Dear Brian, Thank you, it is usefull information. I do not know yet.
But I guess it is my own risk. Brian Carlstrom <[email protected]> wrote: >since the keystore is not a public API, the implementation isn't >guaranteed to have the same behavior on all devices. the low level >interface has been changing significantly in JellyBean. > >-bri > >On Mon, Jun 10, 2013 at 3:15 AM, Kouji Ishikawa <[email protected]> >wrote: >> Dear Brian, >> >> Thank you for your advice. >> I try to make some original approach to use keystore, because the >program is >> not a normal app >> but built in service program (for example /system/bin/sdcard) . >> >> If it is difficult to use, my program will have original data store. >> >> >> 2013/6/10 Brian Carlstrom <[email protected]> >>> >>> App's currently have two choices: >>> 1.) install their key into system key chain >>> 2.) manage the data themselves in the app directory >>> >>> there is work to allow apps to install their own data into the key >store >>> for their own use in AOSP in >>> frameworks/base/keystore/java/android/security/AndroidKeyStore.java, >but >>> that isn't available yet. >>> >>> but yes, if your app requirements dictate your options. it is best >to use >>> the newer APIs, and fall back to a compatability mode for older >releases. >>> >>> -bri >>> >>> >>> On Sun, Jun 9, 2013 at 6:48 PM, Kouji Ishikawa <[email protected]> >wrote: >>>> >>>> Dear Brian, >>>> >>>> > It means on purpose, working as intended, this is not a bug, and >won't >>>> > be changed. >>>> >>>> I understand. >>>> >>>> Normal apps can use KeyChain APIs. >>>> And apps do not have to use private key directory, if there is >signing >>>> and verification API. >>>> >>>> When a developer make raw program module that uses it's own private >key, >>>> it will be able to have certification and key data somewhere. >>>> >>>> The OS has keystore, it is natural idea that the program uses >keystore in >>>> raw level, I think. >>>> However it has a risk, it depends on the os version.... >>>> >>>> Then you say that I should use KeyChain ? >>>> >>>> 2013/6/10 Brian Carlstrom <[email protected]> >>>>> >>>>> >>>>> >>>>> >>>>> On Sat, Jun 8, 2013 at 4:26 PM, Kouji Ishikawa <[email protected]> >>>>> wrote: >>>>>> >>>>>> By the way, what does it mean "by design". >>>>> >>>>> >>>>> It means on purpose, working as intended, this is not a bug, and >won't >>>>> be changed. >>>>> >>>>>> >>>>>> It is no library, no public info about communicating keystore ? >>>>> >>>>> >>>>> the code is all in AOSP. but the public API for applications is >the >>>>> KeyChain API. >>>>> >>>>>> >>>>>> Or any protection of security ? >>>>>> >>>>>> I can challenge to access the keystore if it is not protected by >>>>>> security. >>>>>> How about is it ? >>>>> >>>>> >>>>> private key's stored in the key store can be used to performing >signing >>>>> and verification operations. However, once installed, they can't >be >>>>> extracted to be used directly by apps. if an app needs to use a >private key >>>>> in the keystore, it needs to do it indirectly via the APIs >provided by >>>>> KeyChain. >>>>> >>>>> -bri >>>>> >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the >Google >>>>>> Groups "Android Security Discussions" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >send >>>>>> an email to >[email protected]. >>>>>> To post to this group, send email to >>>>>> [email protected]. >>>>>> Visit this group at >>>>>> http://groups.google.com/group/android-security-discuss?hl=en. >>>>>> For more options, visit https://groups.google.com/groups/opt_out. >>>>>> >>>>>> >>>>> >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >Groups >>>> "Android Security Discussions" group. >>>> To unsubscribe from this group and stop receiving emails from it, >send an >>>> email to [email protected]. >>>> To post to this group, send email to >>>> [email protected]. >>>> Visit this group at >>>> http://groups.google.com/group/android-security-discuss?hl=en. >>>> For more options, visit https://groups.google.com/groups/opt_out. >>>> >>>> >>> >>> >> >> -- >> You received this message because you are subscribed to the Google >Groups >> "Android Security Discussions" group. >> To unsubscribe from this group and stop receiving emails from it, >send an >> email to [email protected]. >> To post to this group, send email to >> [email protected]. >> Visit this group at >> http://groups.google.com/group/android-security-discuss?hl=en. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> -- Ishikawa kouji -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
