>
> If it is indeed reproducible, it should be easy to fix. Have you tried
> building
> latest AOSP source, there have been a number of fixes/changes in this
> area? I fail to see how this is documented in the bug report though (no
> steps to reproduce).
>
Steps for me on Nexus 7 were:
1. import PKCS#12 file containing root cert, client cert, and private key
2. have app obtain an alias to the client cert
3. get the private key: PrivateKey pk = KeyChain.getPrivateKey(this, alias);
4. observe segfault when pk is collected by GC
> > 2. You say that the new OpenSSL engine supports only signing, verifying
> and
> > key import. That's fine, but keep in mind that the RSA signature used
> for
> > verification of an SSL session is typically generated by the cipher
> object
> > javax.crypto.Cipher.getInstance("RSA/ECB/PKCS1PADDING") acting as an
> > encryptor. Can java.security.Signature replicate this behavior? This
> issue
> > is also documented here:
> > http://stackoverflow.com/questions/11261774/using-android-4-1-keychain
> >
>
> Again, are there any reasons you are using the Cipher class for signing?
> I don't think this is typical at all, but if you have a particular reason
> for wanting to use 'raw' RSA encryption, please say why. And, again,
> this is probably more suitable for andorid-security.
>
Raw RSA encryption is necessary as part of the challenge/response handshake
of an SSL/TLS negotiation, if your side of the connection is using a cert
as an authentication factor. It's essential for VPN implementations that
layer on top of SSL/TLS transport and need to interoperate with an external
key store. I enumerated the signature algs provided by the AndroidOpenSSL
1.0 provider and I don't see any implementation for raw RSA. Some Java
implementations include it as "NONEwithRSA", but I don't see it here.
Yes, I'll try to move this over to android-security. Thanks for your time.
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
