Hi xda,
Trying to run keystore APIs on dragonboard 410c, which has android-5 lollipop release.
Referring the (developer.android.com/training/articles/keystore.html) Keystore training article to get keystore instance.
But always getting error that AndroidKeyStore doesn't exist, no such provider exception.
Also tried getting all the security providers on board by java.security.Security.getProviders(), but no luck. Although AndroidOpenSsl, BC providers exist, but no AndroidKeyStore provider.
In above link, it is specified that
AndroidKeyStore provider introduced in Android 4.3 (API level 18).
Click to expand...
Click to collapse
We tried with API 21 to 23 but still same issue, Can someone point me what I'm doing wrong.
Related
Hi,
I'm trying to install a self-signed user certificate on Cyanogenmod 11 with Android 4.4.4. I know that there are some issues with this, but in many reports they say, it is easy to install when i take it directly from the SD card. Unfortunately, it is not working on my device and I'm not sure if my OS or my certificate is the problem.
I have tried several things, from using the PEM format or DER format, and also tried to use a signed certificate from CAcert.org. Btw, concering the root certificates: I was able to install them as user-certificates and they're shown up on the right place. However, I got the annoy security warning, but I can deal with it.
So let's start with the procedure to create my certificate:
1. I installed the root and the class3 certificate vom cacert.org. Everything is nice, the certificates are listed in user certificates.
2. Key generation:
Code:
openssl genrsa -des3 -out server.key 4096
3. CSR creation, using for both, self-signing and cacert signing
Code:
openssl req -new -key server.key -out server.csr
4.a Create self-signed certificate by myself:
Code:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
4.b Put server.csr on cacert.org, create certificate, save it in "server_cacert.crt"
5. Converting to binary format:
Code:
openssl x509 -in server.crt -outform DER -out server_der.crt
With this, my certificate creation is finished. Now I put all four different versions on the internal storage on my smartphone. I go to the security settings -> "Install from internal storage" -> choosing one of the certificates.
I'm then asked for a name fort the cert, choosing "usage for vpn and apps", and -> "Save". A popup with "Cert ... successfully installed" afterwards.
But: When i have a look a the user certification list, none of the created certificates is working. I only got the cacert root certs installed.
I have no idea what to do now. One solution which was discussed, was to install the certs as system certificate. But for this, I need to root my smartphone and this is one thing I don't want to do.
So, hopefully you can find the fault in my procedure, so I can get it installed without root privileges.
Thank you for your support,
Kind regards,
-Cyanide-
Sorry for pushing this thread... but I really have no idea what to do? I guess, I'm not the first person who tries to install a certificate, so hopefully you can share your experience?
In my opinion, the fault may be in the certificate creation, because I'm able to install the root certificates from cacert.org..
thanks again
I would also like to know
Short update:
It is working now. But I'm not sure, if it's good the way I did it.
I used easy-rsa to create a ca.crt. I was able to import this one to Android, like it was working before with cacert root certificates. On the server side, I use the crt and key also for my DAV server. With this combination, everything is fine, but I'm not sure if this is the right way, how the certificates should be used.
I am trying to connect an email app (AquaMail) on my phone (Sprint Samsung Note 4, stock rooted, Android OS 5.0.1) to my email server (IMAP) using SSL. When I try this, I get the following error message:
Incoming mail server (IMAP): Invalid security (SSL) certificate. java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
The server to which I am trying to connect is my own VPS. I do have a wild card certificate installed on the site and I believe it is installed properly. I say this because of the report I generated on www.ssllabs.com/ssltest:
Certificate: 100%
Protocol Support: 95%
Key Exchange: 90%
Cipher Strength: 90%
Two certification paths are shown: mail.mydomain.com -> StartCom Class 2 Primary Intermediate Server CA -> StartCom Certification Authority (one path shows this with SHA1withRSA and the other shows SHA256withRSA).
Looking at the Handshake Simulation section, it clearly shows that Android 5.0.0 functions properly, but is also shows that Java 7u25 has a 'protocol or cipher suite mismatch'. This same warning shows up for other, deprecated systems and is probably due to my having turned off older, insecure access protocols.
Can anyone suggest how to get this working properly? Yes, I could work around this by a) allowing all certificate or b) not using secure protocols; but neither of these are solutions.
Thank you for your help!
VS99025A has released for me yesterday, Not sure if new patch may be to stop exploits or improve customer experience(laugh)
Was curious if perhaps someone smarter then me could exploit the V10 via exploits in Android Security Patch Level.
I am on ASPL 2016-10-1
I checked Googles logs.
https://source.android.com/security/bulletin/2016-10-01.html
https://source.android.com/security/bulletin/2016-11-01.html
https://source.android.com/security/bulletin/2016-12-01.html
https://source.android.com/security/bulletin/2017-01-01.html
Figured someone could exploit something like this
2017-01-05 security patch level�Vulnerability summary
Elevation of privilege vulnerability in Qualcomm bootloader
CVE-2016-8422,
CVE-2016-8423
Critical Yes
Shouldn't we be able to use an exploit in between the two dates to narrow down a applicable exploit/root method?
I mean there is like 50+ Critical exploits
And then over 80+ High exploits
between 2016-10-01 &&& 2017-01-01.
Surely we can find something right?
PS : didnt take VS99025A update, not going too.
Stop OTA Updates with
gatesjunior - Debloater Tool https://forum.xda-developers.com/android/software/debloater-remove-carrier-bloat-t2998294
fire3element - V10 Guide https://forum.xda-developers.com/lg-v10/general/how-to-disable-updates-otas-t3289145
info discussion exploit solution references
Google Android Products Qualcomm Bootloader Multiple Integer Overflow Vulnerabilities
Bugtraq ID: 95241
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2016-8423
CVE-2016-8422
Remote: Yes
Local: No
Published: Jan 03 2017 12:00AM
Updated: Jan 12 2017 01:09AM
Credit: The vendor reported the issue.
