i**p
发帖数: 902 | 1 Android provides android.security.KeyStore. What is difference between them? |
t*******e
发帖数: 684 | 2 just pick whichever you like. |
i**p
发帖数: 902 | 3 Do you mean java.security.KeyStore can do whatever android.security.KeyStore
does on Android?
Then why does android provide a new one?
【在 t*******e 的大作中提到】
: just pick whichever you like.
|
t*******e
发帖数: 684 | 4 KeyStore is a place to store public-private key pairs, plus the
corresponding certificates. Why is Android different from the one comes with
JDK? App server vendors tend to bundle their own key stores in their products
too. |
g*****g
发帖数: 34805 | 5 I would think for security reason, Google doesn't want you to
tamper the system keystore but still want to give you some restricted
access. Imagine you install an app from market, it tampers the keystore,
adds a self-signed certificate that shouldn't be trusted, intercept
your connection and start man-in-the-middle attack.
with
products
【在 t*******e 的大作中提到】
: KeyStore is a place to store public-private key pairs, plus the
: corresponding certificates. Why is Android different from the one comes with
: JDK? App server vendors tend to bundle their own key stores in their products
: too.
|
t*******e
发帖数: 684 | 6 Keystore is protected by password. As long as one has the password, he can
export the key pairs and import into another keystore. Does android keystore
have anything unique?
【在 g*****g 的大作中提到】
: I would think for security reason, Google doesn't want you to
: tamper the system keystore but still want to give you some restricted
: access. Imagine you install an app from market, it tampers the keystore,
: adds a self-signed certificate that shouldn't be trusted, intercept
: your connection and start man-in-the-middle attack.
:
: with
: products
|
r*****l
发帖数: 2859 | 7 This is not in the public API. And it does not do what Java KeyStore is
doing. Why do you have to use it?
them?
【在 i**p 的大作中提到】
: Android provides android.security.KeyStore. What is difference between them?
|
i**p
发帖数: 902 | 8 Implement an app to read the certificates' info from Android KeyStore on the
phone.
【在 r*****l 的大作中提到】
: This is not in the public API. And it does not do what Java KeyStore is
: doing. Why do you have to use it?
:
: them?
|
r*****l
发帖数: 2859 | 9 Can you provide the API and/or source android.security.KeyStore, and specify
which method you plan to use to "read the certificates' info from Android
KeyStore".
I found the source code from GrepCode but I don't think that class is for
this purpose. Maybe you are talking about a totally different animal.
the
【在 i**p 的大作中提到】
: Implement an app to read the certificates' info from Android KeyStore on the
: phone.
|
