Android - Certificate Install without mandatory PIN lockscreen

I've described how to do exacly this on my page, "Installing CAcert certificates on Android as 'system' credentials without lockscreen - instructions" at http://wiki.pcprobleemloos.nl/android/cacert

I've also posted it on the cyanogenmod forum: http://forum.cyanogenmod.com/topic/82875-installing-cacert-certificates-on-android-as-system-credentials-without-lockscreen/

Basically, the commands are:

openssl x509 -inform PEM -subject_hash_old -in root.crt | head -1

To get the correct filename, then convert the certificate:

cat root.crt > 5ed36f99.0
openssl x509 -inform PEM -text -in root.crt -out /dev/null >> 5ed36f99.0

Copy them to /system/etc/security/cacerts/ and chmod the new .0 files to '644'. Reboot and verify. On your android device select 'Clear cerficates' and you are able to remove the pin (by entering the pin and changing your lockscreen to 'none' or 'wipe'

Here I used the CAcert root certificate, but you probably want the class3.crt certificate as well, or use your own certificates.


I've discovered a solution that works without additional software or manual file copying:

  1. Set your lock screen to "pattern". Enter a pattern and an unlock PIN. Remember the unlock PIN.
  2. Install your user certificate.
  3. Turn the screen off and on.
  4. Enter the pattern wrongly a few times, until the "Forgot pattern?" option appears.
  5. Click "Forgot pattern?", scroll down, enter the unlock PIN and confirm with "OK".
  6. Close the "Screen unlock settings" window with the back button without selecting an option.

The system is now set to "Swipe unlock", but the user certificate is still usable (tested with the web browser and a custom app using DefaultHttpClient).

Tested on an Android 4.1.2 on a Galaxy Tab 2 10.1.


The problem with disabling the lockscreen security using the toggle/profile is that the lockscreen widgets don't appear either so you can't slide to unlock. Also, when you reboot your phone the buttons don't work until you retoggle the setting again.

Another way is to install the certificate as usual then backup the /data/misc/keychain and keystore directories using something that preserves the ACLs such as Root Explorer to a location that supports ACLs. I suggest copying them to /tmp. Then clear the credentials from Settings and enable Slide To Unlock. Then copy back the folders from /tmp. The CA will be installed.

Tags:

Security

Certificates

Lock Screens

Related

Android - Is there a way to force an app to remain running in the background no matter what? Android - How to find out if my Device's Kernel has Loop Device Support Android - How to configure Show Owner Info on Lock Screen on Galaxy S2 / Android 4.0.3? Android - Where can I find out when I installed an app? Android - Importing photos finds all image files, not just camera pictures Android - How do I edit my home address for Google Now/Maps/Latitude? Android - Child-proofing an Android phone? Android - What's the safe limit on charger output for a Galaxy Nexus Android - Override WhatsApp contact image with the chosen Contact Image Android - Remove credit card from google wallet, will it affect purchased apps? Android - Is there a way to adjust the size of the text when reading PDF files? Android - My android device has been splashed/soaked by sea water

Recent Posts