Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Android Key Management

Android Key Management

DroidCon London 2014

Mobile Security Lab

October 31, 2014
Tweet

More Decks by Mobile Security Lab

Other Decks in Programming

Transcript

  1. Android
    Key Management
    Roberto Piccirillo ([email protected])
    Roberto Gassirà ([email protected])
    Droidcon
    London 2014

    View full-size slide

  2. Android
    Key Management Droidcon London 2014
    Roberto Piccirillo
    ● Senior Security Analyst - Mobile Security Lab
    ○ Vulnerability Assessment (IT, Mobile Application)
    ○ Hijacking Mobile Data Connection
    ■ BlackHat Europe 2009
    ■ DeepSec Vienna 2009
    ■ HITB Amsterdam 2010
    ○ Android Secure Development
    ● GDG Rome Lab
    @robpicone

    View full-size slide

  3. Android
    Key Management Droidcon London 2014
    Roberto Gassirà
    ● Senior Security Analyst - Mobile Security Lab
    ○ Vulnerability Assessment (IT, Mobile Application)
    ○ Hijacking Mobile Data Connection
    ■ BlackHat Europe 2009
    ■ DeepSec Vienna 2009
    ■ HITB Amsterdam 2010
    ○ Android Secure Development
    ● GDG Rome Lab
    @robgas

    View full-size slide

  4. Android
    Key Management Droidcon London 2014
    Android Key Management: Agenda
    ● Mobile Application Cryptography
    ● Key Management and CryptoSystem
    ● Crypto in Android
    ● Symmetric Encryption
    ● Symmetric Key Management
    ● Asymmetric key: Encryption/Digital Signature
    ● Keychain e AndroidKeyStore

    View full-size slide

  5. Android
    Key Management Droidcon London 2014
    Mobile Application Cryptography
    ➢ Exchange data securely:
    ➢ Protect Data:
    ○ Sensitive Data
    ○ Backups on /sdcard

    View full-size slide

  6. Android
    Key Management Droidcon London 2014
    Key Management
    "Key management is the management of cryptographic keys in a
    cryptosystem."

    View full-size slide

  7. Android
    Key Management Droidcon London 2014
    CryptoSystem
    "refers to a suite of algorithms needed to implement a particular
    form of encryption and decryption"
    ● Two types of encryption:
    ○ Symmetric Key Algorithms
    ■ Identical key for
    encryption/decryption
    ■ AES, Blowfish, DES, Triple DES
    ○ Asymmetric Key Algorithms
    ■ Pair of keys (public/private) for
    encryption/decryption
    ■ RSA, DSA, ECDSA

    View full-size slide

  8. Android
    Key Management Droidcon London 2014
    Symmetric Key Algorithms: Ciphers
    ● Two types of ciphers:
    ○ Block: Process entire blocks of fixed-length
    groups of bits at a time (padding may be
    required)
    ○ Stream: Process single bit at a time(no
    padding)
    ● Block Cipher modes of operation:
    ○ ECB: each block encrypted independently
    ○ CBC, CFB, OFB: (feedback mode) each block
    is encrypted combined with the previous
    encrypted block (starting from an IV)
    ○ CTR: each block xored with the encrypted
    successive values of a counter ( starting
    from a nonce)
    ECB
    CBC

    View full-size slide

  9. Android
    Key Management Droidcon London 2014
    Crypto in Android
    ● Framework based on JCA ( Java
    Cryptography Architecture)
    ● Provides API for:
    ● Encryption/Decryption
    ● Message digests (hashes)
    ● Key management
    ● Secure random number generation
    ● API implemented by Cryptographic
    Service "Provider"
    ● "Dynamic" Provider:
    javax.crypto.*
    java.security.*

    View full-size slide

  10. Android
    Key Management Droidcon London 2014
    Default Providers
    ➢ From the beginning
    ○ Bouncy Castle (Customized):
    ■ Some services and API removed
    ■ Varies between Android versions
    ■ Fixed only in the latest versions
    ○ Crypto (Apache Harmony)
    ■ Few basic services
    ■ Only for backward compatibility
    ➢ From Android 4.0
    ○ AndroidOpenSSL:
    ■ OpenSSL JNI
    ■ Performance Improved
    ■ Vulnerable to Heartbleed in 4.1.1

