Skip to content
This repository has been archived by the owner on Mar 29, 2023. It is now read-only.

Tool to generate PKCS12 key store from ITSG Trust Center certificates.

License

Notifications You must be signed in to change notification settings

alex-therapeutics/secon-keystore-generator

 
 

Repository files navigation

SECON KeyStore Generator

CI Actions Status

This tool generates a PKCS12 key store containing public certificates published by the ITSG Trust Center. The generated key store can for example be used by Diga API Client or secon-tool.

Usage

Download the latest generator release from here and download the latest annahme-rsa4096.key file from ITSG Trust Center website (direct link to key).

Public certificates keystore

Use the following command to generate a key store containing all the public certificatse. It will prompt you for a password which will be used to secure the key store.

java -jar secon-keystore-generator-<version>.jar -k <insurance-keys-input-filename> -s <key-store-output-filename>

Public certificates and your private certificate keystore

You can also generate a key store containing all public certificates and also embed your private certificate.

For example, this could be used as the only certificate file you need to use the DiGA API Client.

To do this, you also need these files:

  • Your private key. This must be a PKCS1 .pem file which only contains the private key. It should start with -----BEGIN RSA PRIVATE KEY----- When you created your keys to send to ITSG, you saved this somewhere.
  • The certificate chain you received from ITSG. When ITSG approves your certificate application they send you some files. There should be a .p7c file there which contains your private certificate chain.
java -jar secon-keystore-generator-<version>.jar \\
    -k <insurance-keys-input-filename> \\
    -s <key-store-output-filename> \\
    -p <private-key-filename> \\
    -c <private-certificate-chain-filename>

for example

java -jar secon-keystore-generator.jar -k annahme-rsa4096.key -p my.prv.key.pem -c my.chain.p7c

will prompt you for a password, and generate a file called certificates.p12 which contains all public certificates as well as your private certificate with the alias private.

License

MIT

About

Tool to generate PKCS12 key store from ITSG Trust Center certificates.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Java 100.0%