java - How to store RSA Private Key on android app -
i did @ post: cannot generate rsa private key on android did not work me.
my idea encrypt access token using rsa encryption , store private key on device. have encrypted token using rsa lost best place store key is. tried storing using keystore, not know enough debug why not working. keep getting error: java.security.unrecoverablekeyexception: no match.
my keys match, again, no idea whats wrong not know enough this. using setentry , storing private key in weird , wonderful ways im sure, if worked not have been same key when returned.
what best way store private key , where???
i no security expert advice on appreciated if should rather use aes?
my code below, using 1 activity.
package com.example.rsatest; import java.io.file; import java.io.fileinputstream; import java.io.fileoutputstream; import java.security.key; import java.security.keypair; import java.security.keypairgenerator; import java.security.keystore; import java.security.keystore.loadstoreparameter; import java.security.keystore.passwordprotection; import java.security.keystore.protectionparameter; import java.security.keystore.secretkeyentry; import javax.crypto.cipher; import javax.crypto.secretkey; import android.app.activity; import android.content.activitynotfoundexception; import android.content.context; import android.content.intent; import android.os.build; import android.os.bundle; import android.os.dropboxmanager.entry; import android.util.base64; import android.util.log; import android.view.menu; import android.view.menuitem; public class mainactivity extends activity { string keystorefile; key privatekey = null; boolean isunlocked = false; keystore keystore = null; @override protected void oncreate(bundle savedinstancestate) { super.oncreate(savedinstancestate); setcontentview(r.layout.activity_main); keystorefile = this.getfilesdir() + "/bpstore.keystore"; try { if (build.version.sdk_int < build.version_codes.honeycomb) { startactivity(new intent("android.credentials.unlock")); isunlocked = true; } else { startactivity(new intent("com.android.credentials.unlock")); isunlocked = true; } } catch (activitynotfoundexception e) { log.e("tag", "no unlock activity: " + e.getmessage(), e); isunlocked = false; } if(isunlocked){ privatekey = getprivatekey(); try{ char[] pw =("123").tochararray(); keystore = createkeystore(this,keystorefile, pw); passwordprotection keypassword = new passwordprotection("pw-secret".tochararray()); secretkey sk = new secretkey() { @override public string getformat() { // todo auto-generated method stub return privatekey.getformat(); } @override public byte[] getencoded() { // todo auto-generated method stub return privatekey.getencoded(); } @override public string getalgorithm() { // todo auto-generated method stub return privatekey.getalgorithm(); } }; system.out.println(sk.getencoded()); system.out.println(privatekey.getencoded()); keystore.secretkeyentry ent = new secretkeyentry(sk); keystore.setentry("pk", ent, keypassword); keystore.store(new fileoutputstream(keystorefile), pw); keystore keystore2; keystore2 = keystore.getinstance("bks"); keystore2.load(new fileinputstream(keystorefile), pw); keystore.entry entry = keystore2.getentry("pk", keypassword); keystore.secretkeyentry entout = (keystore.secretkeyentry)entry; }catch(exception ex){ system.out.println("error: " + ex.tostring()); } } } @override public boolean oncreateoptionsmenu(menu menu) { // inflate menu; adds items action bar if present. getmenuinflater().inflate(r.menu.main, menu); return true; } @override public boolean onoptionsitemselected(menuitem item) { // handle action bar item clicks here. action bar // automatically handle clicks on home/up button, long // specify parent activity in androidmanifest.xml. int id = item.getitemid(); if (id == r.id.action_settings) { return true; } return super.onoptionsitemselected(item); } private keystore createkeystore(context context, string filename, char[] pw) throws exception { system.out.println("[dir]:" + filename); file file = new file(filename); keystore = keystore.getinstance("bks"); if (file.exists()) { keystore.load(new fileinputstream(file), pw); } else { keystore.load(null, null); keystore.store(new fileoutputstream(filename), pw); } return keystore; } private key getprivatekey(){ string thetesttext = "this simple test!"; key publickey = null; key privatekey = null; try { keypairgenerator kpg = keypairgenerator.getinstance("rsa"); kpg.initialize(1024); keypair kp = kpg.genkeypair(); publickey = kp.getpublic(); privatekey = kp.getprivate(); } catch (exception e) { log.e("", "rsa key pair error"); } // encode original data rsa private key byte[] encodedbytes = null; try { cipher c = cipher.getinstance("rsa"); c.init(cipher.encrypt_mode, privatekey); encodedbytes = c.dofinal(thetesttext.getbytes()); } catch (exception e) { log.e("", "rsa encryption error"); } // decode encoded data rsa public key byte[] decodedbytes = null; try { cipher c = cipher.getinstance("rsa"); c.init(cipher.decrypt_mode, publickey); decodedbytes = c.dofinal(encodedbytes); } catch (exception e) { log.e("", "rsa decryption error"); } return privatekey; } } thanks in advance, warren
instead of trying add rsa private key keystore ended using aes instead , wrap using cipher. have included proguard our android project make harder decompile our apk.
thank maarten bodewes answer , help.
that other post pretty specific error. didn't have correct tags missed it. code; why trying store asymmetric key symmetric key (secretkey)? not work. note java keystore interface pretty aimed @ storing keys + certificates. may want use storing method rsa private keys (e.g. wrap them using cipher).
Comments
Post a Comment