DeviceCertTest provides the ability to test X.509 certificate based HTTPS/TLS client authentication. It also provides basic key pair and certificate management.
For Android 7.0+ devices.
DeviceCertTest provides the following operations:
Test an HTTPS or TLS connection.
Generate a key pair and self-signed certificate (RSA/EC).
Generate a PKCS #10 certificate signing request (CSR) in a PEM format.
Import a certificate for a key pair in a PEM format.
Import a key pair in PKCS #12 or PEM format.
Export a key pair in PKCS #12 format.
Export a certificate in PEM format.
View a key pair.
View a certificate.
View a PKCS #10 certificate signing request (CSR).
Delete a key pair.
Install a key pair in the Android KeyChain.
A log is maintained of all operations. The Log itself has the following operations:
Note that a key pair will always be bundled with its public key certificate.
When a key pair is generated, a self-signed certificate will also be created for the key pair. They will have the following attributes:
RSA: 2048 bit keys; SHA256withRSA signature
EC: P-256 keys; SHA256withECDSA signature
When generating a key pair, a User Principal Name (UPN) can be specified in the Subject Alternative Name (SAN) using the RFC822 format.
Once a key pair has been successfully tested, it can be promoted for testing in other apps by installing it in the Android KeyChain.
This app will use CA certificates (trust anchors) from both the Android System and User trust stores. This allows key pairs to be installed in the KeyChain and used by other apps. User CA certificates can be imported using the Security Settings operation Install from SD card (or equivalent).
To install a key pair in the Android KeyChain, the Lock Screen must be enabled (to secure the Android KeyChain).
Uninstalling the app will result in the loss of all app data. Export any keys that you wish to retain. App data is retained for app updates.
The selected key pair will always be used by the client side regardless of which key types or issuers are specified by the server side.
The HTTPS test uses HttpsURLConnection.connect() to connect to the server.
The TLS test uses SSLSocket.startHandshake() to connect to the server.
The connection timeout is 1.5 seconds.
The connection is maintained for 1 second and then closed.
Import of encrypted private keys in PKCS #8 format (PEM), may not be supported depending on the type of PBE algorithm required.
DISCLAIMER: This app is made available for use at your own risk with no warranty of any kind.