security - Android Marshmallow view user certificates and associate cert with private key -

-

  1. i've created key pair, stored private key in androidkeystore.
  2. generated csr using public key key pair
  3. exported csr ca, , got generate cert
  4. installed cert on phone

now, i'm trying associate private key #1 cert installed @ step #4.

have looked day, cannot find mechanism it. android documentation suggests using keystore.setkeyentry method. intend use unable read cert installed.

i can display certs in androidcastore, , see newly installed cert in "user certificates" section on phone unable read programatically. ideas ?

trying pretty same thing. key association signed cert works using keystore.setentry. can't work user cert appear in "ipsec user certificate" listbox when trying add vpn. running on marshmallow 6.0.1

my logic looks keystore = keystore.getinstance("androidkeystore");

        keygen = keypairgenerator.getinstance("ec", "androidkeystore");          keygen.initialize(                 new keygenparameterspec.builder(                         "myalias",                         keyproperties.purpose_sign)                         .setalgorithmparameterspec(new ecgenparameterspec("secp384r1"))                         .setdigests(keyproperties.digest_sha256,                                 keyproperties.digest_sha384,                                 keyproperties.digest_sha512)                         .setblockmodes(keyproperties.block_mode_gcm)                         .setuserauthenticationrequired(false)                         .setkeyvaliditystart(now)                         .setkeyvalidityfororiginationend(nowplusthreeyears)                         .build());    keypair = keygen.generatekeypair();   privatekey = (privatekey) keystore.getkey("myalias", null);   publickey = keystore.getcertificate("myalias").getpublickey();    certificate[] chain = keystore.getcertificatechain("myalias");   keystore.setkeyentry("myalias", privatekey, null, chain);    stringbuilder x500principalbuilder = new stringbuilder("cn=");     x500principalbuilder.append("my company");     x500principalbuilder.append(", ");     x500principalbuilder.append("l=");     x500principalbuilder.append("my location");     x500principalbuilder.append(", ");     x500principalbuilder.append("st=");     x500principalbuilder.append("ca");     x500principalbuilder.append(", ");     x500principalbuilder.append("o=");     x500principalbuilder.append("my org");     x500principalbuilder.append(", ");     x500principalbuilder.append("ou=");     x500principalbuilder.append("my ou");     x500principalbuilder.append(", ");     x500principalbuilder.append("c=");     x500principalbuilder.append("us");    signature ecdsasignature = signature.getinstance("sha384withecdsa");   ecdsasignature.initsign(keypair.getprivate());    byte[] strbyte = new byte[0];   strbyte = x500principalbuilder.tostring().getbytes(utf8_charset);   ecdsasignature.update(strbyte);       x500principal x500principal = new x500principal(x500principalbuilder.tostring());     pkcs10certificationrequestbuilder p10builder = new jcapkcs10certificationrequestbuilder(             x500principal, keypair.getpublic());      jcacontentsignerbuilder csbuilder = new jcacontentsignerbuilder(signaturegenerator.getsigningalgorithm());     contentsigner signer = csbuilder.build(keypair.getprivate());      org.bouncycastle.pkcs.pkcs10certificationrequest csr = p10builder.build(signer);      pemobject pemobject = new pemobject("certificate request", csr.getencoded());     stringwriter str = new stringwriter();     pemwriter pemwriter = new pemwriter(str);     pemwriter.writeobject(pemobject);     pemwriter.close();     str.close();   // write csr file // signed ca (microsoft ca) // push cert phone // install cert  certificate clientcertsignedbyca = certificatefactory.getinstance("x.509").generatecertificate(new fileinputstream("/path/to/cert.cer));     keystore.entry entry = keystore.getentry("myalias", null); privatekey privatekey = (privatekey) keystore.getkey("myalias", null); certificate[] chain = new certificate[1]; chain[0] = clientcertsignedbyca; keystore.setkeyentry("myalias", privatekey, null, chain);

Comments

Post a Comment

Popular posts from this blog

mysql - Dreamhost PyCharm Django Python 3 Launching a Site -

-
i'm new python/django , created simple django website using pycharm. site works fine running on computer, i'm lost when comes taking site onto host (dreamhost). i'm able upload files correct directories fine, , believe made correct changes database on mysql. i'm not sure go there though. right now, page shows files rather site. direction appreciated. much! you should not run django application using python manage.py runserver on production. how run application on django depends on server (apache, nginx) want use for apache - https://docs.djangoproject.com/en/1.10/howto/deployment/wsgi/modwsgi/ for nginx - https://www.digitalocean.com/community/tutorials/how-to-serve-django-applications-with-uwsgi-and-nginx-on-ubuntu-14-04 the mysql database should, of course, exist , have correct credentials. or, if choose use sqlite, file should accessible, readable , writable www-user (may different depending on linux distributive)
Read more

java - Sending SMS with SMSLib and Web Services -

-
i have made rest web service send smss using hsdpa usb modem. using smslib in java send smss. every time web service invoked, create gateway start service, send message, stop service , remove gateway. takes 20 seconds each message. found starting service takes lot of time. part of code use send smss service.getinstance().addgateway(gateway); service.getinstance().startservice(); outboundmessage msg = new outboundmessage(phonenumber, message); if (service.getinstance().sendmessage(msg)) { result = "message sent successfully!!"; } else { result = "could not send message."; } service.getinstance().stopservice(); service.getinstance().removegateway(gateway);//remove gateway is there way can start service once if not started , use send message when ever web service invoked? why dont group messages , send in 1 go? service.getinstance().sendmessages(messa...
Read more

java - How to resolve The method toString() in the type Object is not applicable for the arguments (InputStream) -

-
i'm trying read json file local machine. @path("/") public class jsonparsing { file f = new file("file.json"); if (f.exists()){ inputstream = new fileinputstream("file.json"); string jsontxt = ioutils.tostring(is); system.out.println(jsontxt); jsonobject json = new jsonobject(jsontxt); string = json.getstring("1000"); system.out.println(a); } } but i'm getting error in tostring() method. possible read .txt file containing json object local machine? if possible, how done? firstly: whenever ask question- add imports well. secondly: yes possible read .txt file containing json object. steps: 1. add maven dependency in pom.xml - <dependency> <groupid>com.googlecode.json-simple</groupid> <artifactid>json-simple</artifactid> <version>1.1.1</version> </dependency> or add jar of dependency. 2.import...
Read more