Reputation: 113
Using a personal certificate in an Android Application
I want users to be able to install their own personal certificate into my Android application after installation from a website which generates the certificates, but when I use a WebClient or the Android Browser to surf to it, the Secure Storage pops up and installs it, which is unavailable by API until version 14 (Android 4.0), which my users do not have installed.
An example of such a site is http://www.comodo.com/home/email-security/free-email-certificate.php . Here you can request a personal certificate, and after confirming, you get a link where you can download the certificate. I want users to be able to download certificates from this website, and others, into my application.
Can anyone tell me which intent to handle to be able to get the certificate into my own application, or how to modify WebClient such that it allows me to decide what it should do with the file?
Thanks in advance, Patrick
Upvotes: 3
Views: 3481
Answers (1)
Reputation: 52956
Since the Android keystore API is not public before ICS (4.0), you need to save the key and certificate to some file your app can access to be able to use them. If you require a standard password-protected Java keystore file and require password input for crypto operations, it would be reasonably secure.
You can import a key/certificate pair in pre-ICS versions using Settings->Location and security->'Install from SD card', but there is no public API to access those from your app, the can only be used by the built-in VPN client.
Upvotes: 3
Related Questions
- How to add a SSL Certificate to an Android project?
- How to use a self signed SSL certificate in Android
- HTTPS connection with client certificate in an android app
- Android app SSL issue when trusting self signed certificate
- Android application with SSL
- Android SSL certificate
- Using X509 certificate in android application
- using SSL on android
- Android and SSL cert loading
- Android: Work with an unsecure ssl certificate