Hi,

I am able to read the certificates in system/etc/security/cacerts.bks
using the following code. I installed a .p12 certificate from the SD
card but the installed certificate is not getting listed with the same
code. I guess cacerts.bks doesn't get updated when a new certificate
is installed from SD card. if it is not in cacerts.bks, then in which
key store the certificate is getting installed and how to read that
through a program. Following is the code for listing the certificates
from cacerts.bks.

KeyStore smartCardKeyStore = KeyStore.getInstance("BKS");
String fileName = "system/etc/security/cacerts.bks";
FileInputStream stream = new FileInputStream(new File(fileName));


smartCardKeyStore.load(stream, "changeit".toCharArray());
//Get the enumeration of the entris in the keystore
Enumeration aliasesEnum = smartCardKeyStore.aliases();
while (aliasesEnum.hasMoreElements()) {

//Print alias
String alias = (String) aliasesEnum.nextElement();
System.out.println("Alias: " + alias);
//Print certificate
X509Certificate cert = (X509Certificate)
smartCardKeyStore.getCertificate(alias);
System.out.println("Certificate: " + cert);
}

--
You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
To post to this group, send email to android-security-discuss@googlegroups.com.
To unsubscribe from this group, send email to android-security-discuss+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.

Search Discussions

  • Brian Carlstrom at Nov 21, 2011 at 7:24 pm

    On Mon, Nov 21, 2011 at 2:46 AM, Harish wrote:

    I guess cacerts.bks doesn't get updated when a new certificate
    is installed from SD card.

    that is correct, this just contains system CA certificates in releases
    before 4.0, and doesn't exist in 4.0

    if it is not in cacerts.bks, then in which
    key store the certificate is getting installed and how to read that
    through a program.

    they are managed by a keystore daemon and there is no public API to access
    them before 4.0. Starting in 4.0 an application can request access to
    installed certs via
    http://developer.android.com/reference/android/security/KeyChain.html, but
    the user has to approve such access per application.

    -bri

    --
    You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
    To post to this group, send email to android-security-discuss@googlegroups.com.
    To unsubscribe from this group, send email to android-security-discuss+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
  • Harish KS at Nov 22, 2011 at 6:30 am
    Thanks Brian,

    The actual requirement for us is to list the certificates that are
    installed on the USB token connected to the device. For the desktop
    application, we could achieve this from the below lines of code

    --------------------------
    String pkcs11ConfigFile = "D:\\NCSA\\java\\SmartCardSecurity\\pkcs11.cfg";
    Provider pkcs11Provider = new
    sun.security.pkcs11.SunPKCS11(pkcs11ConfigFile);
    Security.addProvider(pkcs11Provider);

    //PIN is used to protect the information strored in the card
    char[] pin = ...;//password
    KeyStore smartCardKeyStore = KeyStore.getInstance("PKCS11");
    smartCardKeyStore.load(null, pin);

    //Get the enumeration of the entris in the keystore
    Enumeration aliasesEnum = smartCardKeyStore.aliases();
    while (aliasesEnum.hasMoreElements()) {
    //Print certificate
    X509Certificate cert = (X509Certificate)
    smartCardKeyStore.getCertificate(alias);
    System.out.println("Certificate: " + cert);
    }
    ----------------------------------------

    Found that Bouncy castle is the provider on the device. Have not tried
    connecting USB to the device yet. The USB dongles that we have has a class
    A certificate installed on it. And in our application we are supposed to
    list or read that certificate.

    we will try the solution that you have provided for version 4.0 and any
    more help on this is highly appreciated.

    Regards
    Harish
    On Tue, Nov 22, 2011 at 12:53 AM, Brian Carlstrom wrote:
    On Mon, Nov 21, 2011 at 2:46 AM, Harish wrote:

    I guess cacerts.bks doesn't get updated when a new certificate
    is installed from SD card.

    that is correct, this just contains system CA certificates in releases
    before 4.0, and doesn't exist in 4.0

    if it is not in cacerts.bks, then in which
    key store the certificate is getting installed and how to read that
    through a program.

    they are managed by a keystore daemon and there is no public API to access
    them before 4.0. Starting in 4.0 an application can request access to
    installed certs via
    http://developer.android.com/reference/android/security/KeyChain.html,
    but the user has to approve such access per application.

    -bri
    --
    You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
    To post to this group, send email to android-security-discuss@googlegroups.com.
    To unsubscribe from this group, send email to android-security-discuss+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
  • Brian Carlstrom at Nov 24, 2011 at 3:37 am

    On Mon, Nov 21, 2011 at 10:29 PM, Harish KS wrote:

    The USB dongles that we have has a class A certificate installed on it.
    Not sure how how anything on a USB dongle is going to be visible.

    -bri

    --
    You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
    To post to this group, send email to android-security-discuss@googlegroups.com.
    To unsubscribe from this group, send email to android-security-discuss+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupandroid-security-discuss @
categoriesandroid
postedNov 21, '11 at 4:41p
activeNov 24, '11 at 3:37a
posts4
users2
websiteandroid.com

2 users in discussion

Harish KS: 2 posts Brian Carlstrom: 2 posts

People

Translate

site design / logo © 2017 Grokbase