https://kotlinlang.org logo
Join Slack
Powered by
I have an EC keypair generated with the AndroidOpe...
# announcements
g
I have an EC keypair generated with the AndroidOpenSSL provider. I am having an issue trying to store (and eventually retrieve) the key to the Android Keystore. Here is what I try.
Copy code
val certArray : Array<Certificate> = arrayOf(PublicKeyToX509Cert(keyPair.public))
keyStore.setKeyEntry(alias, keyPair.private.encoded,  certArray)

private fun PublicKeyToX509Cert(pubKey: PublicKey): Certificate{
        var pem = ecPublicKeyToCert(pubKey as ECPublicKey)
        Log.v(TAG,"PEM:\n${pem}")
        val targetStream: InputStream = pem.byteInputStream()
        return CertificateFactory.getInstance("X.509").generateCertificate(targetStream)
}
I get the following error trying to store the key:
a
I think what you might be looking for is 
pem.getEncoded()
function. I don't think 
PublicKey.toString()
would return the PEM representation of the key.
d
How is your ecPublicKeyToCert method looks like?
g
Copy code
override fun ecPublicKeyToCert (publicKey : ECPublicKey) : String {
    val base64 = Base64.encodeToString(publicKey.encoded, Base64.NO_WRAP)
    val cert = BEGIN_CERT + base64 + END_CERT
    return cert
}
d
You can’t just create a certificate from a public key simply by adding BEGIN and END certificate. You are just encoding the public key to Base64 in your code. You will need to first generate a CSR which will then be signed to be an X509 certificate. I would probably go with BouncyCastle library for this to make the task a little bit easier.
👍 1
Found this blog on the web for a simple example. It’s using Java, but you can simply convert it to Kotlin. https://www.misterpki.com/how-to-generate-a-self-signed-certificate-with-java-and-bouncycastle/
g
For compatability purposes I am using AndroidOpenSSL
👍 1
91 Views
Open in Slack
PreviousNext
Powered by