{"id":15065999,"url":"https://github.com/ctron/pem-keystore","last_synced_at":"2025-04-09T23:17:57.515Z","repository":{"id":39711774,"uuid":"133832297","full_name":"ctron/pem-keystore","owner":"ctron","description":"A PKCS #1 PEM KeyStore for Java","archived":false,"fork":false,"pushed_at":"2024-11-18T09:43:37.000Z","size":134,"stargazers_count":40,"open_issues_count":5,"forks_count":10,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-04-09T23:17:50.723Z","etag":null,"topics":["certificate","java","kubernetes","letsencrypt","openshift","pem","pkcs1","ssl","tls"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"epl-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ctron.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-05-17T15:21:18.000Z","updated_at":"2024-11-18T09:43:41.000Z","dependencies_parsed_at":"2023-12-22T14:02:31.533Z","dependency_job_id":"ea510574-5241-40a4-81c7-16285407d037","html_url":"https://github.com/ctron/pem-keystore","commit_stats":{"total_commits":88,"total_committers":7,"mean_commits":"12.571428571428571","dds":"0.19318181818181823","last_synced_commit":"8f277cec3d375ff5ded88c65091e77ef6a8ab0f7"},"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ctron%2Fpem-keystore","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ctron%2Fpem-keystore/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ctron%2Fpem-keystore/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ctron%2Fpem-keystore/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ctron","download_url":"https://codeload.github.com/ctron/pem-keystore/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248125593,"owners_count":21051771,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certificate","java","kubernetes","letsencrypt","openshift","pem","pkcs1","ssl","tls"],"created_at":"2024-09-25T00:59:19.296Z","updated_at":"2025-04-09T23:17:57.489Z","avatar_url":"https://github.com/ctron.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# PKCS #1 PEM KeyStore for Java [![CI](https://github.com/ctron/pem-keystore/actions/workflows/maven.yaml/badge.svg)](https://github.com/ctron/pem-keystore/actions/workflows/maven.yaml) [![Maven Central](https://img.shields.io/maven-central/v/de.dentrassi.crypto/pem-keystore.svg \"Maven Central Status\")](http://search.maven.org/#search|gav|1|g%3A%22de.dentrassi.crypto%22%20AND%20a%3A%22pem-keystore%22)\n\n\nWorking with PKCS #1 PEM based certificates in Java is an itch. Here is the scratch.\n\n## Adding the dependency\n\nInclude the project into your application (e.g. with Maven):\n\n~~~xml\n\u003cdependency\u003e\n  \u003cgroupId\u003ede.dentrassi.crypto\u003c/groupId\u003e\n  \u003cartifactId\u003epem-keystore\u003c/artifactId\u003e\n  \u003cversion\u003e3.0.0\u003c/version\u003e \u003c!-- check for most recent version --\u003e\n\u003c/dependency\u003e\n~~~\n\n## The security Provider\n\nThe project acts as a Java security provider. Providing only a `KeyStore`\nimplementation. However, you need to make Java aware of the security provider.\nThere are several ways to do this:\n\n### Via direct invocation\n\nYou can manually specify the security provider:\n\n~~~java\nKeyStore keyStore = KeyStore.getInstance(\"PEM\", new PemKeyStoreProvider() );\n~~~\n\nThis way the security provider will only be used for this single call.\n\n### Via manual registration\n\nYou can manually register the security provider at the start of your application:\n\n~~~java\nSecurity.addProvider(new PemKeyStoreProvider());\nKeyStore keyStore = KeyStore.getInstance(\"PEM\");\n~~~\n\nThis will make the provider available to the whole application. As this provider\ncurrently is the only provider supporting `PEM` at the moment, the order is not\nimportant. But you can always use `Security.insertProviderAt` instead:\n\n~~~java\nSecurity.insertProviderAt(new PemKeyStoreProvider(), 10);\n~~~\n\n### Via configuration\n\nIt is also possible to configure the provider in `\u003cJRE\u003e/conf/security/java.security` file.\nAlso see: https://docs.oracle.com/javase/10/security/howtoimplaprovider.htm#GUID-831AA25F-F702-442D-A2E4-8DA6DEA16F33\n\n## Using it\n\nThe basic usage of the PEM KeyStore is:\n\n~~~java\nKeyStore keyStore = KeyStore.getInstance(\"PEM\");\ntry ( InputStream in = … ) {\n  keyStore.load ( in, null );\n}\n\n// Use X509Certificates from the KeyStore\n~~~\n\nBut the reality is more complex of course ;-)\n\n### Reading Key/Cert from two files\n\nSometimes, like when using OpenShift, key and certificate come in two different files.\nHowever the whole \"KeyStore\" construct is built around the idea that only one file/resource\nexists, which stores the information.\n\nFor this case, or also for Let's Encrypt, you can use the `PEMCFG` KeyStore type. It is\nvariation of the `PEM` store and initially loads a Java properties while, which then\npoints towards the different files to load.\n\nA properties file looks like:\n\n~~~\nalias=alias-name\nsource.key=/etc/tls/tls.key\nsource.cert=/etc/tls/tls.crt\n~~~\n\nThe `alias` property defines under which alias the key/cert will be provided. Every\nproperty key starting with `source.` will be used a file system path to load an\nadditional source. Certificates will be chained together and presented alongside the key.\n\nThe remainder of the key, the part after the `source.`, will be ignored.\n\n### Reading a CA bundle\n\nJava keystores can either store one or more certificate chains. Java only uses the tip\nof the chain as a trusted certificate. So when you have a PKCS #1 PEM file, it is not clear\nif this is a chain of certificates, or a set of root certificates to trust.\n\nBy default, certificates get chained together when read. However, the `PEMCA` Keystore will\nstore certificates individually:\n\n~~~java\nKeyStore keyStore = KeyStore.getInstance(\"PEMCA\");\ntry ( InputStream in = … ) {\n  keyStore.load ( in, null );\n}\n\n// Use X509Certificates from the KeyStore\n~~~\n\nIn this case the alias will be used as a prefix, and the entries will be named `\u003calias\u003e-#`,\nwhere `#` is an increasing index, starting with `0` (zero).\n \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fctron%2Fpem-keystore","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fctron%2Fpem-keystore","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fctron%2Fpem-keystore/lists"}