Package org.forgerock.secrets.keys

Class KeyFormatPem

java.lang.Object
org.forgerock.secrets.keys.KeyFormatPem
All Implemented Interfaces:
KeyFormat<String>
public final class KeyFormatPem extends Object implements KeyFormat<String>
Exports a key in the PEM (Privacy Enhanced Mail) format. This is the base64-encoded ASN.1 DER binary encoding of the key surrounded by markers identifying the beginning and end of the key. The correct headers are produced to allow software to parse these keys directly. To convert to PKCS#1 you can use OpenSSL: 

      openssl pkcs8 -nocrypt -in pkcs8key.pem -out pkcs1key.pem

See Also:

  • Field Details

    • WITHOUT_CERTIFICATE

      public static final KeyFormatPem WITHOUT_CERTIFICATE
      Exports the key material without any associated certificate.

    • WITH_CERTIFICATE

      public static final KeyFormatPem WITH_CERTIFICATE
      Exports the key material with the certificate as well. The certificate will be exported before the key.

  • Constructor Details

    • KeyFormatPem

      public KeyFormatPem(boolean includeCertificate)
      Constructs a new PEM key format that does not encrypt private keys. This should only be used if either no private key material is being exported or it will never be exposed to untrusted sources.
      Parameters:
      includeCertificate - whether to include any certificate associated with the key in the PEM.

  • Method Details

    • export

      public String export(CryptoKey key, Key rawKey)
      Description copied from interface: KeyFormat
      Exports the given crypto key and raw key material.
      Specified by:
      export in interface KeyFormat<String>
      Parameters:
      key - the crypto key.
      rawKey - the raw key material.
      Returns:
      the exported key material in the given format.