<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Need help on calling the CertStoreAddKey webservice in Intel® Business Client Software Development</title>
    <link>https://community.intel.com/t5/Intel-Business-Client-Software/Need-help-on-calling-the-CertStoreAddKey-webservice/m-p/899745#M4499</link>
    <description>&lt;P&gt;Happy your code is working now.&lt;/P&gt;
&lt;P&gt;Thanks for sharing how you resolved it.&lt;/P&gt;</description>
    <pubDate>Mon, 01 Mar 2010 15:58:10 GMT</pubDate>
    <dc:creator>Lance_A_Intel</dc:creator>
    <dc:date>2010-03-01T15:58:10Z</dc:date>
    <item>
      <title>Need help on calling the CertStoreAddKey webservice</title>
      <link>https://community.intel.com/t5/Intel-Business-Client-Software/Need-help-on-calling-the-CertStoreAddKey-webservice/m-p/899735#M4489</link>
      <description>&lt;P&gt;Hi All,&lt;/P&gt;
&lt;P&gt;I am trying to provision the iAMT device in PKI TLS Mutual Authentication mode through a sample java provisioning server code written using Axis 1.3 stubs. After the provisioning, I am seeing in the management console that it receives the self-signed certificate from the iAMT device for the TLS mutual authetication, not the one that i have set through certStoreAddCertificate, certStoreAddKey and setTLSCredentials webservice calls. When i debugged it further, certStoreAddKey returned the status 0x80E(PT_STATUS_INVALID_KEY) while provisioning. I think this is the issue. When i looked at the iAMT Network Interface guide, it looks we need to pass the private key in the encoded as DER PKCS#1 format. Could you please let me how to pass the private key in Java in this format? If you provide me java samples, it will be great.&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;
&lt;P&gt;Thanks,&lt;/P&gt;
&lt;P&gt;Periyasamy&lt;/P&gt;</description>
      <pubDate>Fri, 05 Feb 2010 14:00:02 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Business-Client-Software/Need-help-on-calling-the-CertStoreAddKey-webservice/m-p/899735#M4489</guid>
      <dc:creator>peri</dc:creator>
      <dc:date>2010-02-05T14:00:02Z</dc:date>
    </item>
    <item>
      <title>Need help on calling the CertStoreAddKey webservice</title>
      <link>https://community.intel.com/t5/Intel-Business-Client-Software/Need-help-on-calling-the-CertStoreAddKey-webservice/m-p/899736#M4490</link>
      <description>&lt;P&gt;Hi Periyasamy&lt;/P&gt;
&lt;P&gt;The Intel Wsman-Translator (http://www.intel.com/software/wsman-translator) has .NET/C# source code that does this in a file called KeyFormatter.cs. The wsman-translator source is publicly available and can be converted to Java.&lt;/P&gt;
&lt;P&gt;Below is an example of how to do this in Java. First you need to load the private key from a Java Key store. This should result in a java.secutiry.key object. Since you created the certificate I assume you have access to the private key from whatever store you are using. Below is an example of loading the private key from a keystore that you might find useful.&lt;/P&gt;
&lt;P&gt;java.security.KeyStore pfx = java.security.KeyStore.getInstance("pkcs12");&lt;/P&gt;
&lt;P&gt;//example of opening up the key store (in this example its a pkcs12 file with a password of 123)&lt;/P&gt;
&lt;P&gt;pfx.load(new java.io.FileInputStream(file), "123".toCharArray());&lt;/P&gt;
&lt;P&gt;// Find the alias names in the keystore&lt;/P&gt;
&lt;P&gt;// Note: key stores with one certificate and key will just have one alias&lt;/P&gt;
&lt;P&gt;String alias=null;&lt;/P&gt;
&lt;P&gt;for (java.util.Enumeration e = pfx.aliases(); e.hasMoreElements();) {&lt;/P&gt;
&lt;P&gt;alias= e.nextElement().toString();&lt;/P&gt;
