The package javax.microedition.pki consists
of the classes UserCredentialManager and UserCredentialManagerException.
The UserCredentialManager class provides methods for
managing a user’s certificates, which the CMSMessageSignatureService can
use to generate signatures. The class allows you to add certificates, remove
certificates, and generate requests for new certificates. In this context,
certificates represent keys and link keys to specific people. Keys are stored
on the smart card permanently and it is not possible to add, change, or remove
them.
For more information on the methods, see the class UserCredentialManager.
A Certificate Signing Request (CSR) is a message sent from an applicant to a certificate authority with the purpose of applying for a digital identity certificate. Before you can make a CSR, you need a key pair on your device. The CSR should include the relevant information about you and your keys. If your CSR is successful, the certificate authority will send you back an identity certificate that has been digitally signed with the private key of the certificate authority. This certificate can be added to you certificate store and used when signing data with your keys.
You can make a Certificate Signing Request (CSR) by using the generateCSR method. The CSR is signed
on the smart card. The method takes parameters that define the details of
the request. For example, the implementation MUST use the algorithm, keyLen,
and keyUsage parameters to select a specific key to use
in signing the certificate request. If the algorithm is
not supported, or specific key parameters cannot be fulfilled, a UserCredentialManagerException must be thrown. Other parameters for the method include nameInfo for
including a distinguished name, securityElementID for
identifying the security element on which the key resides, and securityElementPrompt for
guiding the user to insert the correct security element.
If a security element can be selected and an appropriate key is available (already existing) the certification request is generated and formatted. The certification request will be formatted as a PKCS#10 certificate request. Generation of the certificate enrollment request and the key pair must be confirmed by the user.
You can add a user’s certificate path by using the addCredential method.
To remove certificates from the certificate store (where all user's certificates
are stored) use the removeCredential method.