On Mon, Sep 6, 2010 at 8:13 AM, mastergap <[email protected]> wrote:
> I made a lot of tests and i understand what is the problem: the key > encryption algorithm. It must be RSA, i made all certificates with > keytool without specifying the algorithm with the -keyalg option, and > by the default keytool uses SHA1withDSA, and on android this causes > I'm not aware of any old issues with DSA certs inherently not working, but most people use RSA. > Maybe it's the BKS keystore format, i don't know. > I know in my later work that DSA's work fine with BKS. > -the keytool -selfcert command is useless, this fact is reported also > in the keytool usage guide > can you give some doc to support this? I thought it was how to turn a unsigned cert + key into a self signed cert. -keystore and truststore properties must be declared programmatically > (information on how to do this can be found on an IBM tutorial on > custom sockets) > you can provide these via the SSLContext.init like your code showed. > -the keystore on android must be in BKS format. I know third party tools using PKCS12 keystore format or most any KeyStore implementation supported by Android, not just BKS. JKS is not supported. > -this way you can create BKS keystores using keytool (there are a lot > of guides on the web) remembering that you have to use the option - > keyalg RSA when generating certificate's keys: keytool -genkey -keyalg > RSA. I've make and used pkcs12 keystores with the "openssl pkcs12" command. others using PKCS12 have used PFX files generated by Microsoft tools -bri -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