&lt;P&gt;}&lt;/P&gt;
&lt;P&gt;// get the certificate and private key from the store&lt;/P&gt;
&lt;P&gt;java.security.cert.Certificate cert = pfx.getCertificate(alias);&lt;/P&gt;
&lt;P&gt;String cerData = WsmanUtils.getBase64String(cert.getEncoded());&lt;/P&gt;
&lt;P&gt;java.security.Key key = pfx.getKey(alias, "123".toCharArray());&lt;/P&gt;
&lt;P&gt;Now lets convert the covert the java.security.Key object into a base64 encoded string that AMT will accept as an argument its soap commands. AMT expects the key in ASN.1 DER and can handle key sizes of 1535, 1024, or 2048. In order to compile this example you will need a base64 encoding routine. I cant warranty this Java covertionexample but have tested againstserveral keys. If you have any issues you can always look at the wsman-translator code as a reference.&lt;/P&gt;
&lt;P&gt;// keyData will be our resulting string and key will be the java.security.key we are coverting&lt;/P&gt;
&lt;P&gt;String keyData=null;&lt;/P&gt;
&lt;P&gt;try {&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;
&lt;P&gt;//Get an instance of an RSA key factory&lt;/P&gt;
&lt;P&gt;KeyFactory fact = java.security.KeyFactory.getInstance("RSA");&lt;/P&gt;
&lt;P&gt;// get the RSA private key spec from the key object returned from the store&lt;/P&gt;
&lt;P&gt;RSAPrivateCrtKeySpec spec = fact.getKeySpec(key, RSAPrivateCrtKeySpec.class);&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;
&lt;P&gt;// get RSA parameters&lt;/P&gt;
&lt;P&gt;byte[] mod=spec.getModulus().toByteArray();&lt;/P&gt;
&lt;P&gt;byte[] exp=spec.getPublicExponent().toByteArray();&lt;/P&gt;
&lt;P&gt;byte[] p =spec.getPrimeP().toByteArray();&lt;/P&gt;
&lt;P&gt;byte[] q = spec.getPrimeQ().toByteArray();&lt;/P&gt;
&lt;P&gt;byte[] dp = spec.getPrimeExponentP().toByteArray();&lt;/P&gt;
&lt;P&gt;byte[] dq = spec.getPrimeExponentQ().toByteArray();&lt;/P&gt;
&lt;P&gt;byte[] d = spec.getPrivateExponent().toByteArray();&lt;/P&gt;
&lt;P&gt;byte[] iq = spec.getCrtCoefficient().toByteArray();&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;
&lt;P&gt;// create a byte buffer to store the converted key&lt;/P&gt;
&lt;P&gt;byte buffer[] = new byte[4096];&lt;/P&gt;
&lt;P&gt;int index=7; // index will start above zero to leave some bytes at the beginning for header&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;
&lt;P&gt;Object params[] = {mod,exp,d,p,q,dp,dq,iq};&lt;/P&gt;
&lt;P&gt;// loop through all parts of the key add each encoded byte to the buffer (ASN.1 encoded)&lt;/P&gt;
&lt;P&gt;for (int i=0;i&lt;PARAMS.LENGTH&gt;
&lt;/PARAMS.LENGTH&gt;&lt;/P&gt;&lt;P&gt;byte param[] = (byte[])params&lt;I&gt;;&lt;/I&gt;&lt;/P&gt;
&lt;P&gt;buffer[index++]=(byte)2;&lt;/P&gt;
&lt;P&gt;int len = param.length;&lt;/P&gt;
&lt;P&gt;boolean pad = (param.length &amp;gt; 0x80) &amp;amp;&amp;amp; (param[0] !=0);&lt;/P&gt;
&lt;P&gt;if (pad) len++;&lt;/P&gt;
&lt;P&gt;int sizeType=0;&lt;/P&gt;
&lt;P&gt;if (len &amp;lt; 0x80)&lt;/P&gt;
&lt;P&gt;sizeType = 0x80;&lt;/P&gt;
&lt;P&gt;else if (len &amp;lt;= 0xFF)&lt;/P&gt;
&lt;P&gt;sizeType = 0x81;&lt;/P&gt;
&lt;P&gt;else if (len &amp;lt;= 0xFFFF)&lt;/P&gt;
&lt;P&gt;sizeType = 0x82;&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;
&lt;P&gt;switch (sizeType) {&lt;/P&gt;
&lt;P&gt;case 0x81:&lt;/P&gt;
&lt;P&gt;buffer[index++]=(byte)sizeType;&lt;/P&gt;
&lt;P&gt;buffer[index++]=(byte)len;&lt;/P&gt;
&lt;P&gt;break;&lt;/P&gt;
&lt;P&gt;case 0x82:&lt;/P&gt;
&lt;P&gt;buffer[index++]=(byte)sizeType;&lt;/P&gt;
&lt;P&gt;buffer[index++]= (byte)(len &amp;gt;&amp;gt;8);//len[1]&lt;/P&gt;
&lt;P&gt;buffer[index++]=(byte)(len &amp;amp; 0x000000FF);//len[0]&lt;/P&gt;
