Parsing certificates with bouncycastle

I'm a certificate noob. I've been trying to import certificates for the past couple of hours and the more I dig into security stuff, the more it feels impossible to understand.

Here is what I'm trying to achieve in java:

• the user can upload any 开发者_如何转开发kind of formatted certificate with an optional passphrase
• I need to convert the certificate to a non-binary PEM format
• Extract the private and public keys to store in a database, throw error if missing one of the two

So far I've been able to parse some certificates using java security's x509Certificate but I can't get the private key. I've also tried bouncy castle but no success there either.

Thanks for your help

An X509Certificate only contains a public key.

Private keys are usually encoded using PKCS#8. Try KeyFactory with a PKCS8EncodedKeySpec.

Combined public key certificates with private keys are usually encoded using PKCS#12 (.pfx, .p12). Try a KeyStore of "PKCS12" type (with Bouncy Castle as provider).