How to create masterKey after MasterKeys deprecated in Android

Question

I am using the following code to store some information encrypted in my app.

    val masterKey = MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC)

    val s         


        

Answer 1

My version to get secret shared preference :

private fun getSecretSharedPref(context: Context): SharedPreferences {
    val masterKey = MasterKey.Builder(context)
            .setKeyScheme(MasterKey.KeyScheme.AES256_GCM)
            .build()

    return EncryptedSharedPreferences.create(context,
            "secret_shared_prefs",
            masterKey,
            EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
            EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
    )
}

Answer 2

You can use it like this below

//Creating MasterKey
            val masterKey = MasterKey.Builder(context)
                .setKeyScheme(MasterKey.KeyScheme.AES256_GCM)
                .build()

            val fileToRead = "your_file_name.txt"
            val encryptedFile = EncryptedFile.Builder(context,
                File(context.filesDir, fileToRead),
                masterKey,
                EncryptedFile.FileEncryptionScheme.AES256_GCM_HKDF_4KB
            ).build()

Answer 3

I had exactly the same problem today. See below for fix/workaround (example is in Java code but you can easily do the same in Kotlin)

1. Use MasterKey.Builder to create MasterKey (instead of MasterKeys). Build it with "manually" created KeyGenParameterSpec:

    // this is equivalent to using deprecated MasterKeys.AES256_GCM_SPEC
    KeyGenParameterSpec spec = new KeyGenParameterSpec.Builder(
            MASTER_KEY_ALIAS,
            KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
            .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
            .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
            .setKeySize(KEY_SIZE)
            .build();
   
    MasterKey masterKey = new MasterKey.Builder(MainActivity.this)
            .setKeyGenParameterSpec(spec)
            .build();
   

2. Create EncryptedSharedPreferences using slightly different version of "create" method:

    EncryptedSharedPreferences.create(
            MainActivity.this,
            "your-app-preferences-name",
            masterKey, // masterKey created above
            EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
            EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM);
   

That should do the trick :)

Reference and more details: https://devmainapps.blogspot.com/2020/06/android-masterkeys-deprecated-how-to.html

Answer 4

try this one

MasterKey masterKey = new MasterKey.Builder(context, MasterKey.DEFAULT_MASTER_KEY_ALIAS)
        .setKeyScheme(MasterKey.KeyScheme.AES256_GCM)
        .build();

SharedPreferences sharedPreferences = EncryptedSharedPreferences.create(
        context,
        SHARED_PREF_NAME,
        masterKey,
        EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
        EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM);

Answer 5

you can use either of the way

KeyGenParameterSpec spec = new KeyGenParameterSpec.Builder(
     MASTER_KEY_ALIAS,
     KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
     .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
     .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
     .setKeySize(KEY_SIZE)
     .build();

MasterKey masterKey = new MasterKey.Builder(MainActivity.this)
     .setKeyGenParameterSpec(spec)
     .build();

or

MasterKey masterKey = new 
              MasterKey.Builder(context,MasterKey.DEFAULT_MASTER_KEY_ALIAS).
              setKeyScheme(MasterKey.KeyScheme.AES256_GCM).build();

MasterKey.KeyScheme.AES256_GCM internally use same key generatespec as stated above.