I am working on an Android app that handles the creation and installation of Client Certificates. I have everything set up and working except for the importing of PKCS12 Certificates into Android using the KeyChain.createInstallIntent() function. Because I need to handle the the creation of PKCS12 Certificates client side I am generating the keys and importing them into the KeyStore manually so they can be used in the PKCS12 import/export. When attempting to “export” the PKCS12 keystore and import it into the main Android KeyStore I am prompted with a “Enter Password” field. Based on the code below it should just be empty string. I’ve also tried just setting it to “something” and it still rejects any password I enter.
Assumptions that should be made for the code snippet provided:
privateKey is a PrivateKey
server.name is a String
The CA key is already installed into the main android certificate store
void importCertificateIntoAndroid(String certStr) throws CertificateException, KeyStoreException { try { KeyStore pk12KeyStore = KeyStore.getInstance("PKCS12"); pk12KeyStore.load(null, null); ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes()); CertificateFactory cf = CertificateFactory.getInstance("X.509"); Certificate cert = cf.generateCertificate(is); pk12KeyStore.setKeyEntry(server.name, privateKey, "".toCharArray(), new Certificate[]{cert}); ByteArrayOutputStream os = new ByteArrayOutputStream(); pk12KeyStore.store(os, "".toCharArray()); Intent certInstallIntent = KeyChain.createInstallIntent(); certInstallIntent.putExtra(KeyChain.EXTRA_PKCS12, String.valueOf(os)); certInstallIntent.putExtra(KeyChain.EXTRA_KEY_ALIAS, server.name); certInstallIntent.putExtra(KeyChain.EXTRA_NAME, server.name); startActivity(certInstallIntent); } catch (Exception e) { Log.d(TAG, "help"); } }Advertisement
Answer
Bit too late, but the problem is in
certInstallIntent.putExtra(KeyChain.EXTRA_PKCS12, String.valueOf(os));You have to set byte [] to this extra. Like using ‘os.toByteArray()’.