Tcl
Tcl
Load a JWK Set into a JCEKS (Convert JWK Set to JCEKS)
See more Java KeyStore (JKS) Examples
Demonstrates how to convert JSON Web Key Sets to JCEKS format.This example uses the JWK sample files that you may download from Sample JWK Sets
This example requires Chilkat v9.5.0.66 or greater.
Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# IMPORTANT: This example requires Chilkat v9.5.0.66 or greater.
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
set jceks [new_CkJavaKeyStore]
# First load the following JWK Set (found in secretKeys.json)
# {
# "keys": [
# {
# "kty": "oct",
# "alg": "AES",
# "k": "vHekQQB0Gc1NvppapUTW2g",
# "kid": "my aes key"
# },
# {
# "kty": "oct",
# "alg": "BLOWFISH",
# "k": "qHsdXaJsXicVCZbK8l8hJQpYOa0GkiO9gsRK9WLtht8",
# "kid": "my blowfish key"
# },
# {
# "kty": "oct",
# "alg": "HMAC_SHA256",
# "k": "VGhpcyBpcyBteSBITUFDIGtleQ",
# "kid": "my hmac key"
# },
# {
# "kty": "oct",
# "alg": "CHACHA",
# "k": "yNv832U43C9BcWvaQAH2_rG-GwfmpgT5JBRllWGQY1o",
# "kid": "my chacha20 key"
# }
# ]
# }
set jwkSet [new_CkJsonObject]
set success [CkJsonObject_LoadFile $jwkSet "qa_data/jwk/secretKeys.json"]
if {$success != 1} then {
puts [CkJsonObject_lastErrorText $jwkSet]
delete_CkJavaKeyStore $jceks
delete_CkJsonObject $jwkSet
exit
}
# The password is applied to each of the keys in the set.
# (It is the password that will be required to access the item after the JCEKS is opened.)
set password "secret"
set success [CkJavaKeyStore_LoadJwkSet $jceks $password $jwkSet]
if {$success != 1} then {
puts [CkJavaKeyStore_lastErrorText $jceks]
delete_CkJavaKeyStore $jceks
delete_CkJsonObject $jwkSet
exit
}
# Write the JCEKS to a file, then examine with a tool such as the KeyStore Explorer
# to verify that all is OK. (The "kid" becomes the alias of each key.)
set filePassword "secret2"
set success [CkJavaKeyStore_ToFile $jceks $filePassword "qa_output/secretKeys.jceks"]
if {$success != 1} then {
puts [CkJavaKeyStore_lastErrorText $jceks]
delete_CkJavaKeyStore $jceks
delete_CkJsonObject $jwkSet
exit
}
# -------------------------------------------------------------------------
# Now load a JWK Set that contains one ECC private key (and certs)
# This is the JSON that is loaded from ecc_jwkset.json:
# {
# "keys": [
# {
# "kty": "EC",
# "crv": "P-384",
# "x": "uB62JGMJKXnp1PNsOOIYKGhrzfLev3O-UuthL6UzEqNNDTd8dEYMUQP_DTS3qk98",
# "y": "gyQEFxdmZUsPF0fFokkZZ1cV6z7QD3MsPvSjrBzB0GUB3r8CLnDK_F4pF2Q995hr",
# "d": "ugTy2ZpuQqv1uQyLSgz1SPRvngzrd5vLyzU2ICaJd25zZRIxxlNR-uFo9UWC6llt",
# "kid": "my_ecc_key",
# "x5c": [