&lt;P&gt;break;&lt;/P&gt;
&lt;P&gt;default:&lt;/P&gt;
&lt;P&gt;buffer[index++]=(byte)len;&lt;/P&gt;
&lt;P&gt;break;&lt;/P&gt;
&lt;P&gt;}&lt;/P&gt;
&lt;P&gt;if (pad)&lt;/P&gt;
&lt;P&gt;buffer[index++]=(byte)0;&lt;/P&gt;
&lt;P&gt;// copy the param&lt;/P&gt;
&lt;P&gt;for (int j=0;j&lt;PARAM.LENGTH&gt;
&lt;/PARAM.LENGTH&gt;&lt;/P&gt;&lt;P&gt;buffer[index++]=param&lt;J&gt;;&lt;/J&gt;&lt;/P&gt;
&lt;P&gt;}&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;
&lt;P&gt;// private key header&lt;/P&gt;
&lt;P&gt;buffer[4]=(byte)2;//tag&lt;/P&gt;
&lt;P&gt;buffer[5]=(byte)1;//size&lt;/P&gt;
&lt;P&gt;buffer[6]=(byte)0;//version&lt;/P&gt;
&lt;P&gt;//set the header to handle different keysizes&lt;/P&gt;
&lt;P&gt;if (index&amp;lt;256) {&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;
&lt;P&gt;buffer[1]=(byte)48;&lt;/P&gt;
&lt;P&gt;buffer[2]=(byte)129;&lt;/P&gt;
&lt;P&gt;index=index+3;&lt;/P&gt;
&lt;P&gt;buffer[3]=(byte)index;&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;
&lt;P&gt;//file must be DWORD bock readable&lt;/P&gt;
&lt;P&gt;while ((index % 8)&amp;gt;0) index++;&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;
&lt;P&gt;byte[] temp = new byte[index-1];&lt;/P&gt;
&lt;P&gt;System.arraycopy(buffer, 1, temp, 0, temp.length);&lt;/P&gt;
&lt;P&gt;buffer=temp;&lt;/P&gt;
&lt;P&gt;}&lt;/P&gt;
&lt;P&gt;else {&lt;/P&gt;
&lt;P&gt;int len = index-4;&lt;/P&gt;
&lt;P&gt;buffer[0]=(byte)48;&lt;/P&gt;
&lt;P&gt;buffer[1]=(byte)130;&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;
&lt;P&gt;buffer[2]= (byte)(len &amp;gt;&amp;gt;8);//len[1]&lt;/P&gt;
&lt;P&gt;buffer[3]=(byte)(len &amp;amp; 0x000000FF);//len[0]&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;
&lt;P&gt;while (index &amp;lt; 1190 &amp;amp;&amp;amp; (index % 8)&amp;gt;0) index++;&lt;/P&gt;
&lt;P&gt;byte[] temp = new byte[index];&lt;/P&gt;
&lt;P&gt;System.arraycopy(buffer, 0, temp, 0, temp.length);&lt;/P&gt;
&lt;P&gt;buffer=temp;&lt;/P&gt;
&lt;P&gt;}&lt;/P&gt;
&lt;P&gt;//TODO: add your own base64 encoding routine here&lt;/P&gt;
&lt;P&gt;keyData=covertToBase64String(buffer);&lt;/P&gt;
&lt;P&gt;}&lt;/P&gt;
&lt;P&gt;catch (Exception e) {&lt;/P&gt;
&lt;P&gt;//TODO: throw your own Key format exception or do error handing here&lt;/P&gt;
&lt;P&gt;}&lt;/P&gt;
&lt;P&gt;return keyData;&lt;/P&gt;
&lt;P&gt;}&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;
&lt;P&gt;Hope this helps!&lt;/P&gt;
&lt;P&gt;Randy&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;</description>
      <pubDate>Fri, 05 Feb 2010 17:35:53 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Business-Client-Software/Need-help-on-calling-the-CertStoreAddKey-webservice/m-p/899736#M4490</guid>
      <dc:creator>Randal_T_Intel</dc:creator>
      <dc:date>2010-02-05T17:35:53Z</dc:date>
    </item>
    <item>
      <title>Need help on calling the CertStoreAddKey webservice</title>
      <link>https://community.intel.com/t5/Intel-Business-Client-Software/Need-help-on-calling-the-CertStoreAddKey-webservice/m-p/899737#M4491</link>
      <description>&lt;P&gt;Hi Randal,&lt;/P&gt;
&lt;P&gt;Thanks for your reponse !&lt;/P&gt;
&lt;P&gt;I have tried with your sample to try to set the private key. But still the issue (PT_STATUS_INVALID_KEY)persists. Let me explain the flow that i follow to set the client certificate for the iAMT device.&lt;/P&gt;
&lt;P&gt;1. Run the following command to keypair and CSR&lt;/P&gt;
&lt;P&gt;keytool -genkey -keyalg RSA -keysize 1024 -alias iamt -keystore amtkeystore -storetype pkcs12 -storepass secret&lt;/P&gt;
&lt;P&gt;keytool -certreq -keystore amtkeystore -alias iamt -file testreq -storetype pkcs12 -storepass secret&lt;/P&gt;
&lt;P&gt;2. Using the testreq CSR, i have got the certificate for the iAMT device issued by our Enterprise CA&lt;/P&gt;
&lt;P&gt;3. I have set the client certificate using certStoreAddCertificate soap method which return PT_STATUS_SUCCESS.&lt;/P&gt;
&lt;P&gt;4. Then i used the sample that you have given me to encode the private key in ASN.1 DER format from the keystore (amtkeystore) and trying to set using certStoreAddKey method. But still i get PT_STATUS_INVALID_KEY error. I am using the Base64 encoding routine from the following link &lt;A href="http://iharder.sourceforge.net/current/java/base64/" target="_blank"&gt;http://iharder.sourceforge.net/current/java/base64/&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;
&lt;P&gt;Please let me know i am missing anything in setting up the client certificate and also in which scerarios iAMT soap method throws PT_STATUS_INVALID_KEY error.&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;
&lt;P&gt;Code used to encode the private key:&lt;/P&gt;
&lt;P&gt;String password = "secret";&lt;BR /&gt; String keyAlias = "iamt";&lt;BR /&gt; String keystoreFile = path+"C:\\amtcert\\keytool\\client\\pkcs12\\amtkeystore";&lt;BR /&gt; KeyStore myclientkeystore = KeyStore.getInstance("pkcs12");&lt;BR /&gt; myclientkeystore.load(new FileInputStream(keystoreFile), password.toCharArray());&lt;BR /&gt; Key key = myclientkeystore.getKey(keyAlias, password.toCharArray());&lt;BR /&gt; Certificate cert = myclientkeystore.getCertificate(keyAlias);&lt;/P&gt;
&lt;P&gt;String myprivateString = convertBase64format(key);&lt;BR /&gt; KeyPairType keyPairType = new KeyPairType(new RSAKeyPairType(myprivateString.getBytes()));&lt;BR /&gt; secStub.certStoreAddKey(keyPairType, statusCode, keyPairHandle);&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;
&lt;P&gt;//convertBase64format utility method&lt;/P&gt;
&lt;P&gt;private static String convertBase64format(Key key)&lt;BR /&gt; {&lt;BR /&gt; String keyData=null;&lt;BR /&gt;&lt;BR /&gt; try &lt;BR /&gt; {   &lt;BR /&gt;&lt;BR /&gt; //  Get an instance of an RSA key factory&lt;BR /&gt; KeyFactory fact = KeyFactory.getInstance("RSA");&lt;BR /&gt; //   get the RSA private key spec from the key object returned from the store&lt;BR /&gt; RSAPrivateCrtKeySpec spec = fact.getKeySpec(key, RSAPrivateCrtKeySpec.class);&lt;BR /&gt; //   get RSA parameters&lt;BR /&gt; &lt;BR /&gt; System.out.println(spec.getModulus().toByteArray().length);&lt;BR /&gt;&lt;BR /&gt; byte[] mod=spec.getModulus().toByteArray(); &lt;BR /&gt; byte[] exp=spec.getPublicExponent().toByteArray(); &lt;BR /&gt; byte[] p =spec.getPrimeP().toByteArray(); &lt;BR /&gt; byte[] q = spec.getPrimeQ().toByteArray(); &lt;BR /&gt; byte[] dp = spec.getPrimeExponentP().toByteArray(); &lt;BR /&gt; byte[] dq = spec.getPrimeExponentQ().toByteArray(); &lt;BR /&gt; byte[] d = spec.getPrivateExponent().toByteArray(); &lt;BR /&gt; byte[] iq = spec.getCrtCoefficient().toByteArray();&lt;BR /&gt;&lt;BR /&gt; //   create a byte buffer to store the converted key&lt;BR /&gt; byte buffer[] = new byte[4096];&lt;BR /&gt; int index=7; // index will start above zero to leave some bytes at the beginning for header  &lt;BR /&gt;&lt;BR /&gt; Object params[] = {mod,exp,d,p,q,dp,dq,iq}; &lt;BR /&gt; //   loop through all parts of the key add each encoded byte to the buffer (ASN.1 encoded) &lt;BR /&gt; for (int i=0;i&lt;PARAMS.LENGTH&gt;&lt;/PARAMS.LENGTH&gt; {&lt;BR /&gt; &lt;BR /&gt; byte param[] = (byte[])params&lt;I&gt;;  &lt;BR /&gt; buffer[index++]=(byte)2;  &lt;BR /&gt; int len = param.length;  &lt;BR /&gt; boolean pad = (param.length &amp;gt; 0x80) &amp;amp;&amp;amp; (param[0] !