    View full-size slide

  11. Android
    Key Management Droidcon London 2014
    ➢ Spongy Castle (SC)
    ○ Repackage of Bouncy Castle
    ○ Supports more cryptographic options
    ○ Not vulnerable to the Heartbleed Bug
    ○ Up-to-date
    ➢ GPS Dynamic Security Provider
    ○ Available from Play Services 5.0
    ○ Based on OpenSSL ( No Heartbleed)
    ○ Rapid delivery of security patches
    ○ Vendor independent !!!
    Dynamic Providers

    View full-size slide

  12. Android
    Key Management Droidcon London 2014
    Cipher Benchmarks
    Run on Google Nexus 5 Android 4.4.4
    CBC CTR

    View full-size slide

  13. Android
    Key Management Droidcon London 2014
    Cipher Class
    Secret Key Specification
    Cipher getInstance
    Cipher Init
    Cipher Final

    View full-size slide

  14. Android
    Key Management Droidcon London 2014
    SecretKey Specification
    javax.crypto.spec.SecretKeySpec
    ● SecretKeySpec specifies a key for a specific algorithm
    SecretKeySpec skeySpec = new SecretKeySpec(key, "AES");
    Encryption/Decryption
    Key
    Cryptographic Algorithm

    View full-size slide

  15. Android
    Key Management Droidcon London 2014
    Cipher GetInstance
    javax.crypto.Cipher
    ● Create cryptographic cipher
    Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding”,“SC”);
    Transformation
    (describes set of operation to
    perform):
    • algorithm/mode/padding
    • algorithm
    Provider
    ( SpongyCastle )

    View full-size slide

  16. Android
    Key Management Droidcon London 2014
    Cipher Init
    javax.crypto.Cipher
    ● Initializes the cipher instance with the specified operational
    mode, key and algorithm parameters.
    cipher.init(Cipher.DECRYPT_MODE, keySpec,
    new IvParameterSpec(iv));
    Operational Mode:
    • ENCRYPT_MODE
    • DECRYPT_MODE
    • WRAP_MODE
    • UNWRAP_MODE
    SecretKeySpec Specify Cipher
    Algorithm parameters
    ( IV for CBC )

    View full-size slide

  17. Android
    Key Management Droidcon London 2014
    Cipher Final
    javax.crypto.Cipher
    ● Complete a multi-part transformation (encryption or
    decryption)
    byte[] encryptedText = cipher.doFinal(clearText.getBytes());
    Encrypted
    Text in byte
    ClearText in
    bytes

    View full-size slide

  18. Android
    Key Management Droidcon London 2014
    Key Generation: SecureRandom
    java.security.SecureRandom
    ● Cryptographically secure pseudo-random number generator
    SecureRandom secureRandom = new SecureRandom();
    Default constructor uses the
    most cryptographically
    strong provider available
    ● Seeding
    SecureRandom is
    dangerous:
    ○ Not Secure
    ○ Output may change

    View full-size slide

  19. Android
    Key Management Droidcon London 2014
    Some SecureRandom Thoughts...
    ● Android security team discovered in August 2013 an improper
    PRNG initialization for default OpenSSL provider
    ● Applications invoking system-provided OpenSSL PRNG without
    explicit initialization are also affected
    ● Key Generation, Signing or Random Number Generation not
    receiving cryptographically strong values
    ● Developer must explicitly initialize the PRNG
    PRNGFixes.apply()
    http://android-developers.blogspot.it/2013/08/some-securerandom-thoughts.html

    View full-size slide

  20. Android
    Key Management Droidcon London 2014
    KeyGenerator keyGenerator = KeyGenerator.getInstance("AES","SC");
    keyGenerator.init(outputKeyLength, secureRandom);
    SecretKey key = keyGenerator.generateKey();
    Generate Secret Key
    javax.crypto.KeyGenerator
    ● Symmetric cryptographic keys generator
    Specify Key Size
    Algorithm
    and Provider
    Key to use in Cipher.init()

    View full-size slide

  21. Android
    Key Management Droidcon London 2014
    Key Management: Store on device
    ● Protected by Android Filesystem Isolation
    ● Plain File
    ● SharedPreferences
    ● Keystore File (BKS, JKS)
    ● More secure with Phone Encryption
    ● Store safely
    ● MODE_PRIVATE flag
    ● Use only internal storage
    /data/data/app_package

    View full-size slide

  22. Android
    Key Management Droidcon London 2014
    Key Management: Store on device
    ➢ Device rooted?
    ○ Check at run-time...

