How to view the contents cacerts.bks (Certificate file /system/etc/security/cacerts.bks)

android root client-certificates

11,848

Solution 1

keytool -list -v -keystore "cacerts.bks" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "bcprov-jdk16-146.jar" -storetype BKS -storepass ""

Solution 2

If you do not want to be an expert who always write scripts/codes to do what he want.

This is a recommended GUI keystore tool for you: http://www.keystore-explorer.org/downloads.html

Solution 3

You can get the list of installed certificates in an Android device from code: In your onCreate() method, include this code:

For devices pre IceCream Sandwich (API < 14):

TrustManagerFactory tmf;
    try {
        tmf = TrustManagerFactory.getInstance(TrustManagerFactory
                .getDefaultAlgorithm());

        tmf.init((KeyStore) null);

        X509TrustManager xtm = (X509TrustManager) tmf.getTrustManagers()[0];
        for (X509Certificate cert : xtm.getAcceptedIssuers()) {
            String certStr = "S:" + cert.getSubjectDN().getName() + "\nI:"
                    + cert.getIssuerDN().getName();
            Log.d(LOG_TAG, certStr);
        }
    } catch (NoSuchAlgorithmException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (KeyStoreException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }

For devices with Android 4.0 and upwards (API >= 14):

try 
    {
        KeyStore ks = KeyStore.getInstance("AndroidCAStore");
        if (ks != null) 
        {
            ks.load(null, null);
            Enumeration aliases = ks.aliases();
            while (aliases.hasMoreElements()) 
            {
                String alias = (String) aliases.nextElement();
                java.security.cert.X509Certificate cert = (java.security.cert.X509Certificate) ks.getCertificate(alias);

                Log.d(LOG_TAG, cert.getIssuerDN().getName());
            }
        }
    } catch (IOException e) {
        e.printStackTrace();
    } catch (KeyStoreException e) {
        e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    } catch (java.security.cert.CertificateException e) {
        e.printStackTrace();
    }

11,848

Author by

Admin

Updated on June 05, 2022

Comments

Admin almost 2 years

Does anybody know how to view the list of root certificates that an Android device supports? I would like to see that information.

I found that /system/etc/security/cacerts.bks contains the root certificates information, but I am not able to decode the contents using any available editors.

I have also tried KeyTool but couldn't succeed with that.

Please suggest how to decode this file's content.

Regards,

Durga