===== Certificates =====
Nice Introduction
https://developer.mozilla.org/en-US/docs/Introduction_to_Public-Key_Cryptography

==== Java ====
In Java Certificates are packed in Java Keystores.

The can be exported from Java Keystore by doing. Details [[http://docs.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html|here]]:
<code> 
keytool  -exportcert {-alias alias} {-file cert_file} {-storetype storetype} {-keystore keystore} [-storepass storepass] {-providerName provider_name} {-providerClass provider_class_name {-providerArg provider_arg}} {-rfc} {-v} {-protected} {-Jjavaoption}
</code>


==== Android ====
The keystores which android do understand have do have the type BKS (Bouncycastle).
The bouncyCastel must have teh version bcprov-ext-jdk15on-1.46.jar, available here: http://repo1.maven.org/maven2/org/bouncycastle/bcprov-ext-jdk15on/1.46/bcprov-ext-jdk15on-1.46.jar

The Android Keystoree can be creatd using Java's keytool as following:

<code>

REM Dieses Script generiert ein client-keystore, vom Typ BKS. Diese Keystores koennen von Android gelesen werden.
REM Das Script soll dazu verwendet werden Produktivzertifikate in einen Keystore zu packen und mit der App auszuliefern.
REM
REM Benutzung: die Zertifikate, welche im keystore gespeichert werden sollen ins gleiche Verzeichniss legen. Script ausfuhren. Der keystore client_keystore_bks.ks wird im gleichen Verzeichniss erzeugt.

setlocal ENABLEDELAYEDEXPANSION

SET SCRIPT_KEYSTORE_FILE_NAME=client_keystore_bks.ks
SET ALIAS_PREFIX=uic918_dsa_sign_ivu_
SET BOUNCYCASTLE=bcprov-ext-jdk15on-1.46.jar

echo Creating an empty keystore
keytool -genkey -storepass tough1 -keypass tough1 -alias test -keystore %SCRIPT_KEYSTORE_FILE_NAME% -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath %BOUNCYCASTLE% -dname "CN=Name Lastname, OU=Organisational Unit, O=Organization, L=Aachen, S=State, C=US"
keytool -delete -storepass tough1 -keypass tough1 -alias test -keystore %SCRIPT_KEYSTORE_FILE_NAME% -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath %BOUNCYCASTLE%

if not exist "%SCRIPT_KEYSTORE_FILE_NAME%" goto KEYSTORE_NOT_FOUND

cls
echo -------------------------------------------------------------------


set /A cnt=1
for %%f in (*.cer) do (
            echo %%~nf
	    keytool -import -trustcacerts -alias "uic918_dsa_sign_ivu_!cnt!" -file %%~nf.cer -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath %BOUNCYCASTLE% -storepass tough1 -keypass tough1 -keystore %SCRIPT_KEYSTORE_FILE_NAME% 
            set /A cnt=cnt+1
)


goto FINISHED


:KEYSTORE_NOT_FOUND
echo ERROR: could not create the certificate file: %SCRIPT_KEYSTORE_FILE_NAME%
exit /b 1


:FINISHED
exit /b 0
</code>