    View full-size slide

  23. Android
    Key Management Droidcon London 2014
    Key Management: Store in App
    ● Uses static keys or device specific information at run-time
    (IMEI, mac address, ANDROID_ID)
    ● Android app can be easily reversed
    ● Hide with Code obfuscation
    REVERSING

    View full-size slide

  24. Android
    Key Management Droidcon London 2014
    Key Management: PBKDF2
    ● Password Based Key Derivation Function (PKCS#5)
    ● Variable length password in input
    ● Fixed length key in output
    ● User interaction required
    ● Params:
    ○ Password
    ○ Pseudorandom Function
    ○ Salt
    ○ Number of iteration
    ○ Key Size
    ● Available with BC

    View full-size slide

  25. Android
    Key Management Droidcon London 2014
    KeySpec keySpec = new PBEKeySpec(password.toCharArray(), salt,
    NUM_OF_ITERATIONS, KEY_SIZE);
    SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance
    (PBE_ALGORITHM);
    encKey = secretKeyFactory.generateSecret(keySpec);
    Key Management: PBKDF2
    javax.crypto.spec.PBEKeySpec
    ● PBE Key specification and generation
    A good PBE algorithm is
    PBKDF2WithHmacSHA1
    User
    Password
    N. >= 1000

    View full-size slide

  26. Android
    Key Management Droidcon London 2014
    SecretKeyFactory factory;
    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT)
    // Use compatibility key factory -- only uses lower 8-bits of passphrase chars
    factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1And8bit");
    else if (Build.VERSION.SDK_INT >= 10)
    // Traditional key factory. Will use lower 8-bits of passphrase chars on
    // older Android versions (API level 18 and lower) and all available bits
    // on KitKat and newer (API level 19 and higher)
    factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
    else // FIX for Android 8,9
    factory = SecretKeyFactory.getInstance("PBEWITHSHAAND128BITAES-CBC-BC");
    SecretKeyFactory API in Android 4.4

    View full-size slide

  27. Android
    Key Management Droidcon London 2014
    Key Management: Other solutions
    ● Store on server side
    ● Internet connection required
    ● Use trusted and protected connections (HTTPS, Certificate
    Pinning)
    ● Store on external device
    ● NFC Java Card (NXP J3A081)
    ● Smartcard
    ● USB PenDrive
    ● MicroSD with secure storage
    ● AndroidKeyStore???

    View full-size slide

  28. Android
    Key Management Droidcon London 2014
    Asymmetric Algorithms
    ● Public/Private Key
    ○ Public Key -> encrypt/verify signature
    ○ Private Key -> decrypt/sign
    ● Advantages:
    ○ Public Key distribution is not dangerous
    ● Disadvantages:
    ○ Computationally expensive
    ● Usually used with PKI (Public Key Infrastructure for digital
    certificates)

    View full-size slide

  29. Android
    Key Management Droidcon London 2014
    Public-key Applications
    ● Can classify uses into 3 categories:
    ○ Encryption/Decryption (provides Confidentiality)
    ○ Digital Signatures (provides Authentication and Integrity)
    ○ Key Exchange (of Session Keys)
    ● Some algorithms are suitable for all uses (RSA),
    others are specific to one

    View full-size slide

  30. Android
    Key Management Droidcon London 2014
    PKCS for Asymmetric Algorithms
    ● PKCS is a group of public-key cryptography
    standards published by RSA Security Inc
    ● PKCS#1 (v.2.1)
    ○ RSA Cryptography Standard
    ● PKCS#3 (v.1.4)
    ○ Diffie-Hellman Key Agreement Standard
    ● PKCS#8 (v.1.2)
    ○ Private-Key Information Syntax Standard
    ● PKCS#10 (v.1.7)
    ○ Certification Request Standard
    ● PKCS#12 (v.1.0)
    ○ Personal Information Exchange Syntax Standard

