On Sat, Feb 22, 2014 at 9:02 AM, Pradeep Phatak
<[email protected]> wrote:
> Context-
> I have stored a password protected .p12 client certificate/key
> programatically in the Android keystore.
> During provisioning, Wifi was selected in the dialog (instead of VPN and
> apps).
> I want to use it for Wifi EAP-TLS configuration using the Android API.
>
> Expectation-
> In Wifi Settings, this EAP-TLS wifi configuration should show this user
> certificate pre-selected.
I haven't looked at this for a while, but IIRC it doesn't work the way
you expect it to (see below).
>
> Observation-
> setClientKeyEntry method throws exception-
> java.lang.IllegalArgumentException: Private key cannot be encoded.
> setClientKeyEntry method throws this exception if getEncoded method returns
> null for the PrivateKey object reference.
> It is not clear why getEncoded returns null in this case.
Once a key is imported into the device keystore you can use it, but
not extract the private part. That is why getEncoded() returns null.
If it returned the encoded key bytes, that would let you extract
the private key, which defeats the purpose of storing it in the
keystore.
>
> Can a password protected .p12 file stored in keystore be used for
> programatically configuring Wifi EAP-TLS using this procedure?
>
Again IIRC (I might be wrong, so do check), WifiEnterpriseConfig
imports the key into the keystore for you, so you should provide
it a key it can read. To do that, load the PKCS#12 file using
a KeyStore.getInstance("PKCS12"), then find the private key
entry and pass it to WifiEnterpriseConfig. Do *not* import into
the Android keystore first.
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
---
You received this message because you are subscribed to the Google Groups
"Android Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
