Android Question Create a digital signature with credentials located in the certificate store

avalle

Active Member
Licensed User
Hi all,
I need to create a digital signature using keys from a credential that is stored in Android's certificate store.

Does B4A provide any support for that?
If not, would it be possible to do something by means of inline Java code and Bouncy Castle, for example?
Andrew Graham's Encryption library only works with keys generated in memory, not in Android's cert store.

Anyone with concrete ideas or code snippets?

Thanks
 

DonManfred

Expert
Licensed User
Here's a project that seems to offer such a sample of what I'd like to achieve in B4A:
https://github.com/nelenkov/android-keystore
you did noticed this comment in the githuib project?

Accesses the credential storage directly using a private API. Not guaranteed to work on all Android versions, but tested with 2.1 to 4.0.

Note that this comment is 7 Years old... a lot has changed in the meantime in Android
 

avalle

Active Member
Licensed User
Yes, it seems to cover my need. Thanks a lot!
Can it be turned into B4A code?

@DonManfred I saw the project I linked was old and I know that more options have been added in recent API versions, however the AndroidKeyStore methods introduced in API 18 still seem to be fully supported.
 

Erel

Administrator
Staff member
Licensed User
This is the equivalent code:
B4X:
Dim alias As String = "Test"
Dim Keysize As Int = 512

Dim KeyProperties As JavaObject
KeyProperties.InitializeStatic("android.security.keystore.KeyProperties")
Dim builder As JavaObject
builder.InitializeNewInstance("android.security.keystore.KeyGenParameterSpec.Builder", _
   Array(alias, Bit.Or(KeyProperties.GetField("PURPOSE_SIGN"), KeyProperties.GetField("PURPOSE_VERIFY"))))
builder.RunMethod("setDigests", Array(Array As String(KeyProperties.GetField("DIGEST_SHA256"), KeyProperties.GetField("DIGEST_SHA512"))))
builder.RunMethod("setKeySize", Array(Keysize))

Dim kpg As JavaObject
kpg = kpg.InitializeStatic("java.security.KeyPairGenerator").RunMethod("getInstance", Array("RSA", "AndroidKeyStore"))
kpg.RunMethod("initialize", Array(builder.RunMethod("build", Null)))
Dim KeyPair As JavaObject = kpg.RunMethod("generateKeyPair", Null)

Dim keystore As JavaObject
keystore = keystore.InitializeStatic("java.security.KeyStore").RunMethod("getInstance", Array("AndroidKeyStore"))
keystore.RunMethod("load", Array(Null))
Dim entry As JavaObject = keystore.RunMethod("getEntry", Array(alias, Null))
Dim PrivateKey As JavaObject = entry.RunMethod("getPrivateKey", Null)
Dim PublicKey As JavaObject = keystore.RunMethodJO("getCertificate", Array(alias)).RunMethod("getPublicKey", Null)
 

avalle

Active Member
Licensed User
Simply amazing Erel!
Contributions like these are not new at all, but your dedication to the community is always impressive.
It's also very educational, I thought the only way to achieve this was Java inline code.
I really appreciate, I'm going to try it now.

Thanks!
Andrea
 
Top