Usage of software/hardware-backed Android Keystore and possible security/usability drawbacks

后端 未结 2 1574
鱼传尺愫
鱼传尺愫 2021-02-13 09:57

I\'m currently looking at the possibilities of storing/using secrets keys in an Android application. I\'ve found Nikolay Elenkov\'s blog very helpful regarding this topic and I\

2条回答
  •  青春惊慌失措
    2021-02-13 10:13

    Your analysis of the TEE-based hardware-backed scenario is correct. The private key bits generated in the TEE (which isn't necessarily compliant with the Global Platform specs) never leave the TEE and private key operations are performed inside it.

    You're also correct that the handles to the TEE-based keys are stored in Keystore, so it's possible for root to access and use any of them, or to move them around so any app can use them.

提交回复
热议问题