> This is very helpful context. Thank you. :-) You are welcome :) Glad that it helped to bring my point across, with English being my second language I sometimes wonder if my mails are clear enough.
> Obvious question: Why do you need to use the KeyChain API? Why not just > include your client certificate in your app and then use it? I am now doing exactly that to temporarily work around the issue. Unfortunately, this is not acceptable as a long-term solution; enterprise customers that are mostly using our app insist on having the KeyChain support implemented, because it greatly simplifies management of client certificates over a large number of devices - they are able to employ various MDM solutions to help with that (e.g. http://www.air-watch.com/solutions/android). > I believe that this behavior isn't a Mono for Android bug, but an Android > change (as per your description, behavior is dependent upon the Android > version). I totally agree with that. However, the change in Android effectively makes it impossible to use .NET HTTP stack with KeyChain API. I think what is needed here is an ability to somehow override the default implementation of SSL handshake to be able to sign those random bytes in a custom way - with that, I could use Signature class (http://androidapi.xamarin.com/?link=T%3aJava.Security.Signature) to do the signing without converting the private key. Is there any chance you will extend the HTTP stack to allow this? > By any chance is your code using multiple threads? Actually, it is. It is not possible to simply select the certificate from the KeyChain with an arbitrary alias. The method http://androidapi.xamarin.com/?link=M%3aAndroid.Security.KeyChain.ChoosePrivateKeyAlias must be used first to let the user select the certificate; the alias that the user chose is then available in the callback method (last parameter). I believe the callback is not executed in the UI thread. > I'll provide that code in a bit; That would be awesome! > if that doesn't help you, let's see about getting a full repro... Ok, I will put together some test environment ASAP along with a sample client app. Will keep you updated. -- View this message in context: http://mono-for-android.1047100.n5.nabble.com/KeyChain-API-on-Android-4-1-and-client-certificate-authentication-tp5712844p5712868.html Sent from the Mono for Android mailing list archive at Nabble.com. _______________________________________________ Monodroid mailing list Monodroid@lists.ximian.com UNSUBSCRIBE INFORMATION: http://lists.ximian.com/mailman/listinfo/monodroid
