Uploaded image for project: 'Couchbase Lite'
  1. Couchbase Lite
  2. CBL-924

Implement platform support for persisting keys and certificates (Java/Anrdoid)

    XMLWordPrintable

Details

    • Task
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • 2.8.0
    • 2.8.0
    • Java-Android, LiteCore
    • Security Level: Public
    • None

    Description

      I understand that Java and Android could share the same code so I create a single ticket.

      Reference:

      Key API: https://github.com/couchbase/couchbase-lite-core/blob/master/Crypto/PublicKey.hh#L113-L169

      Certificate API: https://github.com/couchbase/couchbase-lite-core/blob/master/Crypto/Certificate.hh#L186-L189 (See https://github.com/couchbase/couchbase-lite-core/pull/959 for potential update)

      Apple Implementation: https://github.com/couchbase/couchbase-lite-core/blob/master/Crypto/PublicKey%2BApple.mm

      Some related pending PRs for Apple:

      https://github.com/couchbase/couchbase-lite-core/pull/956

      https://github.com/couchbase/couchbase-lite-core/pull/958

      https://github.com/couchbase/couchbase-lite-core/pull/959

       

      As Java/Android will require to call back to the Java's KeyStore to generate keys and save/load/delete the keys and certificate, we might need an abstract object representing the KeyStore to be passed from JNI code to the native code.

       

      Attachments

        Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            pasin Pasin Suriyentrakorn added a comment - - edited

            Java/Android KeyStore doesn't have an ability to sign a certificate. Some examples on the internet are using BouncyCastle to do the signing with the generated Private Key. LiteCore's CertSigningRequest class has also provided the certificate signing using mbedtls. I think we will just use the mbedtls to sign the certificate for Java / Android.

            pasin Pasin Suriyentrakorn added a comment - - edited Java/Android KeyStore doesn't have an ability to sign a certificate. Some examples on the internet are using BouncyCastle to do the signing with the generated Private Key. LiteCore's CertSigningRequest class has also provided the certificate signing using mbedtls. I think we will just use the mbedtls to sign the certificate for Java / Android.

            People

              The Lite The Lite
              pasin Pasin Suriyentrakorn
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty