pki - Is there some way to restrict private key visibility on Android? -
i developing , application need certify info created end users.
i know utilize keychain api that, api has believe flaw our application. since keychain requires user access certificates , hence access private keys, our application accused of stealing identity , forging data. need way of certifying info user private key without beingness able 'copy' private key or sending somewhere else.
is there anyway this?
i looking forwards smart cards , usb tokens, glad if else share experience of implementations solve similar issues or suggesting something.
the keychain api not allow re-create private key if implemented hardware key store. unfortionally google nexus devices android 4.1+ implement hardware keystore. other vendors might or might utilize standard insecure software implementation.
i think there specialized sd cards smart card back upwards on them these not inexpensive , don't know if work on telephones.
also in android 4.1+ don't access private key. object can used private key in signing/decrypting/encryption don't actual key. see more details on implementation here: http://nelenkov.blogspot.de/2012/07/jelly-bean-hardware-backed-credential.html
android pki digital-certificate android-keystore
No comments:
Post a Comment