# "MIICzjCCAlOgAwIBAgIETULS8zAKBggqhkjOPQQDAzBtMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEfMB0GA1UECxMWRm9yIFRlc3QgUHVycG9zZXMgT25seTElMCMGA1UEAxMcRW50cnVzdCBFQ0MgRGVtb25zdHJhdGlvbiBDQTAeFw0xNjAzMTgxMjM5MzFaFw0xNjA1MTcxMzA5MzFaMFgxHzAdBgNVBAsTFkZvciBUZXN0IFB1cnBvc2VzIE9ubHkxHTAbBgNVBAsTFFBlcnNvbmEgTm90IFZlcmlmaWVkMRYwFAYDVQQDEw1DaGlsa2F0IEFkbWluMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEuB62JGMJKXnp1PNsOOIYKGhrzfLev3O+UuthL6UzEqNNDTd8dEYMUQP/DTS3qk98gyQEFxdmZUsPF0fFokkZZ1cV6z7QD3MsPvSjrBzB0GUB3r8CLnDK/F4pF2Q995hro4HYMIHVMA4GA1UdDwEB/wQEAwIDiDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5lbnRydXN0LmNvbS9DUkwvZWNjZGVtby5jcmwwIAYDVR0RBBkwF4EVYWRtaW5AY2hpbGthdHNvZnQuY29tMB8GA1UdIwQYMBaAFCQFS+Fkghr4Ccz7eHkh+nDmkzLqMB0GA1UdDgQWBBTB82fmvrdG2iX5uS/agVW3L4DisjAJBgNVHRMEAjAAMAoGCCqGSM49BAMDA2kAMGYCMQCHILghMprWoYPEp9mCE+tpVE7vYwkFV3m0RDzT2BSUezL8Ky78XNk+XPqSB2biT70CMQDCase1oaPY4AxCmjB+rEB1ir+QS8mrtF+iCSqHVv1aIxT6abQL57BZSdvwIm/TT8o=",
# "MIICljCCAhugAwIBAgIETUHhezAKBggqhkjOPQQDAzBtMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEfMB0GA1UECxMWRm9yIFRlc3QgUHVycG9zZXMgT25seTElMCMGA1UEAxMcRW50cnVzdCBFQ0MgRGVtb25zdHJhdGlvbiBDQTAeFw0xMTAxMjcyMDQ5NTRaFw0zNjAxMjcyMTE5NTRaMG0xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMR8wHQYDVQQLExZGb3IgVGVzdCBQdXJwb3NlcyBPbmx5MSUwIwYDVQQDExxFbnRydXN0IEVDQyBEZW1vbnN0cmF0aW9uIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEhCWBpuJuzvRtQyibkcbCj7EkcwAqS2EqRQ/QntroTdRM2SssEN4TruTxtwcY/7lR64L6Tfjz3+ujrfjNFss3EWVpUlbOJ+xHC3xHPteNyAGZtHbZO3tVuhP6yX6dFqCCo4GLMIGIMCsGA1UdEAQkMCKADzIwMTEwMTI3MjA0OTU0WoEPMjAzNjAxMjcyMTE5NTRaMAsGA1UdDwQEAwIBBjAfBgNVHSMEGDAWgBQkBUvhZIIa+AnM+3h5Ifpw5pMy6jAdBgNVHQ4EFgQUJAVL4WSCGvgJzPt4eSH6cOaTMuowDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAwNpADBmAjEAyAhA70OIb6lbfN6kOTQloHyCLmihNK+PT5wOuaMR//KSQP2c/H18YhDYnlwMxF9fAjEA0URaJOXMF0qwdvS2rm7N5PWMLc/4BbeOZyZ94XJiG5u96iTgp6N9JI0MMmCQE87N"
# ]
# }
# ]
# }
set success [CkJsonObject_LoadFile $jwkSet "qa_data/jwk/ecc_jwkset.json"]
if {$success != 1} then {
puts [CkJsonObject_lastErrorText $jwkSet]
delete_CkJavaKeyStore $jceks
delete_CkJsonObject $jwkSet
exit
}
set password "secret"
set success [CkJavaKeyStore_LoadJwkSet $jceks $password $jwkSet]
if {$success != 1} then {
puts [CkJavaKeyStore_lastErrorText $jceks]
delete_CkJavaKeyStore $jceks
delete_CkJsonObject $jwkSet
exit
}
set filePassword "secret2"
set success [CkJavaKeyStore_ToFile $jceks $filePassword "qa_output/ecc.jceks"]
if {$success != 1} then {
puts [CkJavaKeyStore_lastErrorText $jceks]
delete_CkJavaKeyStore $jceks
delete_CkJsonObject $jwkSet
exit
}
puts "Success."
delete_CkJavaKeyStore $jceks
delete_CkJsonObject $jwkSet