I want users to be able to install their own personal certificate into my Android application after installation from a website which generates the certificates, but when I use a WebClient or the Android Browser to surf to it, the Secure Storage pops up and installs it, which is unavailable by API until version 14 (Android 4.0), which my users do not have installed.
An example of such a site is http://www.comodo.com/home/email-security/free-email-certificate.php .
Here you can request a personal certificate, and after confirming, you get a link where you can download the certificate.
I want users to be able to download certificates from this website, and others, into my application.
Can anyone tell me which intent to handle to be able to get the certificate into my own application, or how to modify WebClient such that it allows me to decide what it should do with the file?
Thanks in advance,
Patrick
Since the Android keystore API is not public before ICS (4.0), you need to save the key and certificate to some file your app can access to be able to use them. If you require a standard password-protected Java keystore file and require password input for crypto operations, it would be reasonably secure.
You can import a key/certificate pair in pre-ICS versions using Settings->Location and security->'Install from SD card', but there is no public API to access those from your app, the can only be used by the built-in VPN client.
Related
Coming from the iOS background, it is possible to Performing Manual Server Trust Authentication, i.e. allow the app to authenticate server's credentials. I have looked around, and have not found any information on whenever it is possible to do in Android application (preferably, in Kotlin, but Java is fine too). Any suggestions?
I need to digitally sign the PDF document in our server using digital certificate in the usb token. How this can be achieved? Is there any library/api for this?
I tried to access the certificates in the browser as suggested in this
link
java.security.cert.X509Certificate certChain [] = (java.security.cert.X509Certificate [])request.getAttribute ("javax.net.ssl.peer_certificates");
But it is not giving any result. I'm using java. I tried accessing key-store,but it is returning the servers certificates instead of client's certificates. How can i access the client's certificates?
The link is for SSL authentication, not digital signature. You need a local java application to access USB token and a PDF library like itext or pdfbox.
Itis not possible from browser (except using applets with IE / firefox and old versions of JRE plugin. I do not recommend it). See this and some alternatives here
In google play game services, you have to link your apps to your Game service campaign. Whenever you link an app you have to authorize it by providing the package and then the SHA1 Signing certificate fingerprint. My question is if you generate the app's apk on a different computer, the SHA1 certificate will be different. So do you have to delete the linked app and re-add it with the new SHA1? The documentation is pretty unclear about this.
My question is if you generate the app's apk on a different computer,
the SHA1 certificate will be different
Why would the certificate be different? You must use the same keystore and provide the keystore password every time you generate the APK for a release. See the documentation about this.
Warning: Keep your keystore and private key in a safe and secure place, and ensure that you have secure backups of them. If you publish an app to Google Play and then lose the key with which you signed your app, you will not be able to publish any updates to your app, since you must always sign all versions of your app with the same key.
I need to do this thing:
communicate using ssl from android terminal to a server;
each android client has its own certificate (we can say mutual authentication);
the ssl certificate must not be in the application (each person install his certificate on his phone).
How can I do it?
Obviously point 1) alone is easy (I build a keystore/truststore as explained in stackoverflow). The problem is in point 3).
Thanks,
Mario
If you are targeting Android 4.0 (ICS), you can use the system key store via the KeyChain API. For other versions, users need save their keystore somewhere (on the SD card/external storage, etc.) and let your app know where to find it.
I would like to develop an own API for Android that will request "Signature" protection level and will be accessible for 'my" applications.
Idea is following:
"install" my own certificate into system certificates storage
sign "trusted" application with my own certificate
As a result during request from any application to my API system will check if this application is signed with an appropriate certificate. If my sertificate is installed into Android everything should be fine.
I'm going to prototype that approach, but if there is something obvious that can prevent me from doing that - please let me know.
The question:
how to install own certificate into system certificates storage (assuming we will build Android ourselves and can modify system (in a reasonable borders))?
Thank you very much.
P.S. I'm not very familiar with Java/Android development, so please don't mind if you see something strange.
UPDATE:
As I wrote in a comment to zeetoobiker's answer, If I sign my API with my own certificate then it will be accessible for all my applications (signed by my certificate), but it won't have any system permissions. And I don't want all my 'customers' to navigate to the "realmb.com/droidCert/" web site. Instead I want manufacturer to add my certificate into an OS, now I'm working on making a proof of concept.
I don't think you need to install the certificate.
From the permission docs for signature:
A permission that the system grants only if the requesting application is signed with the same certificate as the application that declared the permission. If the certificates match, the system automatically grants the permission without notifying the user or asking for the user's explicit approval.
This means that it's the certificate you use to sign the apps that matter (not any installed certificates) - if you sign App 1 and App 2 with the same certificate then it will have permission. If App 3 which is signed with a different certificate attempts to access the API then it will get a no permission exception.
According to the docs (I have to admit I've not done it although I'm looking at for some of my apps) it should work on vanilla Android without any necessary customisations / access to the device / root.
If you really need to install the root certificate, this may help but I don't think you do for your stated aim.