This blog post should explain it to you perfectly.
Using the PKCS12 encryption with PEM files.
To get this running you first need a Java Keystore in PFX (Personal
File Exchange) format.
Keytool command:
keytool -genkeypair -alias mykeystore -keypass lala -keystore
mykeystore.pfx -storepass lala -validity 10000 -keyalg RSA -keysize
2048 -storetype pkcs12
This will generate the mykeystore.pfx file. This file can be imported
as a Certificate in Firefox.
Import - Open Firefox – Tools – Options – Advanced – View Certificates – You Certificates – Import – Select PFX file – Import it.
Export - Select the Certificate – View – Details – Export it to X.509 PEM). (you can also export to DER)
1. The Private Key
First we need to extract the Private Key from the PFX file.
2. The Public Key
Secondly you will need to encrypt a file using the public key. But first you need the public key.
3. Encryption with the Public Key
Now you have the Public Key you can encrypt a File.
4. Decryption with the Private Key
So now the file is encrypted it can be sent/stored for the receiving party to…well…receive it and decrypt it. To decrypt it we need the Private Key and luckily that was saved/stored in the private.pem file
5. Encryption/Decryption with AES keys
Another way to encrypt/decrypt stuff is via an AES 256 bits key. The key will be generated randomly per file and written to the file system. Then this AES key can be encrypted using the above RSA mechanism. This will improve the performance of encryption for large files.
Source - http://coenos.com/blog/?p=257
