I'm honestly not all that familiar with the <keygen> code. It and all the original keystore code was added in 1.6 for VPN support. I've tested it using a Microsoft certificate server to excercise VPN, so I'd say that Android inherited keygen from Microsoft that inherited it from Netscape, but that no one is really happy with it.
-bri On Sat, Jul 7, 2012 at 8:37 PM, Anders Rundgren <[email protected]>wrote: > On 2012-06-24 20:26, Brian Carlstrom wrote: > > I think > http://android-developers.blogspot.com/2012/03/unifying-key-store-access-in-ics.htmlmight > be what you are looking for. > > Thanx Brian, but I just wanted to look on what I had enrolled without > writing any code > but I couldn't find a single app on play that does this. WEll... By > creating a > VPN definition (!) using the built-in tools I could find at least the name > that you > (for some strange reasons...) have to manually assign to a certificate > during enroll. > > BTW, to make <keygen> even remotely user-friendly I had to use (for a CA) > quite bizarre HTML. One major issue with <keygen> in Android is that it > doesn't > generate any kind of response telling when it began, is ready, or if it > actually > succeeded. In addition there's a repaint problems, at least in > Gingerbread. > Below is an extract that shows what I ended up with. It might be > "creative" but I > don't think PKI-code should creative, it should be crystal clear: > > var firstshoot = true; > function submitter () > { > if (firstshoot) document.shoot.submit (); > firstshoot = false; > > // Change HTML but do it repeatedly as well due to repaint issues > document.getElementById ('keygen').innerHTML = '<b>Request > Succeeded!</b>'; > } > > // There is no submit button but an ordinary button with > onclick="doit(this)" > function doit (button) > { > button.value = 'Submitted...'; > button.disabled = true; > oneshooter = setInterval ('submitter()', 500) > } > > I could file this as a bug report, but <keygen> is really just some 15Y+ > old > c**p that Google inherited from Netscape. It needs a more worthy > successor! > > Most serious users of PKI in Android write their own enrollment apps since > the built-in solution is simply put "archaic". > > I think you should talk to Wan-Teh about this :-) > > > Regards, > Anders > > > > -bri > > > > On Sun, Jun 24, 2012 at 6:59 AM, Anders Rundgren < > [email protected] <mailto:[email protected]>> wrote: > > > > I have just managed enrolling a client certificate using Google's > > close-to-useless <keygen> scheme. Now I just need a way to view > > and manage it. I can't find any such menu in 4.0.3 and no apps > > seem to do this either. Tell me I'm wrong! > > > > Anders > > > > -- > > You received this message because you are subscribed to the Google > Groups "Android Security Discussions" group. > > To post to this group, send email to > [email protected] <mailto: > [email protected]>. > > To unsubscribe from this group, send email to > [email protected] <mailto: > android-security-discuss%[email protected]>. > > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > > > > > > -- > > You received this message because you are subscribed to the Google > Groups "Android Security Discussions" group. > > To post to this group, send email to > [email protected]. > > To unsubscribe from this group, send email to > [email protected]. > > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