=0);  &lt;BR /&gt; if (pad) len++;  &lt;BR /&gt; int sizeType=0;&lt;BR /&gt; &lt;BR /&gt; if (len &amp;lt; 0x80) &lt;BR /&gt; sizeType = 0x80; &lt;BR /&gt; else if (len &amp;lt;= 0xFF) &lt;BR /&gt; sizeType = 0x81; &lt;BR /&gt; else if (len &amp;lt;= 0xFFFF) &lt;BR /&gt; sizeType = 0x82;&lt;BR /&gt; &lt;BR /&gt; &lt;BR /&gt; switch (sizeType) { &lt;BR /&gt; case 0x81: &lt;BR /&gt; buffer[index++]=(byte)sizeType; &lt;BR /&gt; buffer[index++]=(byte)len; &lt;BR /&gt; break; &lt;BR /&gt; case 0x82: &lt;BR /&gt; buffer[index++]=(byte)sizeType; &lt;BR /&gt; buffer[index++]= (byte)(len &amp;gt;&amp;gt;8);//len[1] &lt;BR /&gt; buffer[index++]=(byte)(len &amp;amp; 0x000000FF);//len[0] &lt;BR /&gt; break; &lt;BR /&gt; default: &lt;BR /&gt; buffer[index++]=(byte)len; &lt;BR /&gt; break; &lt;BR /&gt; }&lt;BR /&gt; &lt;BR /&gt; if (pad) &lt;BR /&gt; buffer[index++]=(byte)0; &lt;BR /&gt; //   copy the param &lt;BR /&gt; for (int j=0;j&lt;PARAM.LENGTH&gt;&lt;/PARAM.LENGTH&gt; buffer[index++]=param&lt;J&gt;;&lt;BR /&gt; &lt;BR /&gt; }&lt;BR /&gt; &lt;BR /&gt; &lt;BR /&gt; &lt;BR /&gt; //   private key header&lt;BR /&gt; &lt;BR /&gt; buffer[4]=(byte)2;//tag&lt;BR /&gt; &lt;BR /&gt; buffer[5]=(byte)1;//size&lt;BR /&gt; &lt;BR /&gt; buffer[6]=(byte)0;//version&lt;BR /&gt; &lt;BR /&gt; //  set the header to handle different keysizes&lt;BR /&gt; &lt;BR /&gt; if (index&amp;lt;256) &lt;BR /&gt; { &lt;BR /&gt; &lt;BR /&gt; buffer[1]=(byte)48;  &lt;BR /&gt; buffer[2]=(byte)129;  &lt;BR /&gt; index=index+3;  &lt;BR /&gt; buffer[3]=(byte)index;    &lt;BR /&gt; &lt;BR /&gt; //  file must be DWORD bock readable&lt;BR /&gt; &lt;BR /&gt; while ((index % 8)&amp;gt;0) index++;&lt;BR /&gt; &lt;BR /&gt; &lt;BR /&gt; byte[] temp = new byte[index-1];  &lt;BR /&gt; System.arraycopy(buffer, 1, temp, 0, temp.length);  &lt;BR /&gt; buffer=temp;&lt;BR /&gt; &lt;BR /&gt; } &lt;BR /&gt; else &lt;BR /&gt; {&lt;BR /&gt; &lt;BR /&gt; int len = index-4;&lt;BR /&gt; &lt;BR /&gt; buffer[0]=(byte)48;&lt;BR /&gt; &lt;BR /&gt; buffer[1]=(byte)130;&lt;BR /&gt; &lt;BR /&gt; &lt;BR /&gt; &lt;BR /&gt; buffer[2]= (byte)(len &amp;gt;&amp;gt;8);//len[1] &lt;BR /&gt; buffer[3]=(byte)(len &amp;amp; 0x000000FF);//len[0]&lt;BR /&gt; &lt;BR /&gt; &lt;BR /&gt; while (index &amp;lt; 1190 &amp;amp;&amp;amp; (index % 8)&amp;gt;0) &lt;BR /&gt; index++;&lt;BR /&gt; &lt;BR /&gt; byte[] temp = new byte[index];&lt;BR /&gt; &lt;BR /&gt; System.arraycopy(buffer, 0, temp, 0, temp.length);&lt;BR /&gt; &lt;BR /&gt; buffer=temp; &lt;BR /&gt; }&lt;BR /&gt; &lt;BR /&gt; //  TODO: add your own base64 encoding routine here&lt;BR /&gt; &lt;BR /&gt; keyData=covertToBase64String(buffer);&lt;BR /&gt;&lt;BR /&gt; }&lt;BR /&gt;&lt;BR /&gt; catch (Exception e) {&lt;BR /&gt; e.printStackTrace();&lt;BR /&gt;&lt;BR /&gt;//  TODO: throw your own Key format exception or do error handing here&lt;BR /&gt;&lt;BR /&gt; }&lt;BR /&gt;&lt;BR /&gt; return keyData;&lt;BR /&gt;&lt;BR /&gt; }&lt;BR /&gt; &lt;BR /&gt; public static String covertToBase64String(byte[] rawData) {&lt;BR /&gt; return Base64.encodeBytes(rawData);&lt;BR /&gt; }&lt;/J&gt;&lt;/I&gt;&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;
&lt;P&gt;Thanks,&lt;/P&gt;
&lt;P&gt;Periyasamy&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;</description>
      <pubDate>Mon, 08 Feb 2010 11:50:05 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Business-Client-Software/Need-help-on-calling-the-CertStoreAddKey-webservice/m-p/899737#M4491</guid>
      <dc:creator>peri</dc:creator>
      <dc:date>2010-02-08T11:50:05Z</dc:date>
    </item>
    <item>
      <title>Need help on calling the CertStoreAddKey webservice</title>
