How can I get public key of author certificate in tizen werable web app?

Question

In my tizen werable web application (target: tizen 2.3.2) I need to get public key of author certificate (used for sign app) for check token of paired smartphone app in SAP [Samsung Accessory Protocol] authentication implementation.

Werable app and smartphone app (android) are signed with same keystore.

Is it possible via packageManager API or similar?

var myAppSigCert = "";//I NEED THIS ONE

SAAgent.authenticatePeerAgent(peerAgent,
    function(peerAgent, authToken){
        if (authToken.key === myAppSigCert ) {
            alert("Service connection request accepted: " + peerAgent.appName);
            SAAgent.acceptServiceConnectionRequest(peerAgent);      
        }else{
            alert("Service connection request REJECT: " + peerAgent.appName);
            SAAgent.rejectServiceConnectionRequest(peerAgent);
        }
   });

score 1 · Accepted Answer · answered Oct 31 '17 at 14:20

Found. First of all in config.xml of web application add CERTIFICATE privilege:

    <tizen:privilege name="http://tizen.org/privilege/appmanager.certificate"/>

Then simply call getAppCert method of tizen.application:

var appCerts = tizen.application.getAppCerts(null);
for (var i = 0; i < appCerts.length; i++) {
    console.log("#" + i + " type:" + appCerts[i].type);
    console.log("#" + i + " value:" + appCerts[i].value);
}

appmanager.certificate privilege need signing AuthorCertificate of PARTNER level to be used, for PUBLIC AuthorCertificate it return this exception during app installation:

-   [MISMATCHED_PRIVILEGE_LEVEL]Signature Level is too low to use http://tizen.org/privilege/appmanager.certificate - Signature Level = public, Privilege Level = partner

More info about Tizen privileges are available here: https://www.tizen.org/tv/privilege

Info about privileges security system: https://developer.tizen.org/dev-guide/2.4/org.tizen.gettingstarted/html/web/details/sec_privileges_w.htm

API reference to get Public Key of signing certificates at runtime: https://developer.tizen.org/development/api-references/web-application?redirect=https://developer.tizen.org/dev-guide/2.3.2/org.tizen.web.apireference/html/device_api/wearable/tizen/application.html#ApplicationManager::getAppCerts

score -1 · Answer 2 · answered Oct 25 '17 at 06:22

Author certificates helps in maintaining secure peer authentication between the Tizen Gear App and the Android mobile app. The Certificate Extension SDK support creation of Tizen author certificate based on Android keystore file.

Tutorial for Creating Gear Author Certificate Using Android Keystore >> Appendix D

After creating the certificate you may find the public key of author certificate from your machine,

/tizen-sdk-data/keystore/author-name/author

Use it in your code like

// from sample app
var authTokenKey = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhO5x67wRt3Ni5A4n+HBbAczE6p8lAEgnywXInIUMKuCDSaEpM3EwYE6GUGACDbAoCx7EBTS54XbLWrnz10XZAKZyMoQidI+JWiSwlNYOxGlfHJgxVEExr2ZmlKVYedQxlGZNsLjGziYW0Y6UIXmDOeDA1b4g7Grbx0vS1BXC3Mv8s/8zlAl3NPj6BU1mh2hWKJL9+eDaM3bmYK1JJ9jbLlIzCsl0fZ4kR1xlSToZDBk53LxO0n1ekUpsEmMbFcmj1KKGQQn6A+ej0s5iOlXz6dgDfg4PxoTnlutwLOilz4zJLySZA6o3jG2kYls6ZBEjaz9ZeHxQlEV9PKh/Vgq8wwIDAQAB"

    /* Authentication of requesting peer agent */
    if (typeof(SAAgent.authenticatePeerAgent) === 'function') {
        SAAgent.authenticatePeerAgent(
            peerAgent,
            function (peerAgent, authToken) {
                /* Authentication token of peer agent arrives */
                if (authToken.key === authTokenKey) {
                    SAAgent.acceptServiceConnectionRequest(peerAgent);
                    createHTML("Service connection request accepted via authenticatePeerAgent");

                } else {
                    SAAgent.rejectServiceConnectionRequest(peerAgent);
                    createHTML("Service connection request rejected via authenticatePeerAgent");
                }
            },
            function (e) {
                /* Error handling */
                SAAgent.rejectServiceConnectionRequest(peerAgent);
                createHTML("Service connection request rejected due to error:<br />" +
                            "Error name : " + e.name + "<br />" +
                            "Error message : " + e.message);
            }
        );
    }

Find the sample app of SAP.

There is a way to get "authTokenKey" via API at runtime instead of manually set that? — Frix33, Oct 25 '17 at 06:25
From tizen watch app (web), in android smartphone app i'm able to get public key of signing certificate, my question is if in tizen web sdk exist any API to get public key without manually set that in a javascript variable, for example [packageManagerAPI](https://developer.tizen.org/zh-hans/development/guides/web-application/application-management/package-information) You know a way? — Frix33, Oct 25 '17 at 07:26
Can you please check if you still have the "Advanced options"? My Certificate Manager doesn't have that option, so I can't sign the Tizen app with the same as the Android. Therefore I cannot secure the communication, it would be a great help if you could check your Certificate Manager. — Daniel, Mar 24 '21 at 07:30

How can I get public key of author certificate in tizen werable web app?

2 Answers2