On Wed, Oct 10, 2012 at 5:23 PM, Anders Rundgren <[email protected]> wrote: > Target: JB 4.1 latest SDK/Emulator > > I imported an PKCS #11 container during private key select GUI that KeyChain > puts up. > The PKCS #12 according to keytool only contained a private key entry, albeit > with a complete certificate path. > > Using the excellent https://github.com/nelenkov/keystore-test app I got the > message that it is trusted > when using the private key. Listing the truststore I indeed found the CA > associated with the path. > > Is this the expected behavior? IMO, importing a private key and importing a > CA cert are > to different things. I would at least expect the GUI giving me the option to > install or not.
It appears this is by design. The import dialog probably said something like this: The package contains: one user key one user certificate one CA certificate Unfortunately it doesn't tell you what those are (DN, etc), and there is no option to import only the user key. > > BTW, it would have been a reasonable addition letting the Trusted Credentials > menu > also remove CAs. Now I have to build such tools myself in order to test my > code. > > You can remove them, although it is not quite obvious: tap the cert in the list, scroll to the bottom of the 'Security certificate' dialog and press the 'Remove' button. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