      <link>https://community.intel.com/t5/Intel-Business-Client-Software/Need-help-on-calling-the-CertStoreAddKey-webservice/m-p/899738#M4492</link>
      <description>&lt;P&gt;Hi Periyasamy-&lt;/P&gt;
&lt;P&gt;I just wanted to let you know we are looking into your issue.&lt;/P&gt;</description>
      <pubDate>Thu, 11 Feb 2010 21:08:08 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Business-Client-Software/Need-help-on-calling-the-CertStoreAddKey-webservice/m-p/899738#M4492</guid>
      <dc:creator>Richard_B_Intel1</dc:creator>
      <dc:date>2010-02-11T21:08:08Z</dc:date>
    </item>
    <item>
      <title>Need help on calling the CertStoreAddKey webservice</title>
      <link>https://community.intel.com/t5/Intel-Business-Client-Software/Need-help-on-calling-the-CertStoreAddKey-webservice/m-p/899739#M4493</link>
      <description>&lt;P&gt;Thanks a lot RB.&lt;/P&gt;
&lt;P&gt;Regards,&lt;/P&gt;
&lt;P&gt;Periyasamy&lt;/P&gt;</description>
      <pubDate>Sun, 14 Feb 2010 02:57:52 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Business-Client-Software/Need-help-on-calling-the-CertStoreAddKey-webservice/m-p/899739#M4493</guid>
      <dc:creator>peri</dc:creator>
      <dc:date>2010-02-14T02:57:52Z</dc:date>
    </item>
    <item>
      <title>Need help on calling the CertStoreAddKey webservice</title>
      <link>https://community.intel.com/t5/Intel-Business-Client-Software/Need-help-on-calling-the-CertStoreAddKey-webservice/m-p/899740#M4494</link>
      <description>&lt;P&gt;Periyasamy,&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;
&lt;P&gt;Comment out the following lines of codefrom the sample I gave you and thingssould start towork (the code needing commented out isalittle before the the base64 conversion)&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;
&lt;P&gt;while (index &amp;lt; 1190 &amp;amp;&amp;amp; (index % 8)&amp;gt;0)&lt;/P&gt;
&lt;P&gt;index++;&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;
&lt;P&gt;The code that needs commented out was to add DWORD padding to the output but appears not to be needed and is causing your issue.&lt;/P&gt;
&lt;P&gt;Also, make sure your base64 encoding routine is not adding any carriage return line feeds in the output. Suns routines do this by default but you can suppress with a flag.&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;
&lt;P&gt;Attached are some sample pfx filesI used for testing the code. Test1 is a 1024 key and Test11 is a 2048 key. passwordstring for bothis "123".&lt;/P&gt;
&lt;P&gt;Randy&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;</description>
      <pubDate>Tue, 16 Feb 2010 23:11:11 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Business-Client-Software/Need-help-on-calling-the-CertStoreAddKey-webservice/m-p/899740#M4494</guid>
      <dc:creator>Randal_T_Intel</dc:creator>
      <dc:date>2010-02-16T23:11:11Z</dc:date>
    </item>
    <item>
      <title>Need help on calling the CertStoreAddKey webservice</title>
      <link>https://community.intel.com/t5/Intel-Business-Client-Software/Need-help-on-calling-the-CertStoreAddKey-webservice/m-p/899741#M4495</link>
      <description>&lt;P&gt;Hi Randy,&lt;/P&gt;
&lt;P&gt;unfortunately the changes suggested by you doesn't solve the problem. Still i get PT_STATUS_INVALID_KEY error. I am following the steps given in the Reply # 2 for creating certs and passing into iAMT webservice. Could you please verify whatever i have done is valid or not?&lt;/P&gt;
&lt;P&gt;Thanks,&lt;/P&gt;
&lt;P&gt;Periyasamy&lt;/P&gt;</description>
      <pubDate>Tue, 23 Feb 2010 04:34:21 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Business-Client-Software/Need-help-on-calling-the-CertStoreAddKey-webservice/m-p/899741#M4495</guid>
