Post Reply

[Q] Are Certificates "safe" on Galaxy Tab 2 ?

OP libove

10th October 2014, 08:21 PM   |  #1  
OP Senior Member
Flag Barcelona
Thanks Meter: 1
 
133 posts
Join Date:Joined: Jan 2007
More
I'm running Cyanogenmod 11 nightlies on my Galaxy Tab 2 (7"), Android 4.4.4-based. I'm thinking about importing an authentication Certificate including the Private Key (used, for example, to authenticate myself to transact business with the local government's websites) into the Android certificate store (Settings -> Security -> Install from SD card).
But, how are these imported Certificates' PRIVATE KEYS protected? Could an app on the device read the private key, or does the Galaxy Tab 2 hardware have a hardware-backed keystore which is write-only by software, and which has crypto-hardware to perform signing activities using the hardware-stored private keys (so that the private key can never be read back out again)?
And, how can I set a password-on-use for Certificates with Private Keys stored in the keystore, like I can set on Windows/ IE/ Chrome browser, so that every time anything tries to use an imported Certificate's Private Key to sign anything, I must first enter a password before the software/app can really use the Private Key?
thanks,
Post Reply Subscribe to Thread

Tags
certificates, hardware-backed, keystore, private keys, security
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Top Threads in Galaxy Tab 2 General by ThreadRank