Thank you Nikolay. I added p12 file to the Keystore using the load method, passing the InputStream and password string. I didn't see any method to provide an alias for this entry. KeyStore getCertificate and getKey method require an alias to be passed. Without an alias, it is not clear how to get the certificate and key from the p12 file.
On Sunday, February 23, 2014 5:24:14 AM UTC-8, Nikolay Elenkov wrote: > On Sat, Feb 22, 2014 at 9:02 AM, Pradeep Phatak > <[email protected] <javascript:>> wrote: > > > Context- > > I have stored a password protected .p12 client certificate/key > > programatically in the Android keystore. > > During provisioning, Wifi was selected in the dialog (instead of VPN and > > apps). > > I want to use it for Wifi EAP-TLS configuration using the Android API. > > > > Expectation- > > In Wifi Settings, this EAP-TLS wifi configuration should show this user > > certificate pre-selected. > > I haven't looked at this for a while, but IIRC it doesn't work the way > you expect it to (see below). > > > > > Observation- > > setClientKeyEntry method throws exception- > > java.lang.IllegalArgumentException: Private key cannot be encoded. > > setClientKeyEntry method throws this exception if getEncoded method > returns > > null for the PrivateKey object reference. > > It is not clear why getEncoded returns null in this case. > > Once a key is imported into the device keystore you can use it, but > not extract the private part. That is why getEncoded() returns null. > If it returned the encoded key bytes, that would let you extract > the private key, which defeats the purpose of storing it in the > keystore. > > > > > Can a password protected .p12 file stored in keystore be used for > > programatically configuring Wifi EAP-TLS using this procedure? > > > > Again IIRC (I might be wrong, so do check), WifiEnterpriseConfig > imports the key into the keystore for you, so you should provide > it a key it can read. To do that, load the PKCS#12 file using > a KeyStore.getInstance("PKCS12"), then find the private key > entry and pass it to WifiEnterpriseConfig. Do *not* import into > the Android keystore first. > -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en --- You received this message because you are subscribed to the Google Groups "Android Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
