I create storage for PrivateKey. In the KeyStore.PrivateKeyEntry skEntry = new KeyStore.PrivateKeyEntry() PrivateKeyEntry() you need to pass 2 parameters to the PrivateKeyEntry() function, one of which is the private key itself and the second parameter is a certificate. I do not quite understand how to get this certificate with a public and private key. The whole piece of code (the line in which the problem is highlighted):

 final KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); keyGen.initialize(4096, new SecureRandom()); final KeyPair key = keyGen.generateKeyPair(); KeyStore store = KeyStore.getInstance(KeyStore.getDefaultType()); KeyStore.ProtectionParameter protParam = new KeyStore.PasswordProtection(password.getText().toString().toCharArray()); KeyStore.PrivateKeyEntry skEntry = new KeyStore.PrivateKeyEntry(?????????) store.setEntry(nickname.getText().toString(), skEntry, protParam);

1 answer 1

Judging by the question, you do not quite understand the main problem of public cryptography. Its main problem is to make sure that the public key belongs to the one who presents it.

This is analogous to the fact that a person comes with the key to the apartment, where the grandmothers lie and you must now make sure that this is his apartment. In ordinary life, such a person will be required to have a document confirming that the apartment belongs to him, or at least he has something to do with it (for example, a rental agreement).

Exactly the same role of this certification document in public cryptography has a digital certificate. In real life, digital certificates generate trusted centers, such as VeriSign, Thawte, and so on. Their signatures are recognized by normal browsers and devices, since they can verify the fingerprint with the impressions that are stored in the devices. For interest, go to the Security Certificates section in your Android device - in the device settings or in any desktop browser in the settings, such as:

enter image description here .

In fact, certification of a key costs both money and time.

In your case, you yourself generate a pair of keys on the fly and therefore you will not be able to produce a normal certificate. In this case, the generation of so-called. Self Signed Certificate , that is, a certificate that you yourself signed with your own key. Returning to our apartment example, this is an analogue of what - the key bearer writes a receipt, like: yes, I am a name, my mother swear that this is my apartment :)

Now more to the point. You need to generate a so-called. SelfSigned X.509 standard certificate. But here the problems begin. The implementation of the X509Certificate class out of the box implies its creation only from a bitmap or from an InputStream , Selfsign is implemented, but for some reason hidden from the general public. Read more about it here.

Fortunately, there is such a place as Bouncy Castle , in which it can be done relatively easily.

But again, unfortunately, it is impossible to directly use Bouncy Castle in Android as Google already uses it in Android code for unknown reasons, but in some kind of stripped down form, so 90% of Bouncy Castle is not functional. That is, when you try to include the Bouncy Castle library in your code, a duplication error will be displayed.

Again, fortunately (the world is not without good people) - smart people wrote Spongy Castle - a special Bouncy Castle port for Android, which is free from name conflicts.

Well now:

  1. Import Spongy Castle via Gradle
  2. We read how to generate a certificate

PS Ufff ... why did I write so much? Probably in honor of Friday