3

I want users to be able to install their own personal certificate into my Android application after installation from a website which generates the certificates, but when I use a WebClient or the Android Browser to surf to it, the Secure Storage pops up and installs it, which is unavailable by API until version 14 (Android 4.0), which my users do not have installed.

An example of such a site is http://www.comodo.com/home/email-security/free-email-certificate.php . Here you can request a personal certificate, and after confirming, you get a link where you can download the certificate. I want users to be able to download certificates from this website, and others, into my application.

Can anyone tell me which intent to handle to be able to get the certificate into my own application, or how to modify WebClient such that it allows me to decide what it should do with the file?

Thanks in advance, Patrick

Patrick
  • 113
  • 2
  • 6
  • What is the purpose of the 'personal certificate'? SSL client authentication? – Nikolay Elenkov Nov 21 '11 at 01:59
  • The purpose of the personal certificate is to decrypt and sign data, so I just want to extract a Certificate and a PrivateKey. – Patrick Nov 21 '11 at 23:01
  • Still not clear: who will use the key/certificate? WebView? Your own app's Java code (via JCE)? Do you want to just authenticate to a website or write some crypto code yourself? – Nikolay Elenkov Nov 25 '11 at 04:31
  • I have written my own crypto code to encrypt and sign messages with the keys found in the certificate with my own app's code. – Patrick Nov 25 '11 at 15:49

1 Answers1

3

Since the Android keystore API is not public before ICS (4.0), you need to save the key and certificate to some file your app can access to be able to use them. If you require a standard password-protected Java keystore file and require password input for crypto operations, it would be reasonably secure.

You can import a key/certificate pair in pre-ICS versions using Settings->Location and security->'Install from SD card', but there is no public API to access those from your app, the can only be used by the built-in VPN client.

Nikolay Elenkov
  • 52,576
  • 10
  • 84
  • 84
  • I have found that indeed, and I found out that it is not public prior to Android 4.0, but the problem is not the storage, but the retrieval of the file: as soon as I open the url with the certificate in my browser, it tries to get it into the secure storage. Could you tell me how to handle the download of that file in my own app, so that I can handle and save the file? – Patrick Nov 25 '11 at 21:46
  • Again, we need more details. If users install their own key and certificate, whey do they have to download it? If it's their own, that implies it's local. If that is the case, just have add file browser functionality to your app and let them select the file. If not, please revise your question to provide more detail. – Nikolay Elenkov Nov 26 '11 at 00:27
  • I have inserted an example: comodo personal email certificate, where you can download a certificate with private key from a website. I want to be able to get those certificates into my app. – Patrick Nov 26 '11 at 06:33
  • Have them download it on their computer and transfer to the SD card. Then import into the app from there. – Nikolay Elenkov Nov 26 '11 at 12:00
  • Thank you for cleaning that up, I had hoped there was another option. – Patrick Dec 03 '11 at 13:26
  • @NikolayElenkov - Can you please shed your thoughts on these questions http://stackoverflow.com/q/30327023/730807 http://stackoverflow.com/q/30244567/730807 I'd really appreciate it.Thanks in advance ! – Durai Amuthan.H May 20 '15 at 16:09