Reputation: 373
Android and SSL cert loading
I'm making an app for android 2.2 sdk and am currently sending data over wifi from one instance of the app to another (a different mobile device that is) via a java Socket and it works fine. I wanted to add some encryption to that so the data isn't sent as plaintext.
I used
SSLServerSocketFactory factory = (SSLServerSocketFactory)
SSLServerSocketFactory.getDefault();
server = (SSLServerSocket) factory.createServerSocket(incomingConnectionPort);
while(!Thread.interrupted()) {
SSLSocket incoming = (SSLSocket) server.accept();
.......
}
To create an SSLServer on one point and
SocketAddress sockAddress = new InetSocketAddress(address.getIP(), address.getPort());
SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
connectionSocket = (SSLSocket) factory.createSocket();
connectionSocket.connect(sockAddress, 6000);
on the other point to connect to the server. After some search i also created a self-signed certificate with something like
keytool -keystore mykeystore -storepass mypass -genkey -keyalg RSA -alias mycert
and added this in my code
System.setProperty("javax.net.ssl.keyStore", "mykeystore");
System.setProperty("javax.net.ssl.keyStorePassword","mypass");
//add cert as trusted
System.setProperty("javax.net.ssl.trustStore","mykeystore");
System.setProperty("javax.net.ssl.trustStorePassword","mypass");
but that obviously doesn't work in android for the reasons i read here http://groups.google.com/group/android-developers/browse_thread/thread/16c7eb8e65451d27/26edb971d390e2a3?pli=1 .
I checked the code (solution?) here https://github.com/k9mail/k-9/blob/master/src/com/fsck/k9/mail/store/TrustManagerFactory.java but I can't figure out exactly what to do to import the certificate.
Could you give me some guidance on how to properly import the cert to the keystore?
I would also appreciate maybe an alternative way to securely transmit the data over a tcp socket in java (not android specific since the app i'm making will connect to non-mobile devices as well).
Thanks and please excuse any mistakes i made. I'm still learning. :)
Upvotes: 1
Views: 857
Answers (1)
Reputation: 42605
SSL is a bad choice for client-to-client connections. SSL requires for the server to have a static DNS (or IP) name which is not the case in this scenario.
You should use a regular socket connection and develop your own encrypted protocol. The details depend on what data you want to transfer and what security requirements this implies.
Upvotes: 2
Related Questions
- How to load multiple SSL certificates in Java KeyStore?
- Load SSL certificate from file in Android
- Import keystore in my app
- Adding SSL Certificate to Keystore
- Untrusted SSL certificate - Custom keystore issues
- Android SSL certificate
- Android + SSL: Error Not Trusted Server Certificate
- Android - How to build keystore for SSL authentication given the certificate chain
- Android/Java SSL, keystore, certificate reference request
- loading a certificate from keystore