7

I'm generating a SSL KeyPair in an Android app using the KeyStore API. I want to create a Certificate Signing Request (CSR) from the Public/Private key pair so that it can be sent to an external CA for signing.

Is this possible? I'd like to use the builtin Android libraries rather than BouncyCastle if possible, in order to have Android store the keys securely.

Josh Correia
  • 2,801
  • 2
  • 24
  • 37
Phil
  • 2,179
  • 2
  • 24
  • 26
  • have you found a solution using BouncyCaslte (without SpongyCastle)? – BekaBot Jan 23 '17 at 05:04
  • Yes, it is possible to use BouncyCastle and java.security.KeyStore together. I had to create the key pair using the Android libraries, then manually build the certificate structure in BouncyCastle. The resulting CSR could be exported and externally signed then the certificate imported back to the Android KeyStore using keyStore.setCertificateEntry() – Phil Jan 23 '17 at 14:22
  • I am able to construct CSR using SpongyCastle, but I need it to be done without SC library. Can you please share how to build CSR using BouncyCastle? Or how can I contact you with email, if possible? – BekaBot Jan 24 '17 at 08:15
  • 1
    Does this answer your question? [What is the certificate enrollment process?](https://stackoverflow.com/questions/37850134/what-is-the-certificate-enrollment-process) – Ryan M Jul 02 '20 at 00:50
  • 1
    Does this answer your question? [What is the best way to generate Certificate Signing Request using AndroidKeyStoreProvider?](https://stackoverflow.com/questions/25907326/what-is-the-best-way-to-generate-certificate-signing-request-using-androidkeysto) – Josh Correia Jul 27 '20 at 19:25

2 Answers2

2

Certificate enrollment process

Check this link. It generate key pair and CSR. Regarding generating a CSR (certificate sign request) on the android phone, I think it is rather straightforward to use Spongycastle instead. It is an android port of Bouncycastle.

Community
  • 1
  • 1
Dante
  • 211
  • 2
  • 14
  • Well, I'm also looking for the creation CSR on android. Could you give me the example or link to refer? – nistelrooy41001662 Jul 18 '17 at 09:51
  • 2
    The post you linked to doesn't mention how to use the Android `KeyStore` API at all and instead generates the keys in memory, which is insecure in comparison to the `KeyStore`. – Josh Correia Jul 29 '20 at 19:26
  • Hi @JoshCorreia, Have you found any solution to generate CSR using KeyStore – Jarvis Feb 26 '22 at 20:50
-1

Since Android apps are built with Java, you can use the Java keytool tool to generate a CSR: Request a Signed Certificate from a CA.

Steve J
  • 657
  • 6
  • 10