    View full-size slide

  31. Android
    Key Management Droidcon London 2014
    Android: RSA
    KeyPairGenerator kpg =
    KeyPairGenerator.getIstance(”RSA");
    Java.security.KeyPairGenerator
    ● KeyPairGenerator is an engine capable of
    generating public/private keys with specified
    algorithms
    Cryptographic Algorithm

    View full-size slide

  32. Android
    Key Management Droidcon London 2014
    Available Providers for RSA Algorithm
    KeyPairGenerator.getInstance(”RSA”,”SEC_PROVIDERS”);
    Java.security.KeyPairGenerator
    ● Different security providers could be used (could
    change for different OS versions)
    “AndroidOpenSSL”
    “BC”
    “AndroidKeyStore”
    “GmsCore_OpenSSL”
    Version 1.0
    Version 1.49
    Version 1.0

    View full-size slide

  33. Android
    Key Management Droidcon London 2014
    ● KeySize – 1024,2048,4096 bits
    KeyPairGenerator: Initialization and
    Randomness
    KeyPairGenerator kpg =
    KeyPairGenerator.initialize(2048);
    Key Size
    Java.security.KeyPairGenerator
    ● KeyPairGenerator initialization with the key size

    View full-size slide

  34. Android
    Key Management Droidcon London 2014
    KeyPairGenerator: Initialization and
    Randomness
    KeyPairGenerator kpg =
    KeyPairGenerator.initialize(2048,sr);
    Java.security.KeyPairGenerator, Java.security.SecureRandom
    ● KeyPairGenerator initialization with a
    SecureRandom
    SecureRandom sr = new SecureRandom();

    View full-size slide

  35. Android
    Key Management Droidcon London 2014
    Generating RSA Key
    Java.security.KeyPair
    ● KeyPair is a container for a public/private key
    generated by the KeyPairGenerator
    KeyPair keypair = kpg.genKeyPair()
    ● We can retrieve public/private keys from KeyPair
    Key public_key = kaypair.getPublic();
    Key private_key = kaypair.getPrivate();

    View full-size slide

  36. Android
    Key Management Droidcon London 2014
    Using RSA Keys: cipher example
    Javax.crypto.Cipher
    ● Cipher provides access to implementation of
    cryptography ciphers for encryption and decryption
    Cipher cipher = Cipher.getInstance(“RSA”,”SEC_PROVIDER);
    Transformation
    “AndroidOpenSSL”
    “BC”
    “AndroidKeyStore”
    “GmsCore_OpenSSL”

    View full-size slide

  37. Android
    Key Management Droidcon London 2014
    Using RSA Key: cipher example
    Javax.crypto.Cipher
    ● Encryption
    cipher.init(Cipher.ENCRYPT_MODE,public_key);
    ● Decryption
    byte[] encrypted_data=
    cipher.doFinal(“DroidconUK-2014”.getBytes());
    cipher.init(Cipher.DECRYPT_MODE,private_key);
    byte[] decrypted_data=
    cipher.doFinal(cipherd_data);

    View full-size slide

  38. Android
    Key Management Droidcon London 2014
    Parameters of RSA Keys
    java.security.KeyFactory, java.security.spec,
    ● Retrieve RSA Key parameters using KeyFactory
    RSAPublicKeySpec rsa_public= keyfactory.
    getKeySpec(keypair.getPublic(),
    RSAPublicKeySpec.class);
    RSAPrivateKeySpec rsa_private = keyfactory.getKeySpec
    (keypair.getPrivate(),
    RSAPrivateKeySpec.class);

    View full-size slide

  39. Android
    Key Management Droidcon London 2014
    Extract Parameters of RSA Keys
    Java.security.spec.RSAPublicKeySpec, java.security.spec.RSAPrivateKeySpec
    ● Retrieved parameters can be stored
    BigInteger m = rsa_public.getModulus();
    BigInteger e = rsa_public.getPublicExponent();
    BigInteger d = rsa_private.getPrivateExponent();
    Is Private

    View full-size slide

  40. Android
    Key Management Droidcon London 2014
    AndroidKeyStore
    ● Custom Java Security Provider available from Android 4.3
    version and beyond
    ● An App can generate and save private keys
    ● Keys are private for each App
    ● 2048-bit key size (4.3), 1024-2048-4096-bit key size (4.4) can
    be stored
    ● ECDSA support added from Android 4.4

