How to generate KeyPair in android KeyStore, protected by custom password

三世轮回 提交于 2019-12-07 03:52:17

问题


I have app which uses Fingerprint and 4 digit pin (which can be set by user in application settings, this is not system pin/pattern/password) authorization.

With Fingerprint everything is fine, I have problem with pin.

What I'm trying to do is:

  1. Let user set pin from application settings
  2. Generate Keypair in keystore for some alias protected by entered pin (so that private key can not be accessed without this pin)
  3. Send public key to server for future signature verification
  4. Get user token from server and store it in local storage

Then during Authorization:

  1. Request user to enter the pin
  2. Retrieve private key by entered pin
  3. Retrieve token from local storage
  4. Sign token with private key from step 6
  5. Send it to server with signed data
  6. Verify signature on server and if it is valid, open session for user.

My question is: How can I generate KeyPair protected by pin entered by user

P.S. For fingerprint this logic is handled by:

KeyGenParameterSpec.Builder(KEY_NAME, KeyProperties.PURPOSE_SIGN).setUserAuthenticationRequired(true)

回答1:


I will suggest try to use this post Use the Android KeyStore to securely store arbitrary strings post.

This post have covered point as

  1. Generate, securely store, and retrieve encryption keys on the device.

  2. Encrypt arbitrary data and save it on the device.

  3. Access and decrypt the data for subsequent use.

I hope it will help.



来源:https://stackoverflow.com/questions/40548551/how-to-generate-keypair-in-android-keystore-protected-by-custom-password

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!