[guardian-dev] onionkit's ca bundle

Nathan of Guardian nathan at guardianproject.info
Thu May 30 20:17:00 EDT 2013


On 05/30/2013 05:26 PM, Abel Luck wrote:
> 1) Does onionkit support a custom cert bundle? If so, can you please
> point me to the method that lets me import one?
Yes.

You can call getTrustManager() on the StrongTrustManager instance and
load any certs from there:

  in = mContext.getResources().openRawResource(R.raw.cacerts);
        mTrustStore.load(in, TRUSTSTORE_PASSWORD.toCharArray());
      


>
> 2) Is it by design that the system CA keystore is ignored entirely in
> favor of the included bundle?
Yes.
>
> 3) Can you please post the exact command to re-generate
> libonionkit/res/raw/cacerts.bks ?
You can find the info here
https://github.com/guardianproject/cacert

specifically here:
https://github.com/guardianproject/cacert/blob/master/pemsToAndroid.sh
>
> 4) Why is there a guardianproject namespaced bouncycastle in
> libonionkit/libs/gp-bcc-lib.jar? Can we use the normal BC or even
> SpongyCastle? If not, what's the reasoning?
SpongyCastle didn't exist when we started building our own complete bcc
libs in the early Gibberbot days. Makes sense for us to switch to
SpongyCastle now if that is what all the kids are doing.

+n



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20130530/4e559c21/attachment.html>


More information about the Guardian-dev mailing list