    View full-size slide

  41. Android
    Key Management Droidcon London 2014
    Key Management Evolution
    API LEVEL 14 API LEVEL 18
    Global Level:
    KeyChain
    ( Public API )
    App Level:
    KeyStore
    ( Closed API )
    Global Level Only:
    Default TrustStore
    cacerts.bks
    (ROOTED device)
    Global Level:
    KeyChain
    ( Public API )
    App Level and per
    User Level:
    AndroidKeyStore
    ( Public API )

    View full-size slide

  42. Android
    Key Management Droidcon London 2014
    AndroidKeyStore Storage
    ● Two kinds of storage
    ○ Hardware-backed (Nexus 7, Nexus 4,
    Nexus 5 :-) with OS >= 4.3)
    ○ Secure Element
    ○ TPM
    ○ TrustZone
    ○ Software only (Other devices with OS
    >= 4.3)

    View full-size slide

  43. Android
    Key Management Droidcon London 2014
    Type of Storage
    import android.security.KeyChain;
    if (KeyChain.isBoundKeyAlgorithm("RSA"))
    // Hardware-Backed
    else
    // Software Only

    View full-size slide

  44. Android
    Key Management Droidcon London 2014
    Certificate parameters
    Context cx = getActivity();
    String pkg = cx.getPackageName();
    Calendar notBefore = Calendar.getInstance();
    Calendar notAfter = Calendar.getInstance();
    notAfter.add(1, Calendar.YEAR);
    import android.security.KeyPairGeneratorSpec.Builder;
    Builder builder = new KeyPairGeneratorSpec.Builder(cx);
    builder.setAlias(“DEVKEY1”);
    String infocert = String.format("CN=%s, OU=%s", “DEVKEY1”, pkg);
    builder.setSubject(new X500Principal(infocert));
    builder.setSerialNumber(BigInteger.ONE);
    builder.setStartDate(notBefore.getTime());
    builder.setEndDate(notAfter.getTime());
    KeyPairGeneratorSpec spec = builder.build();
    Time parameters
    Self-Signed X.509
    ● Common Name(CN)
    ● Subject(OU)
    ● Serial Number
    Generate certificate
    ALIAS to index the
    certificate

    View full-size slide

  45. Android
    Key Management Droidcon London 2014
    Generating Public/Private keys
    KeyPairGenerator kpGenerator;
    kpGenerator = KeyPairGenerator
    .getInstance("RSA", "AndroidKeyStore");
    kpGenerator.initialize(spec);
    KeyPair kp;
    kp = kpGenerator.generateKeyPair();
    Engine to generate
    Public/Private key
    Init Engine with:
    ● RSA Algorithm
    ● Provider: AndroidKeyStore
    Init Engine with certificate parameters
    After generation, the keys will be stored into AndroidKeyStore and will be
    accessible by ALIAS
    ● Generating Private/Public key

    View full-size slide

  46. Android
    Key Management Droidcon London 2014
    AndroidKeyStore Initialization
    keyStore = KeyStore.getInstance("AndroidKeyStore");
    keyStore.load(null);
    Now we have the KeyStore reference that will be used to
    access to the Private/Public key by the ALIAS
    Should be used if there is an InputStream to load
    (for example the name of imported KeyStore). If not
    used the App will crash
    Get a reference to the AndroidKeyStore

    View full-size slide

  47. Android
    Key Management Droidcon London 2014
    RSA Encryption
    ● Encryption
    ○ Confidentiality
    ○ RSA Public key to Encrypt
    ○ RSA Private key to Decrypt
    KeyStore.Entry entry = keyStore.getEntry(“DEVKEY1”, null);
    PublicKey publicKeyEnc = ((KeyStore.PrivateKeyEntry) entry)
    .getCertificate().getPublicKey();
    String textToEncrypt = new String(”DroidconUK-2014");
    Cipher encCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
    encCipher.init(Cipher.ENCRYPT_MODE, publicKeyEnc);
    byte[] encryptedText = encCipher.doFinal(byteTextToEncrypt);
    Access to Public key to
    encrypt
    ● Algorithm
    ● Encryption with
    Public key
    Ciphered
    Access to keys identified
    by ALIAS