      <dc:creator>peri</dc:creator>
      <dc:date>2010-02-23T04:34:21Z</dc:date>
    </item>
    <item>
      <title>Need help on calling the CertStoreAddKey webservice</title>
      <link>https://community.intel.com/t5/Intel-Business-Client-Software/Need-help-on-calling-the-CertStoreAddKey-webservice/m-p/899742#M4496</link>
      <description>&lt;P&gt;Hi Periyasamy,&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;
&lt;P&gt;I would suggest that you use the Setup and Configuration Application that comes with the SDK to provision your units. Plug your certs into the SCA at the appropriate folders with the appropriate names, and make sure that there's nothing wrong with your certs; then look into translating the code into Java. I've used the SCA many times and I know that it works. The SCA generates demo certs for testing with mutual authentication, and it has code that shows how to send the certs to the AMT system. So, use the SCA as a template for your Java code.&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;
&lt;P&gt;Regards,&lt;/P&gt;
&lt;P&gt;Roger&lt;/P&gt;</description>
      <pubDate>Tue, 23 Feb 2010 15:29:31 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Business-Client-Software/Need-help-on-calling-the-CertStoreAddKey-webservice/m-p/899742#M4496</guid>
      <dc:creator>RBens2</dc:creator>
      <dc:date>2010-02-23T15:29:31Z</dc:date>
    </item>
    <item>
      <title>Need help on calling the CertStoreAddKey webservice</title>
      <link>https://community.intel.com/t5/Intel-Business-Client-Software/Need-help-on-calling-the-CertStoreAddKey-webservice/m-p/899743#M4497</link>
      <description>&lt;P&gt;Hi Roger,&lt;/P&gt;
&lt;P&gt;Thanks for your inputs. I have tried to use our certs in the SCA sample, but it throws same (PT_STATUS_INVALID_KEY) error while setting up the private key.&lt;/P&gt;
&lt;P&gt;As SCA expects the private key in the pem format, i have used the following code to export the private key in pem format from the keystore.&lt;/P&gt;
&lt;P&gt;&lt;BR /&gt;package com.test.iamt.provisioning;&lt;/P&gt;
&lt;P&gt;&lt;BR /&gt;import sun.misc.BASE64Encoder;&lt;BR /&gt;import java.security.cert.Certificate;&lt;BR /&gt;import java.security.*;&lt;BR /&gt;import java.io.File;&lt;BR /&gt;import java.io.FileInputStream;&lt;BR /&gt;import java.io.FileWriter;&lt;BR /&gt; &lt;BR /&gt;class ExportPrivateKey {&lt;BR /&gt; public static void main(String args[]) throws Exception{&lt;BR /&gt; ExportPrivateKey myep = new ExportPrivateKey();&lt;BR /&gt; myep.doit();&lt;BR /&gt; }&lt;BR /&gt; &lt;BR /&gt; public void doit() throws Exception{&lt;BR /&gt; &lt;BR /&gt; KeyStore ks = KeyStore.getInstance("pkcs12");&lt;BR /&gt; String fileName = "C:\\zcmcert\\keytool\\client\\pkcs12\\amtkeystore";&lt;BR /&gt; &lt;BR /&gt; char[] passPhrase = "secret".toCharArray();&lt;BR /&gt; BASE64Encoder myB64 = new BASE64Encoder();&lt;BR /&gt; &lt;BR /&gt; &lt;BR /&gt; File certificateFile = new File(fileName);&lt;BR /&gt; ks.load(new FileInputStream(certificateFile), passPhrase);&lt;BR /&gt; &lt;BR /&gt; KeyPair kp = getPrivateKey(ks, "iamt", passPhrase);&lt;BR /&gt; &lt;BR /&gt; PrivateKey privKey = kp.getPrivate();&lt;BR /&gt; &lt;BR /&gt; &lt;BR /&gt; String b64 = myB64.encode(privKey.getEncoded());&lt;BR /&gt; FileWriter writer = null;&lt;BR /&gt; writer = new FileWriter("newkey.pem"); &lt;BR /&gt; writer.write("-----BEGIN RSA PRIVATE KEY-----"+"\n");&lt;BR /&gt; writer.write(b64);&lt;BR /&gt; writer.write("\n");&lt;BR /&gt; writer.write("-----END RSA PRIVATE KEY-----");&lt;/P&gt;
