Reputation: 67
I'm developing an android application that uses self-signed certificates with a private key to authenticate a secure connection which is needed to transfer data to the application (using httpclient). Since each user has a different certificate, containing his own private key I need a way to include that in the application.
Is it possible to pack said certificate in an android application when the user completes the process of obtaining it and instead of offering him the download of his certificate, offer him to download the application which already contains his certificate?
Or are there any alternative approaches? Perhaps generating the certificate within the application using the private and public key?
Upvotes: 1
Views: 634
Reputation: 39807
Are you expecting your users to be technically competent and willing to install your app on their own, using ADB?
In my opinion, a better option is to have your (generic) app recognize that it has no certificate and walk the user through retrieving it from your server. This retrieval could entail fetching a previously generated certificate (such as through entering a code you've provided in advance) or generating a new one (either locally or on your remote server, depending on your situation and security requirements). Not only will this work for more users, it will be less to maintain on your end as well.
Upvotes: 2