Lab 6 Exercise 3

Learn how to accessing OpenSSL keys from Java.

OpenSSL and Java use different formats to store private keys. Java is using PKCS#8 and OpenSSL is using its own format. To convert keys between these formats, use OpenSSL PKCS8 tool:

Here is an example of how to convert a DER-encoded private key (as generated by KeyTool) to the format suitable for OpenSSL:

    openssl pkcs8 -in priv.der -inform DER -out priv.pem -outform PEM


  1. Find out how to convert OpenSSL key to be used in Java.
  2. Read the converted key in as Java object.
  3. Inspect created object, compare extracted data with original key.
  4. Verify certificate
    • Make sure certificate is within its validity period (dates are okay)
    • Make sure signature can be verified with a proper public key


  • Check out
  • Check out
  • Use Util.readFile() from homework 1
  • Use and modify KeyGeneratorDemo class code from lab 3
Page edit