Android Question Create a digital signature with credentials located in the certificate store

[avalle]

Hi all,
I need to create a digital signature using keys from a credential that is stored in Android's certificate store.

Does B4A provide any support for that?
If not, would it be possible to do something by means of inline Java code and Bouncy Castle, for example?
Andrew Graham's Encryption library only works with keys generated in memory, not in Android's cert store.

Anyone with concrete ideas or code snippets?

Thanks

 

[Erel]

Find a Java solution and we will help you port it.

 

[avalle]

Thanks Erel for offering help.
Here's a project that seems to offer such a sample of what I'd like to achieve in B4A:
https://github.com/nelenkov/android-keystore

 

[DonManfred]

Here's a project that seems to offer such a sample of what I'd like to achieve in B4A:
https://github.com/nelenkov/android-keystore

you did noticed this comment in the githuib project?

Accesses the credential storage directly using a private API. Not guaranteed to work on all Android versions, but tested with 2.1 to 4.0.

Note that this comment is 7 Years old... a lot has changed in the meantime in Android

 

[Erel]

Is this what you are looking for: https://stackoverflow.com/a/42111319/971547 ?

 

[avalle]

Yes, it seems to cover my need. Thanks a lot!
Can it be turned into B4A code?

@DonManfred I saw the project I linked was old and I know that more options have been added in recent API versions, however the AndroidKeyStore methods introduced in API 18 still seem to be fully supported.

 

[Erel]

This is the equivalent code:

Dim alias As String = "Test"
Dim Keysize As Int = 512

Dim KeyProperties As JavaObject
KeyProperties.InitializeStatic("android.security.keystore.KeyProperties")
Dim builder As JavaObject
builder.InitializeNewInstance("android.security.keystore.KeyGenParameterSpec.Builder", _
   Array(alias, Bit.Or(KeyProperties.GetField("PURPOSE_SIGN"), KeyProperties.GetField("PURPOSE_VERIFY"))))
builder.RunMethod("setDigests", Array(Array As String(KeyProperties.GetField("DIGEST_SHA256"), KeyProperties.GetField("DIGEST_SHA512"))))
builder.RunMethod("setKeySize", Array(Keysize))

Dim kpg As JavaObject
kpg = kpg.InitializeStatic("java.security.KeyPairGenerator").RunMethod("getInstance", Array("RSA", "AndroidKeyStore"))
kpg.RunMethod("initialize", Array(builder.RunMethod("build", Null)))
Dim KeyPair As JavaObject = kpg.RunMethod("generateKeyPair", Null)

Dim keystore As JavaObject
keystore = keystore.InitializeStatic("java.security.KeyStore").RunMethod("getInstance", Array("AndroidKeyStore"))
keystore.RunMethod("load", Array(Null))
Dim entry As JavaObject = keystore.RunMethod("getEntry", Array(alias, Null))
Dim PrivateKey As JavaObject = entry.RunMethod("getPrivateKey", Null)
Dim PublicKey As JavaObject = keystore.RunMethodJO("getCertificate", Array(alias)).RunMethod("getPublicKey", Null)

 

[avalle]

Simply amazing Erel!
Contributions like these are not new at all, but your dedication to the community is always impressive.
It's also very educational, I thought the only way to achieve this was Java inline code.
I really appreciate, I'm going to try it now.

Thanks!
Andrea