Geek Answers Handbook

Storing an hmac key in the Android keystore

I use the code below to create an hmac key and return it as a string.

KeyGenerator keyGen = null; try { keyGen = KeyGenerator.getInstance("HmacSHA256"); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } SecretKey key = keyGen.generateKey(); byte[] encoded = key.getEncoded(); String s=Base64.encodeToString(encoded, Base64.DEFAULT); Log.i("Hmac key before encrypt",s); try { KeyStore keystore = KeyStore.getInstance("AndroidKeyStore"); keystore.load(null, null); KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keystore.getEntry("temp", null); RSAPublicKey publicKey = (RSAPublicKey) privateKeyEntry.getCertificate().getPublicKey(); Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); cipher.init(Cipher.ENCRYPT_MODE, publicKey); byte[] cipherBytes = cipher.doFinal(encoded); return Base64.encodeToString(cipherBytes,Base64.DEFAULT); } catch (UnrecoverableEntryException e) { e.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (KeyStoreException e) { e.printStackTrace(); } catch (IllegalBlockSizeException e) { e.printStackTrace(); } catch (InvalidKeyException e) { e.printStackTrace(); } catch (BadPaddingException e) { e.printStackTrace(); } catch (NoSuchPaddingException e) { e.printStackTrace(); } catch (CertificateException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); }

How can I save this in the Android keystore ?. I tried using the code below:

 KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore"); keyStore.load(null); KeyStore.ProtectionParameter param = new KeyStore.PasswordProtection("test".toCharArray()); keyStore.setEntry("key1",hmacKey,param);

I get errors regardless of the hmacKey format: String / Bytes or javax.crypto.SecretKey . Below are the errors: In the case of passing the hmacKey key:

 Wrong 2nd argument type. Found: 'java.security.Key', required: 'java.security.KeyStore.Entry'

Same thing when I pass a string or byte array.

If I set the java.security.KeyStore.Entry parameter, it still doesn't work.

Is this the right way to do this? Can anyone specify how the HMAC key can be stored in the keystore using an alias. How to convert hmack key to java.security.KeyStore.Entry format?

+3
java android cryptography hmac keystore
source share
1 answer

The Android Key Store was created so that you can use asymmetric keys and symmetric keys outside your application code. As indicated in the training material :

Key material is never part of the application process. When an application performs cryptographic operations using the Keystore Android key, behind the scenes plain text, encrypted text and messages that must be signed or verified are transferred to a system process that performs cryptographic operations. If the application process is compromised, the attacker can use the application keys, but cannot extract his key material (for example, for use outside the Android device).

Thus, the idea of ​​generating a key inside the application code - and therefore outside the keystore - is not a good idea. How to generate a secret key inside the keystore is defined for HMAC keys in the API for the KeyGenParameterSpec class :

 KeyGenerator keyGenerator = KeyGenerator.getInstance( KeyProperties.KEY_ALGORITHM_HMAC_SHA256, "AndroidKeyStore"); keyGenerator.initialize( new KeyGenParameterSpec.Builder("key2", KeyProperties.PURPOSE_SIGN).build()); SecretKey key = keyGenerator.generateKey(); Mac mac = Mac.getInstance("HmacSHA256"); mac.init(key); ... // The key can also be obtained from the Android Keystore any time as follows: KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore"); keyStore.load(null); key = (SecretKey) keyStore.getKey("key2", null);

Other types of keys can be found in the KeyProperties class KeyProperties

+3
source share

More articles:


All Articles