[Interest] how to secure ssl key on symbian platform

franki franki at franki.eu.org
Mon Apr 2 14:25:36 CEST 2012


Hi,

I have app which uses SSL cert to log in to server. Server is verifying client 
certificate and checking it against custom CA (located on server). On the other 
hand client is also veryfing server certificate and checks it with certificate 
from custom CA, so there is full verification, and no errors during handshake.

But the problem is, that on client side cert and key are stored in application 
private dir, which is inaccessible during normal phone usage, but when I 
connect this phone to PC with USB in mass storage mode, private application 
dir is accessible (at least I can see it) and probably someone would be able 
to copy ssl key from phone, that in turn would compromise secure transmision, 
right?

So finally the question: Is there some way to store this ssl key (file) in a 
safer way on symbian device ? Has someone some idea/expierience with that ?

best regards
Marek



More information about the Interest mailing list