Aim
I have developed a JAVA application for Desktops for digitally sign PDF and XML files using x509 certificates stored in a PC by accessing keystore (Windows-MY). I am trying to develop same functionality in Android devices (Phone/Tablet), by accessing android keystore.
Problem
The X509 certificates can either be stored in a USB token or installed directly from SD Card in Settings > User Credentials. I think for USB token, manufacturer should support android os otherwise it will not get displayed in keystore. But what about the certificate I installed in user credentials. I am not sure which keystore to use in both cases.
I have tried all following keystores, but no luck.
KeyStore.getInstance(KeyStore.getDefaultType());
KeyStore.getInstance("AndroidCAStore"); // returns only trusted ca certificates not the certificates in User Credentials
KeyStore.getInstance("AndroidKeyStore");
KeyStore.getInstance("BKS");
Any help is greatly appreciated!
Thanks
User credentials installed on device are available through Android KeyChain, not Android KeyStore
https://developer.android.com/reference/android/security/KeyChain.html
The KeyChain class provides access to private keys and their corresponding certificate chains in credential storage.
The usage is slightly different than Windows-MY because you need to ask the user to request an alias. Use choosePrivateKeyAlias to prompt user for the signing certificate and getPrivateKey to recover the key