I have installed the Trusted Credentials / CA certificate in my android device manually. Is there any way to read this certificate through code using Xamarin Android.
While reading some Android article I am getting a feel that it is possible. But not sure how to implement this. Please help.
It is impossible to achieve this.
You can't just read a certificate from an installed profile. If you install a new root certificate then you can use that certificate to sign something and then verify (within your app) whether that signature is valid, using the installed root certificated. But you can't read the certificate outright.
Related
Our UWP application will be released outside of the Microsoft Store since it is a Line-Of-Business application. I scoured the internet for references and what I have gathered is that for users to be able to install our UWP application, it needs to be signed with a Trusted Certificate.
A trusted certificate can be obtained from any Certificate Authority(CA) by submitting a Certificate-Signing-Request(CSR) for code signing cert.
Now I haven't tried to get a certificate yet, as it involves payments. So, I want to be sure if I can get a .pfx certificate from the Certificate Authorities for signing our UWP application?
Will CA have the provision to select a Code signing certificate for UWP? and NOT an SSL certificate?
Yes, you should sign your app with a code-signing certificate that is trusted on each device to which you deploy the app.
You would typically use a certificate that is provided by your organization if you belong to one. The other recommended option is to purchase a certificate from a third-party provider whose public root certificate is already trusted by Windows.
If you do a Bing or Google search for "code signing certificate", you should find some trusted providers.
If a user has installed a pfx user certificate on an Android device, chrome browser sees and asks permission to use users client certificate to access a server that accepts such certificates.
What is the Xamarin forms equivalent ?
How can we access these certificates in Xamarin form apps for Android.
Under windows (UWP) Accessing user certificates is just
httpClientHandler.ClientCertificateOptions = ClientCertificateOption.Automatic;
httpClientHandler.UseDefaultCredentials = true;
Under Android we are trying to use Custom version AndroidClienthandler
MyAndroidClientHandler clientHandler = new MyAndroidClientHandler();
In a Custom AndroidClientHandler There are 2 problems to solve
1) how to get a certificate from the users certificates from the keychain ?
Something like this post perhaps? Client Certificates on Android
2) How do you add that cert to the ClientHandler?
Can I simply do this
clientHandler.TrustedCerts.Add(cert);
or more likely
Add certificate to SSL Context
Has anyone ever managed to do a HTTPS call using an already installed client certificate from Xamarin forms ?
Looks like Android didn't provide a direct way to use a default credential, but Android provide developers with some choice to use system-wide credentials or app's private credential.
KeyChain may help to launch a system dialog for user to choose a certificate/enter the password. Refering to earlier post.
And extend AndroidClientHandler as posted here is what I found to use the client certificate.
Hope it helps.
Can the CordovaApp.pfx in res\native\windows be used to create a .aetx token?
Signing is handled automatically with VS2015 community + Cordova when deploying a package for release.
Sample CordovaApp.pfx https://github.com/dbiele/TypeScript-Cordova-SystemJS-Angular2-beta/tree/master/res/native/windows
Here's instructions on how to create .aetx from .pfx = link
All I get when trying to convert is: Invalid certificate or password
An .aetx token can only be created if a Enterprise Mobile Code Signing Certificate from Symantec Corp has been purchased. Without the certificate, AetGenerator.exe is unable to create an .aetx from the .pfx.
Explanation on how to use AETX and Mobile Certificates.
https://msdn.microsoft.com/en-us/magazine/dn296515.aspx
Download Root Certificates
https://knowledge.symantec.com/support/code-signing-support/index?page=content&id=SO20770&actp=search&viewlocale=en_US
Instructions on how to sign an app
https://msdn.microsoft.com/en-us/library/windows/apps/jj735576(v=vs.105).aspx
I hope this helps!
Specifically, how do I tell Sonatype that I have a new key pair?
I publish my PGP public key to a pool, and sign my artifacts with my private key. If I upload those artifacts to Sonatype Nexus, how does it authenticate the packages? On what basis does it distinguish packages signed by me from packages signed by someone else?
I imagine there's a step where I tell Sonatype what my public key is, but I can't remember ever doing that and I can't see it in the docs.
I assume you are asking about uploading your artifacts to the Central Repository via OSSRH. The current user documentation for OSSRH details that you need to sign your packages with GPG as you are aware. Uploading is done via OSSRH and the username you have there. The authentication of the packages is done via your user credential and then the package signature are verified against public key pools. AFAIK it does NOT check if the packages are signed by you but rather just that they are signed with a publicly available, valid key and you can only upload with your username/password.
Update: The benefit of requiring signed artifacts is that upon download the artifacts can be checked upon for the signature and checksum and you can therefore ensure that you only download packages as originally submitted by the uploader and have not been tempered with on Central or in transport to your server. Related to that it is a good idea to connect to Central via https as offered as a cheap service by Sonatype and used by default in Nexus Pro.
I need to give an account a permission for a certificate within a group application, in order to solve the fllowing problem:
Could not establish secure channel for SSL/TLS with authority XXX.
I'm using the winhttpcertcfg tool, but when I execute it, I get a message saying
this can only be done by the user who installed the certificate.
How can I find out who installed the certificated?