Details
-
Suggestion
-
Resolution: Unresolved
-
P2: Important
-
None
-
5.7.0, 5.15.10
-
Actually and Android devices with 16+ API version (tested with Nexus 5X/ Android 6)
Build environment: Windows 7 32bit
-
-
2023wk02FOQtforAndroid, 2023wkXXFOQtforAndroid, 2023wk04FOQtforAndroid, 2023wk06FOQtforAndroid
Description
It is impossible now to build QSslKey with private key accessible from Android/iOS KeyChain, because they are not support exporting key data due the secutity reasons, but QSslKey is needed for client certificate authentification with SSL.
I implemented fetching certificates and private key from Android KeyChain API, but calling Key.getEncoded() to get raw key data returns null for AndroidKeyStoreKey due to security reasons.
As I understood one way to implement client certificate authentification using KeyChain private keys is to use Java to encrypt data using Java API and PrivateKey reference, like it is implemented in chromium: https://chromium.googlesource.com/chromium/src/net/+/master/android/keystore.cc https://chromium.googlesource.com/chromium/src/net/+/master/android/java/src/org/chromium/net/AndroidKeyStore.java (take a look at rawSignDigestWithPrivateKey (java) / RawSignDigestWithPrivateKey (cpp)) but to implement it with Qt I need to reimplement a big part of QSslSocket and other Qt's SSL stuff.
It'll be better to impement constructors for SslKey with QAndroidJNIObject / SecKeyRef and in case if they are valid - call native encrypt/dectypt functions on QSslSocket.
Attachments
Issue Links
- relates to
-
QTBUG-92952 Improve public JNI API
- Open