05-24-2010 02:58 AM - edited 05-24-2010 08:23 AM
I need an advise regarding the blackberry keystore usage.
I am currently saving a X509 certificate with its private key in to the keystore by fetching the keystore from the api DeviceKeyStore.getInstance() (from my application).
The above certificate saved is used in client authentication process when i invoke a url in the browser field (from my application).
everything is working fine but the issue is, the above certificate saved is visible from outside(any one can export it and delete it) and can be used by any application for the same purpose which clearly violates the security measures put in place and moreover if i try to open the same url from the BB browser it works too which the requirement doesnt allow to do.
In nut shell what we are trying to achieve is how can a certificate saving and authenticaion process be limited to application scope.
My handheld versions are :
4.6 and 4.7
Any help will be highly appreciated.