Android™ Keystore V2A forward-looking description of this project
in the making could be something like
using Android as the vehicle that will eventually
thwart the current userid/password explosion on the Internet
but there are several other useful, more short-term and down-to-earth targets as well,
including OTP (One Time Password) generation and secure key storage.
Secure key storage will be launched in a two-stage process; first it is about creating a user
keystore running as a native Linux service, while the end goal is enhancing the service by
introducing "trusted hardware" while still relying on the same architecture for unlimited
secure storage, "execution" and management of user keys:
To reach the level of functionality required to qualify as "universal",
the keystore is complemented by a matching key-provisioning and management protocol coined KeyGen2:
- Browser-extension scheme
- Symmetric and asymmetric key support
- Information Card add-on
- PIN and PUK options
- TPM "light" operation (http://webpki.org/papers/keygen2/keygen2-fips140-2.pdf)
- "Cryptographic isolation" facilitates secure multi-issuer key-management
- Mobile phones and consumers as primary target
- Anticipated deployment through open source implementations
A web-based proof-of-concept emulator is currently available for those who want to get a hands-on feeling of this project:
1. Enroll at http://keycenter.webpki.org
2. Then select "Phone Emulator"
3. In the Phone Emulator issue "Quick Run"
Related projects in the SVN "trunk" include WASP and WebAuth which are soaped-up versions of browser PKI clients extensively used in the EU:
Anders Rundgren, February 2009
Trademarks: Android is a trademark of Google Inc.