I am developing an android application that uses a public key certificate to sign messages sent to the server. When the user logs in to the app, he receives a x509 certificate from the server. Now, when he wants to send messages to the server, he has to sign the message using the certificate public key and send it to the server along with the message. I am new to security in android and I don't know how to go about this. These are some of the questions I have:
1. How can i securely store the certificate in the phone so that my app can use it to sign messages sent to the server? 2. I am also planning to do key rotation once in some time. So, the server will send the updated certificate to the user and my app has to update the certificate stored in the phone. If you can point me to a tutorial or any issues i need to carefully handle , it will be really helpful. Thanks -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
