I made a lot of tests and i understand what is the problem: the key
encryption algorithm. It must be RSA, i made all certificates with
keytool without specifying the algorithm with the -keyalg option, and
by the default keytool uses SHA1withDSA, and on android this causes
the fact that the client can't authenticate itself, i don't know why.
Maybe it's the BKS keystore format, i don't know.
So the step-by-step guide to work with SSL socket in android is very
simple:
-the keytool -selfcert command is useless, this fact is reported also
in the keytool usage guide
-keystore and truststore properties must be declared programmatically
(information on how to do this can be found on an IBM tutorial on
custom sockets)
-the keystore on android must be in BKS format. To make it you have to
download the bouncycastle jar on the bouncycastle site and use it as a
provider in keytool:
keytool -provider org.bouncycastle.jce.BouncyCastleProvider -
providerpath bcprov-jdk16-145.jar ..." and after the usual options of
keytool (note that, this way, you have to launch keytool in
the same directory of bcprov-jdk16-145.jar).
-this way you can create BKS keystores using keytool (there are a lot
of guides on the web) remembering that you have to use the option -
keyalg RSA when generating certificate's keys: keytool -genkey -keyalg
RSA.
--
You received this message because you are subscribed to the Google Groups
"Android Security Discussions" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/android-security-discuss?hl=en.