&lt;P&gt;writer.close();&lt;BR /&gt; &lt;BR /&gt; }&lt;BR /&gt; &lt;BR /&gt;public KeyPair getPrivateKey(KeyStore keystore, String alias, char[] password) {&lt;BR /&gt; try {&lt;BR /&gt; // Get private key&lt;BR /&gt; Key key = keystore.getKey(alias, password);&lt;BR /&gt; if (key instanceof PrivateKey) {&lt;BR /&gt; // Get certificate of public key&lt;BR /&gt; Certificate cert = keystore.getCertificate(alias);&lt;BR /&gt; &lt;BR /&gt; // Get public key&lt;BR /&gt; PublicKey publicKey = cert.getPublicKey();&lt;BR /&gt; &lt;BR /&gt; // Return a key pair&lt;BR /&gt; return new KeyPair(publicKey, (PrivateKey)key);&lt;BR /&gt; }&lt;BR /&gt; } catch (UnrecoverableKeyException e) {&lt;BR /&gt; } catch (NoSuchAlgorithmException e) {&lt;BR /&gt; } catch (KeyStoreException e) {&lt;BR /&gt; }&lt;BR /&gt; return null;&lt;BR /&gt; }&lt;BR /&gt; &lt;BR /&gt;}&lt;/P&gt;
&lt;BR /&gt;
&lt;P&gt;It looks there is some issue related cert that we generated. As i already mentioned i am following steps given in the Reply #2 for generating certificates. can you verify the keytool command that i use is valid?&lt;/P&gt;
&lt;P&gt;Or Do i miss something while exporting private key from java keystore into the pem format?&lt;/P&gt;
&lt;P&gt;Thanks,&lt;/P&gt;
&lt;P&gt;Periyasamy&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;</description>
      <pubDate>Thu, 25 Feb 2010 13:18:34 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Business-Client-Software/Need-help-on-calling-the-CertStoreAddKey-webservice/m-p/899743#M4497</guid>
      <dc:creator>peri</dc:creator>
      <dc:date>2010-02-25T13:18:34Z</dc:date>
    </item>
    <item>
      <title>Need help on calling the CertStoreAddKey webservice</title>
      <link>https://community.intel.com/t5/Intel-Business-Client-Software/Need-help-on-calling-the-CertStoreAddKey-webservice/m-p/899744#M4498</link>
      <description>&lt;P&gt;Hi All,&lt;/P&gt;
&lt;P&gt;Now i have seen certStoreAddKey works fine with the private key that is generated from keytool command.&lt;/P&gt;
&lt;P&gt;The following workarounds fixed the issue&lt;/P&gt;
&lt;P&gt;1. Generated the keypair using the following keytool command&lt;/P&gt;
&lt;P&gt;keytool -genkey -v -alias iamt -keyalg RSA -storetype PKCS12 -keystore test.p12 -dname "CN=blramttest.bl&lt;BR /&gt;r.novell.com" -storepass secret&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;
&lt;P&gt;2. By passing Base64 bytes of encoded private key as the input for certStoreAddKey.&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;
&lt;P&gt;Thanks a lot for your help.&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;
&lt;P&gt;Thanks,&lt;/P&gt;
&lt;P&gt;Periyasamy&lt;/P&gt;</description>
      <pubDate>Mon, 01 Mar 2010 04:11:25 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Business-Client-Software/Need-help-on-calling-the-CertStoreAddKey-webservice/m-p/899744#M4498</guid>
      <dc:creator>peri</dc:creator>
      <dc:date>2010-03-01T04:11:25Z</dc:date>
    </item>
    <item>
      <title>Need help on calling the CertStoreAddKey webservice</title>
      <link>https://community.intel.com/t5/Intel-Business-Client-Software/Need-help-on-calling-the-CertStoreAddKey-webservice/m-p/899745#M4499</link>
      <description>&lt;P&gt;Happy your code is working now.&lt;/P&gt;
&lt;P&gt;Thanks for sharing how you resolved it.&lt;/P&gt;</description>
      <pubDate>Mon, 01 Mar 2010 15:58:10 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Business-Client-Software/Need-help-on-calling-the-CertStoreAddKey-webservice/m-p/899745#M4499</guid>
      <dc:creator>Lance_A_Intel</dc:creator>
      <dc:date>2010-03-01T15:58:10Z</dc:date>
    </item>
  </channel>
</rss>

