I have a requirement to have key pair generation backed by the hardware, and I'm able to do so via the KeyGenParameterSpec. I'm able to generate hardware-backed key pairs, create certificate signing requests, request certification, and install the certificate on the app-scoped AndroidKeyStore.
Now, I'm wondering if it's possible to do the same via the KeyChain API to have the credential system-scoped so that Chrome can utilize it for HTTPS mutual authentication. So far, I've been able to replicate the same process, but the key pair is software-generated and certificate installment is performed via the KeyChain#createInstallIntent with the PKCS#12 material.
So basically, I'd like to know if it's possible to generate hardware-backed key pairs before even installing the credential via KeyChain since the certificate and the chain are only available later after the CA has completed the certification process. If it's possible, is there another way to install the credential without creating PKCS#12? I suppose hardware-backed private keys aren't encodable.
from Android: Generate hardware-backed key pairs before even installing the credential via KeyChain
No comments:
Post a Comment