore file containing symmetric secret keys (for AES, Blowfish, HMAC SHA25, ChaCha20, etc.)

This example requires Chilkat v9.5.0.66 or greater.

Chilkat Pascal (Lazarus/Delphi) Downloads

Pascal (Lazarus/Delphi)
program ChilkatDemo;

// Demonstrates using the Chilkat Pascal wrapper via the C bridge DLL.
// Builds as a console application under Lazarus (FPC) or Delphi.

{$IFDEF FPC}
  {$MODE DELPHI}
{$ENDIF}
{$APPTYPE CONSOLE}

uses
  {$IFDEF UNIX}
  cthreads,
  {$ENDIF}
  SysUtils,
  CkDllLoader,
  Chilkat.JavaKeyStore,
  Chilkat.Prng,
  Chilkat.StringBuilder,
  Chilkat.JsonObject;

// ---------------------------------------------------------------------------

procedure RunDemo;
var
  success: Boolean;
  jceks: TJavaKeyStore;
  prng: TPrng;
  aesKey: string;
  blowfishKey: string;
  hmacKey: string;
  chachaKey: string;
  encoding: string;
  password: string;
  filePassword: string;
  sbJson: TStringBuilder;
  json: TJsonObject;

begin
  success := False;

  //  IMPORTANT: This example requires Chilkat v9.5.0.66 or greater.

  //  This example requires the Chilkat API to have been previously unlocked.
  //  See Global Unlock Sample for sample code.

  jceks := TJavaKeyStore.Create;

  //  We'll need a pseudo-random number generator (PRNG) to generate symmetric keys.
  prng := TPrng.Create;

  //  Generate some keys..

  //  128-bit AES key (16 bytes)
  aesKey := prng.GenRandom(16,'base64');

  //  256-bit Blowfish key (32 bytes)
  blowfishKey := prng.GenRandom(32,'base64');

  //  HMAC SHA256 key
  //  (An HMAC key can be anything, and any length. We'll use the following string:
  hmacKey := 'This is my HMAC key';

  //  ChaCha20 256-bit
  chachaKey := prng.GenRandom(32,'base64');

  //  Add each secret key to the JCEKS
  encoding := 'base64';
  password := 'secret';
  jceks.AddSecretKey(aesKey,encoding,'AES','my aes key',password);
  jceks.AddSecretKey(blowfishKey,encoding,'BLOWFISH','my blowfish key',password);
  //  For HMAC, we're using the us-ascii bytes for the key..
  jceks.AddSecretKey(hmacKey,'ascii','HMAC_SHA256','my hmac key',password);
  jceks.AddSecretKey(chachaKey,encoding,'CHACHA','my chacha20 key',password);

  filePassword := 'password';
  //  Write the JCEKs to a file.
  success := jceks.ToFile(filePassword,'qa_output/secretKeys.jceks');
  if (success <> True) then
    begin
      WriteLn(jceks.LastErrorText);
      Exit;
    end;

  //  We can also emit as a JWK Set..
  sbJson := TStringBuilder.Create;
  success := jceks.ToJwkSet('secret',sbJson);
  if (success <> True) then
    begin
      WriteLn(jceks.LastErrorText);
      Exit;
    end;

  //  Emit the JSON in pretty-printed (indented) form:
  json := TJsonObject.Create;
  json.LoadSb(sbJson);
  json.EmitCompact := False;
  WriteLn(json.Emit());

  //  Output is:

  //  { 
  //    "keys": [
  //      { 
  //        "kty": "oct",
  //        "alg": "AES",
  //        "k": "vHekQQB0Gc1NvppapUTW2g",
  //        "kid": "my aes key"
  //      },
  //      { 
  //        "kty": "oct",
  //        "alg": "BLOWFISH",
  //        "k": "qHsdXaJsXicVCZbK8l8hJQpYOa0GkiO9gsRK9WLtht8",
  //        "kid": "my blowfish key"
  //      },
  //      { 
  //        "kty": "oct",
  //        "alg": "HMAC_SHA256",
  //        "k": "VGhpcyBpcyBteSBITUFDIGtleQ",
  //        "kid": "my hmac key"
  //      },
  //      { 
  //        "kty": "oct",
  //        "alg": "CHACHA",
  //        "k": "yNv832U43C9BcWvaQAH2_rG-GwfmpgT5JBRllWGQY1o",
  //        "kid": "my chacha20 key"
  //      }
  //    ]
  //  }
  //  


  jceks.Free;
  prng.Free;
  sbJson.Free;
  json.Free;

end;

// ---------------------------------------------------------------------------

begin

  try
    RunDemo;
  except
    on E: Exception do
      WriteLn('Unhandled exception: ', E.ClassName, ': ', E.Message);
  end;

  WriteLn;
  {$IFDEF MSWINDOWS}
  WriteLn('Press Enter to exit...');
  ReadLn;
  {$ENDIF}
end.