On Fri, Oct 26, 2012 at 11:47 PM, Anders Rundgren <[email protected]> wrote: > I still haven't much of a clue on how "KeyChain" and "JCE" play together > or how you can generate keys for usage by "KeyChain".
The PrivateKey's returned by KeyChain.getPrivateKey are meant to work with JCE. The one thing they don't guarantee to support in the long term is to getEncoded() to get the raw bytes. This worked in 4.0 as we still were based on the underlying private KeyStore implementation, but in 4.1 with initial support for hardware keystores, we disabled that which caused a few surprised. I believe 4.1.1 or 4.1.2 added additional provider support for using these keys. Currently they only way to get keys to the store is to install them from a PKCS#12 file or via the browser <keygen> tag support. We are looking at doing something better in the future, some of it may be lurking in AOSP code, I don't recall. :) Other resources below. -bri Blog post: http://android-developers.blogspot.com/2012/03/unifying-key-store-access-in-ics.html javadoc: http://developer.android.com/reference/android/security/KeyChain.html I'm also a fan of Nikolay Elenkov's posts such as: http://nelenkov.blogspot.com/2011/11/using-ics-keychain-api.html > > Regards, > Anders > >> >> since it was from this change >> >> Author: Elliott Hughes <[email protected]> >> Date: Thu Jan 6 18:13:31 2011 -0800 >> >> Retire SecurityManager. >> >> This change removes all the code that was calling getSecurityManager, and >> removes all use of AccessController.doPrivileged. It also changes the >> implementation of AccessController so it doesn't actually do anything; >> it's >> only there for source-level compatibility. >> >> Bug: 2585285 >> Change-Id: I1f0295a4f12bce0316d8073011d8593fee116f71 >> >> -bri >> >> On Fri, Oct 26, 2012 at 3:24 PM, Anders Rundgren >> <[email protected]> wrote: >>> http://developer.android.com/reference/java/security/package-summary.html >>> >>> As of 2012-10-07 the page begins with: >>> >>> "package java.security >>> This package is for compatibility with legacy code only, and should not >>> be used or expected to do anything useful." >>> >>> >>> Where is the recommended API that one can expect does something useful? >>> >>> Anders >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Android Security Discussions" group. >>> To post to this group, send email to >>> [email protected]. >>> To unsubscribe from this group, send email to >>> [email protected]. >>> For more options, visit this group at >>> http://groups.google.com/group/android-security-discuss?hl=en. >>> >> > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
