On 2012-12-28 11:22, Jeffrey Walton wrote: <snip> > Questions before I go (please forgive my ignorance): besides its birth > date, why is keygen obsolete?
<keygen> is an HTML-based certificate enrollment system. It uses a process that doesn't work well neither for the end-user nor for the issuer. I wouldn't be surprised if some of the "roll-your-own-PKI" bank apps actually have more users than all users of <keygen> combined! > On the device: why not use BouncyCastle to generate keys (after > getting a user seed), and then store the secrets in the KeyStore > (pre-Android 4.0) or KeyChain (Android 4.0+)? AFAIK, "KeyChain" doesn't offer a public interface except P12 import which is only suitable for "experiments" and then there is the moderately useful <keygen>. > I guess I'm not clear why you have to duplicate the functionality. If "KeyChain" had been generally available it would still not have worked since "KeyChain" doesn't support PINs to take a very basic example. Note: I really like Android most of the time! Anders > > Jeff > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
