Thanks for your reply. What I am looking for is this:
1. We have a requirement to communicate with a secure server
2. The process requires that we generate a Public/Private key pair from within the app
3. Use the Public/Private to generate Certificate Sign Request using an https call made to the server which includes the csr string, plus some additional info
4. The server (after authenticating the request), replies with a signed certificate which we should auto install after receiving
Unfortunately, I can't post the document in here due to an NDA, but if you like I can PM you the page.
Hi Guys, I am going to break this into few steps hoping to collect feedback from different users to get to the bottom of it:
The first step requires generating a key pair, and specifically mentions the following:
"When creating a pair of keys, you must specify that the private key is to be used to produce a signature, while the public key must be used
to ensure non-repudiation."
Then I need to use the key pair to request a digital certificate, and i need to provide the following info:
CN=, O= , OU=, L=, S=, C=, ( then it says: Key length Length of the public and private keys. 256 bits (ECDSA P-256) )
Can someone provide a sample code that shows how to generate a key pair that meet the above requirement and how to use to generate the CSR.
An example of how to create a CSR: https://www.journaldev.com/223/java-generate-csr-program. Note: This example uses a RSA key pair, but it should be adaptable to using a elliptical curve key pair. This method's signature - generatePKCS10(String CN, String OU, String O, String L, String S, String C) - seems to use all the info that is required by your cert.
I know this is not 100% the answer you are looking for, but it looks like what you are trying to do is doable and either lots of testing will get you there or someone else with some more crypto chops can take this info and supply you with an answer.
One big problem in here: I have basic knowledge of Java and the same is true for asymmetric cryptography. So if you put the 2 together, you will see the challenge with the above links. Needless to say that this is first step only, on top which I have to build the code to sign the messages and make sure that we can securely communicate with server. We also need to auto install the certificate returned by the server and I guess reload it every time before we issue any calls to the server (this is at least my understanding at this point)
So I was hoping to find some B4A code, perhaps using keyPairGenerator and build on top of it (or even better a solution that can be used with B4I as well )
I will definitely review the above, but I am hoping that someone already have implemented this and can save me the agony.