-
Welcome to B4X forum!
B4X is a set of simple and powerful cross platform RAD tools:
- B4A (free) - Android development
- B4J (free) - Desktop and Server development
- B4i - iOS development
- B4R (free) - Arduino, ESP8266 and ESP32 development
Android Question Private/Public keys and CSR
- Thread starter iCAB
- Start date
- Similar Threads Similar Threads
Are you looking for client authenticated handshake: https://en.wikipedia.org/wiki/Transport_Layer_Security#Client-authenticated_TLS_handshake ?
Upvote
0
Hi Erel
Thanks for your reply. What I am looking for is this:
1. We have a requirement to communicate with a secure server
2. The process requires that we generate a Public/Private key pair from within the app
3. Use the Public/Private to generate Certificate Sign Request using an https call made to the server which includes the csr string, plus some additional info
4. The server (after authenticating the request), replies with a signed certificate which we should auto install after receiving
Unfortunately, I can't post the document in here due to an NDA, but if you like I can PM you the page.
Thanks
iCAB
Upvote
0
I am wondering if you know how to generate a CSR request using the keys?, is this a standard thing or server specific?
Thanks
iCAB
Upvote
0
Hi Guys, I am going to break this into few steps hoping to collect feedback from different users to get to the bottom of it:
The first step requires generating a key pair, and specifically mentions the following:
"When creating a pair of keys, you must specify that the private key is to be used to produce a signature, while the public key must be used
to ensure non-repudiation."
Then I need to use the key pair to request a digital certificate, and i need to provide the following info:
CN=, O= , OU=, L=, S=, C=, ( then it says: Key length Length of the public and private keys. 256 bits (ECDSA P-256) )
Can someone provide a sample code that shows how to generate a key pair that meet the above requirement and how to use to generate the CSR.
The first step requires generating a key pair, and specifically mentions the following:
"When creating a pair of keys, you must specify that the private key is to be used to produce a signature, while the public key must be used
to ensure non-repudiation."
Then I need to use the key pair to request a digital certificate, and i need to provide the following info:
CN=, O= , OU=, L=, S=, C=, ( then it says: Key length Length of the public and private keys. 256 bits (ECDSA P-256) )
Can someone provide a sample code that shows how to generate a key pair that meet the above requirement and how to use to generate the CSR.
Upvote
0
This link may provide a stepping stone: https://www.pixelstech.net/article/1464167276-Generating-CSR-using-Java. I would say some JavaObject / inline Java / or wrapper magic will be involved.
Upvote
0
How to generate the Private/Public key you want: https://developer.android.com/refer...-key-pair-for-signingverification-using-ecdsa
An example of how to create a CSR: https://www.journaldev.com/223/java-generate-csr-program. Note: This example uses a RSA key pair, but it should be adaptable to using a elliptical curve key pair. This method's signature - generatePKCS10(String CN, String OU, String O, String L, String S, String C) - seems to use all the info that is required by your cert.
I know this is not 100% the answer you are looking for, but it looks like what you are trying to do is doable and either lots of testing will get you there or someone else with some more crypto chops can take this info and supply you with an answer.
An example of how to create a CSR: https://www.journaldev.com/223/java-generate-csr-program. Note: This example uses a RSA key pair, but it should be adaptable to using a elliptical curve key pair. This method's signature - generatePKCS10(String CN, String OU, String O, String L, String S, String C) - seems to use all the info that is required by your cert.
I know this is not 100% the answer you are looking for, but it looks like what you are trying to do is doable and either lots of testing will get you there or someone else with some more crypto chops can take this info and supply you with an answer.
Upvote
0
Hi Oliver
Thanks for your valuable feedback
One big problem in here: I have basic knowledge of Java and the same is true for asymmetric cryptography. So if you put the 2 together, you will see the challenge with the above links. Needless to say that this is first step only, on top which I have to build the code to sign the messages and make sure that we can securely communicate with server. We also need to auto install the certificate returned by the server and I guess reload it every time before we issue any calls to the server (this is at least my understanding at this point)
So I was hoping to find some B4A code, perhaps using keyPairGenerator and build on top of it (or even better a solution that can be used with B4I as well )
I will definitely review the above, but I am hoping that someone already have implemented this and can save me the agony.
Thanks again.
iCAB
Thanks for your valuable feedback
One big problem in here: I have basic knowledge of Java and the same is true for asymmetric cryptography. So if you put the 2 together, you will see the challenge with the above links. Needless to say that this is first step only, on top which I have to build the code to sign the messages and make sure that we can securely communicate with server. We also need to auto install the certificate returned by the server and I guess reload it every time before we issue any calls to the server (this is at least my understanding at this point)
So I was hoping to find some B4A code, perhaps using keyPairGenerator and build on top of it (or even better a solution that can be used with B4I as well )
I will definitely review the above, but I am hoping that someone already have implemented this and can save me the agony.
Thanks again.
iCAB
Upvote
0
Hi Guys
Can anyone provide a sample project that shows how to compile the code in this link:
https://developer.android.com/refer...-key-pair-for-signingverification-using-ecdsa
I have also found another link that might be helpful (again Java code )
https://android.googlesource.com/pl...va/android/security/KeyPairGeneratorSpec.java
May be one of these links will get me started.
Can anyone provide a sample project that shows how to compile the code in this link:
https://developer.android.com/refer...-key-pair-for-signingverification-using-ecdsa
I have also found another link that might be helpful (again Java code )
https://android.googlesource.com/pl...va/android/security/KeyPairGeneratorSpec.java
May be one of these links will get me started.
Last edited:
Upvote
0