I'm running Cyanogenmod 11 nightlies on my Galaxy Tab 2 (7"), Android 4.4.4-based. I'm thinking about importing an authentication Certificate including the Private Key (used, for example, to authenticate myself to transact business with the local government's websites) into the Android certificate store (Settings -> Security -> Install from SD card).
But, how are these imported Certificates' PRIVATE KEYS protected? Could an app on the device read the private key, or does the Galaxy Tab 2 hardware have a hardware-backed keystore which is write-only by software, and which has crypto-hardware to perform signing activities using the hardware-stored private keys (so that the private key can never be read back out again)?
And, how can I set a password-on-use for Certificates with Private Keys stored in the keystore, like I can set on Windows/ IE/ Chrome browser, so that every time anything tries to use an imported Certificate's Private Key to sign anything, I must first enter a password before the software/app can really use the Private Key?
thanks,
But, how are these imported Certificates' PRIVATE KEYS protected? Could an app on the device read the private key, or does the Galaxy Tab 2 hardware have a hardware-backed keystore which is write-only by software, and which has crypto-hardware to perform signing activities using the hardware-stored private keys (so that the private key can never be read back out again)?
And, how can I set a password-on-use for Certificates with Private Keys stored in the keystore, like I can set on Windows/ IE/ Chrome browser, so that every time anything tries to use an imported Certificate's Private Key to sign anything, I must first enter a password before the software/app can really use the Private Key?
thanks,