1. 技术文章
  2. Save and Retrieve KeyPair in AndroidKeystore

Save and Retrieve KeyPair in AndroidKeystore

五迷三道 提交于 2020-01-14 10:08:59

问题


I need to generate a RSA 2018 Keypair, then save it, and recover if exist.

At this moment, I have this:

SecureRandom random = new SecureRandom();
RSAKeyGenParameterSpec spec = new RSAKeyGenParameterSpec(keySize, RSAKeyGenParameterSpec.F4);
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA", "SC");
generator.initialize(spec, random);
return generator.generateKeyPair();

This works perfect, but now I tried to save and take it from Android Keystore, but I'm not achieving it. I tryed:

String alias = "TESTINGKEY";
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        if (!keyStore.containsAlias(alias)) {
            SecureRandom random = new SecureRandom();
            RSAKeyGenParameterSpec spec = new RSAKeyGenParameterSpec(keySize, RSAKeyGenParameterSpec.F4);
            KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA", "SC");
            generator.initialize(spec, random);
            return generator.generateKeyPair();
        } else {
            Key key = keyStore.getKey(alias, null);
            if (key instanceof PrivateKey) {
                Certificate cert = keyStore.getCertificate(alias);
                return new KeyPair(cert.getPublicKey(), (PrivateKey) key);
            } else {
                return null;
            }
        }

But is not working right, because at the second run of the app, the keystore don't contains the Keypair.

In https://developer.android.com/training/articles/keystore.html?hl=es I saw that the KeyGenParameterSpec, the builder have a "alias" value, but int the RSAKeyGenParameterSpec don't.

How can I save it?


回答1:


With AndroidKeyStore is needed to use KeyGenParameterSpec.Builder to generate the keys. Also use AndroidKeyStore instead of SC. You can use the following code

Generate the keys (Android>=23)

KeyPairGenerator kpg = KeyPairGenerator.getInstance(
                KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore");

kpg.initialize(new KeyGenParameterSpec.Builder(
                alias,
                KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY)
                .setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512)
                .setKeySize(keySize)
                .build());

KeyPair keyPair = kpg.generateKeyPair();

Load the keys

KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
keyStore.load(null);
KeyStore.Entry entry = keyStore.getEntry(alias, null);
PrivateKey privateKey = ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
PublicKey publicKey = keyStore.getCertificate(alias).getPublicKey();



回答2:


additional to answer pedrofb for SDK <= 22 you can use KeyPairGeneratorSpec instead of KeyGenParameterSpec

Info: https://developer.android.com/reference/android/security/KeyPairGeneratorSpec.html



来源:https://stackoverflow.com/questions/42110123/save-and-retrieve-keypair-in-androidkeystore

标签
android
rsa
android-keystore
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!