While I'm waiting for some kind of response from the Android team regarding soaping-up the key-store, I try to get something useful rolling in another way, still building on the same foundation.
I started thinking about using non-crypto HW like this: http://www.atmel.com/dyn/products/tools_card.asp?tool_id=3879 The following article proves that you don't need any exotic processor: http://www.cs.harvard.edu/~malan/publications/secon04.pdf By adding 50c to the list-price on a standard USB memory you can carry any amount of keys in fairly secure way. Yes, this is a third-world solution but those are also interesting. Anders http://android-keystore-v2.webpki.org