    View full-size slide

  48. Android
    Key Management Droidcon London 2014
    RSA Decryption
    Cipher decCipher = null;
    byte[] plainTextByte = null;
    decCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
    decCipher.init(Cipher.DECRYPT_MODE,
    ((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
    plainTextByte = decCipher.doFinal(byteEcryptedText);
    String plainText = new String(plainTextByte);
    Algorithm
    Decryption with
    Private key
    Plaintext

    View full-size slide

  49. Android
    Key Management Droidcon London 2014
    s.initVerify(((KeyStore.PrivateKeyEntry) entry).getCertificate());
    s.update(data);
    boolean valid = s.verify(signature);
    RSA Digital Signature
    ● Digital Signature
    ○ Authentication, Non-Repudiation and Integrity
    ○ RSA Private key to Sign
    ○ RSA Public Key to Verify
    KeyStore.Entry entry = keyStore.getEntry(“DEVKEY1”, null);
    s.initSign(((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
    Access to Private/Public key
    identified by ALIAS
    Private key to sign
    Public Key in
    certificate to verify
    signature

    View full-size slide

  50. Android
    Key Management Droidcon London 2014
    Issue 61989 …

    View full-size slide

  51. Android
    Key Management Droidcon London 2014
    KeyChain
    ● KeyChain
    ○ Accessible by any Application
    ● Typically used for corporate certificates

    View full-size slide

  52. Android
    Key Management Droidcon London 2014
    Example: Import Certificates
    ● Import .p12 certificates
    Intent intent = KeyChain.createInstallIntent();
    byte[] p12 = readFile(“CERTIFICATE_NAME.p12”);
    Intent.putExtra(KeyChain.EXTRA_PKCS12,p12);
    Specify PKCS#12 Key to install
    startActivity(intent);
    The user will be prompted
    for the password

    View full-size slide

  53. Android
    Key Management Droidcon London 2014
    KeyChain.choosePrivateKeyAlias(
    Activity activity,
    KeyChainAliasCallBack response,
    String[] keyTypes,
    Principal[] issuers,
    String host,
    Int port,
    String Alias);
    Example: Retrieve the key
    ● The KeyChainAliasCallback invoked when a user chooses a
    certificate/private key

    View full-size slide

  54. Android
    Key Management Droidcon London 2014
    @Override
    public void alias(String alias){
    .
    .
    PrivateKey private_key = KeyChain.
    getPrivateKey(this,alias);
    .
    .
    X509Certificate[] chain = KeyChain.
    getCertificateChain(this,”DroidconUK-2014”);
    .
    PublicKey public_key = chain[0].getPublicKey();
    }
    Example: Retrieve and use the keys
    Private Key
    Public Key
    ● KeyChainAliasCallbak must implement the abstract method
    alias:

    View full-size slide

  55. Android
    Key Management Droidcon London 2014
    References
    ● http://developer.android.com/about/versions/android-4.3.html#Security
    ● http://developer.android.com/reference/java/security/KeyStore.html
    ● http://en.wikipedia.org/wiki/Encryption
    ● http://en.wikipedia.org/wiki/Digital_signature
    ● http://nelenkov.blogspot.it/2013/08/credential-storage-enhancements-android-43.
    html
    ● http://nelenkov.blogspot.it/2012/05/storing-application-secrets-in-androids.html
    ● http://nelenkov.blogspot.it/2012/04/using-password-based-encryption-on.html
    ● http://nelenkov.blogspot.it/2011/11/ics-credential-storage-implementation.html
    ● http://developer.android.com/reference/android/security/KeyPairGeneratorSpec.html
    ● http://android-developers.blogspot.it/2013/02/using-cryptography-to-store-
    credentials.html
    ● http://www.bouncycastle.org/
    ● http://android-developers.blogspot.it/2013/08/some-securerandom-thoughts.html
    ● http://nelenkov.blogspot.it/2013/10/signing-email-with-nfc-smart-card.html
    ● http://en.wikipedia.org/wiki/PKCS
    ● http://developer.android.com/reference/android/security/KeyChain.html
    ● http://android-developers.blogspot.it/2013/12/changes-to-secretkeyfactory-api-in.
    html

    View full-size slide

  56. Android
    Key Management Droidcon London 2014
    Thank you
    Q&A
    www.mseclab.com
    www.consulthink.it
    [email protected]

    View full-size slide