Dear Brian, Thank you for your advice. I try to make some original approach to use keystore, because the program is not a normal app but built in service program (for example /system/bin/sdcard) .
If it is difficult to use, my program will have original data store. 2013/6/10 Brian Carlstrom <[email protected]> > App's currently have two choices: > 1.) install their key into system key chain > 2.) manage the data themselves in the app directory > > there is work to allow apps to install their own data into the key store > for their own use in AOSP in > frameworks/base/keystore/java/android/security/AndroidKeyStore.java, > but that isn't available yet. > > but yes, if your app requirements dictate your options. it is best to use > the newer APIs, and fall back to a compatability mode for older releases. > > -bri > > > On Sun, Jun 9, 2013 at 6:48 PM, Kouji Ishikawa <[email protected]> wrote: > >> Dear Brian, >> >> > It means on purpose, working as intended, this is not a bug, and won't >> be changed. >> >> I understand. >> >> Normal apps can use KeyChain APIs. >> And apps do not have to use private key directory, if there is signing >> and verification API. >> >> When a developer make raw program module that uses it's own private key, >> it will be able to have certification and key data somewhere. >> >> The OS has keystore, it is natural idea that the program uses keystore in >> raw level, I think. >> However it has a risk, it depends on the os version.... >> >> Then you say that I should use KeyChain ? >> >> 2013/6/10 Brian Carlstrom <[email protected]> >> >>> >>> >>> >>> On Sat, Jun 8, 2013 at 4:26 PM, Kouji Ishikawa <[email protected]>wrote: >>> >>>> By the way, what does it mean "by design". >>>> >>> >>> It means on purpose, working as intended, this is not a bug, and won't >>> be changed. >>> >>> >>>> It is no library, no public info about communicating keystore ? >>>> >>> >>> the code is all in AOSP. but the public API for applications is the >>> KeyChain API. >>> >>> >>>> Or any protection of security ? >>>> >>>> I can challenge to access the keystore if it is not protected by >>>> security. >>>> How about is it ? >>>> >>> >>> private key's stored in the key store can be used to performing signing >>> and verification operations. However, once installed, they can't be >>> extracted to be used directly by apps. if an app needs to use a private key >>> in the keystore, it needs to do it indirectly via the APIs provided by >>> KeyChain. >>> >>> -bri >>> >>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Android Security Discussions" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To post to this group, send email to >>>> [email protected]. >>>> Visit this group at >>>> http://groups.google.com/group/android-security-discuss?hl=en. >>>> For more options, visit https://groups.google.com/groups/opt_out. >>>> >>>> >>>> >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Android Security Discussions" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to >> [email protected]. >> Visit this group at >> http://groups.google.com/group/android-security-discuss?hl=en. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