Vulnerable: Google Pixel XL 0
Google Pixel 0
Google Nexus 6P
Google Nexus 6
Not Vulnerable:
http://www.securityfocus.com/bid/95241
SymptomWhen I submitted my game, which has HMS Core capabilities integrated, for review, it was rejected due to incorrect provider name during HMS Core (APK) update.
I use Android Studio and I can’t find any solutions for this problem in the official documentation, so I contacted Huawei technical support instead.
SolutionI was told that the provider name does not need to be manually configured for HMS Core (APK) updates for version 4.0 and later. The provider name is automatically configured in the manifest file after game packaging. To check whether the configuration exists, I would need to decompile the game package and check whether the following configurations exist under the application element in the manifest file:
Code:
<provider
android:name=”com.huawei.hms.update.provider.UpdateProvider”
<! — Replace xxx.xxx.xxx with the actual game package name. →
android:authorities=”xxx.xxx.xxx.hms.update.provider”
android:exported=”false”
android:grantUriPermissions=”true” >
</provider>
<provider
android:name=”com.huawei.updatesdk.fileprovider.UpdateSdkFileProvider”
<! — Replace xxx.xxx.xxx with the actual game package name. →
android:authorities=”xxx.xxx.xxx.updateSdk.fileProvider”
android:exported=”false”
android:grantUriPermissions=”true”>
</provider>
If the configurations do not exist, packaging errors or other exceptions may have occurred. In this case, you would need to manually add the provider name.
I encountered a few issues in the process of integrating the APM SDK. In this post, I will share these cases for you, so that you will have a sense of how to resolve them.
Issue 1: Error "miss client id" Is Reported After the APM SDK Is IntegratedThe detailed error message is as follows:
I/com.huawei.agc.apms: failed to fetch remote config: client token request miss client id, please check whether the 'agconnect-services.json' is configured correctly
Click to expand...
Click to collapse
TroubleshootingBy searching through the forum, I found that the issue is caused by the absence of the AppGallery Connect plugin. For details, please refer to this forum post.
To solve the problem, just add the following code to the app-level build.gradle file:
apply plugin: 'com.huawei.agconnect'
Click to expand...
Click to collapse
Issue 2: Cannot Find the Reported APM Logs on the DeviceWhen the APM SDK is integrated, there was no app performance data on the App performance management page. I wanted to locate the problem based on the Logcat logs on the device.
However, I wasn't sure how to find the APM logs.
TroubleshootingI checked the APM documentation and found out how to access the logs:
Open the AndroidManifest.xml file of the app, and add the meta-data element to application.
<application>
<meta-data
android:name="apms_debug_log_enabled"
android:value=" true" />
</application>
After the APM debug log function is enabled, you can use the Logcat log filter function com.huawei.agc.apms or apms to view the logs.
Please note that only the value of resultCode is 200 indicates that the data is reported successfully.
I/HiAnalyticsSDK: SendMission=> events PostRequest sendevent TYPE : oper, TAG : APMS, resultCode: 200 ,reqID:b639daae0490c378cf242544916a9c36
Click to expand...
Click to collapse
Issue 3: No Successfully Uploaded AMPS Logs in the Logcat.The meta-data element has been added and set to true. The contains and sending logs can be viewed in the Logcat, with the exception of the successfully uploaded AMPS logs.
TroubleshootingThe check result shows that the agconnect-services.json file was downloaded before the APM service was enabled. This indicates that it needs to be updated.
Before the service was enabled, the JSON file contained only 29 lines. After the service was enabled, more parameters were added to the file that it has contained 52 lines.
Update the JSON file, and you'll be able to view the successfully uploaded AMP logs.
Issue 4: No APM Data Displayed in AppGallery Connect While Logs Are AvailableWhen locating this problem, I found a log in which the result code is 200. However, still no APM data is available in AppGallery Connect.
The corresponding logs are as follows:
I/HiAnalyticsSDK: hmsSdk=> events PostRequest sendevent TYPE : maint, TAG : _hms_config_tag, resultCode: 200 ,reqID:842927417075465ab9ad990e2ce92646
Click to expand...
Click to collapse
TroubleshootingThe value of TAG in the preceding log is not APMS. Therefore, it cannot be the log that indicates that the APM data is successfully loaded.
I analyzed the logs and found some authentication failure logs.
E/HiAnalyticsSDK: HttpTransportCommander=> NE-004|IO Exception.timeout
D/HiAnalyticsSDK: HttpTransportCommander=> request times: 1
I/HiAnalyticsSDK: getPubKey=> result code : -102
Click to expand...
Click to collapse
After contacting Huawei technical support, I learned that the data reporting channel of the HiAnalyticsSDK used by APM has an authentication problem.
I went to My projects > HUAWEI Analytics in AppGallery Connect and enabled HUAWEI Analytics. After a while, the authentication was successful.
Issue 5: No Related Network Request Performance Data Is Displayed.All of the performance data is normal with the exception of the network request data, which is not displayed in AppGallery Connect.
TroubleshootingAccording to the official documentation, obtaining network request data depends on the APM plugin. The data can only be obtained after the APM plugin has been correctly integrated.
To integrate the plugin, do as follows:
In the project-level build.gradle file, add the following code in dependencies:
classpath 'com.huawei.agconnect:agconnect-apms-plugin:1.4.1.305'
In the app-level build.gradle file, add the following code:
apply plugin: 'com.huawei.agconnect.apms'