Databases
StackOverflow2013
Postsdbo
POAndroid SSL with a Smart Card through PKCS#11
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POAndroid SSL with a Smart Card through PKCS#11
    text
    copied!<p>The reason that this question was born is that I am totally lost, so please forgive the trivial and senseless parts.</p> <p>I have an Android app, a web-service, a MicroSD smart card (mobile security card). I need to know how can I use the card with ssl to securely communicate with the web-service. Rebuilding and flashing the OS is not an option.</p> <p>What I know:</p> <ul> <li>The API used to communicate with the MSC</li> <li>How to write/deploy applets to the MSC</li> <li>How to call a web-service</li> </ul> <p>What I don't know:</p> <ul> <li>SSL</li> <li>Too much about certificates and cryptography (only shady academic stuff from the university)</li> <li>How things come together and what should I use to accomplish this</li> </ul> <p><a href="http://code.google.com/p/seek-for-android/wiki/SmartCardPKI" rel="nofollow">seek-for-android</a> has an OpenSC tutorial and library, but the OS needs to be patched for that. Is there a way to avoid that and still use the solution?</p> <p>I know I could be much further into this with a little research, but my deadline is quite close (a few days), so I need help, much help, and very soon.. Thank you in advance!</p> <p><strong>EDIT:</strong></p> <p>More specifically:</p> <p>I have a Smart Card SD card from Giesecke &amp; Devrient, with Java Card OS and fine applets and dev tools. I also recieved an android service to communicate with the card (the applets) with APDUs. This is quite low-level, it acceps byte codes as commands and data.</p> <p>I need to call a web-service via SSL authentication. Now I know that SSL uses (can use) hardware tokens with PKCS#11 interfaces.</p> <p>There is a project called <a href="http://code.google.com/p/seek-for-android/wiki/SmartCardPKI" rel="nofollow">seek-for-android</a> with a guide to patch the OS and have a standard PKCS#11 interface over the smart card (I believe this would be OpenSC). I CAN'T patch the OS.</p> <p>So the questions again:</p> <ul> <li>Can the Android SSL implementation use (custom) PKCS#11 interfaces in some way, if yes, how? (e.g. possibly with some security providers)</li> <li>Can I use OpenSC (and other stuff mentioned in the linked guide) <em>without</em> patching the OS (e.g. extract the libs and include it in my application)?</li> <li>Overall, how should I link the gap between the low-level smart card and the high level SSL? I kindly ask you for any material regarding this.</li> </ul>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload