具有Android Key Store中密钥的ECDH [英] ECDH with key in Android Key Store

问题描述

我正在开发一个可生成EC非对称密钥的Android应用.当我的应用连接到设备时，他们会交换其公共密钥.然后，他们使用ECDH来建立共享机密.然后，可以使用此共享机密导出AES会话密钥.所有这一切都很好.

I'm developping an Android App that generates an EC Asymetric key. When my app gets connected to a device, they exchange their public key. They then use ECDH to establish a shared secret. This shared secret is then used to derive an AES session key. All this is working fine.

我现在正在研究非对称密钥的存储.我想将其放在Android KeyStore中，但是我不知道如何执行ECDH操作.密钥存储区中的密钥可用于签名，解密或加密，但是我看不到执行ECDH操作的可能性.有可能吗?

I'm now working on the storage of the asymetric key. I wanted to put it in the Android KeyStore but I don't see how I can then do the ECDH operation. The key in the key store can be used to sign, decrypt or encrypt but I don't see the possibility to do ECDH operation. Is it possible?

在浏览时，我看到了此讨论，其中说这是不可能的.如果是这种情况，我该如何保护"我的非对称密钥?

While browsing SO, I have seen this discussion which says that it is not possible. If that's the case, how can I "secure" my asymetric key?

谢谢

推荐答案

AndroidKeyStore当前不支持ECDH，因为您可以在此处看到 https://developer.android.com/training/articles/keystore

ECDH is not currently supported by AndroidKeyStore as you can see here https://developer.android.com/training/articles/keystore

将密钥对安全存储到设备中的另一种方法是使用由AndroidKeyStore管理的加密密钥对EC私钥进行加密.

The alternative to store securely the key pair into the device is to use an encryption key managed by AndroidKeyStore to encrypt the EC private key.

您可以根据目标版本使用RSA或AES密钥.请参见如何在Android中安全存储加密密钥?

You can use a RSA or AES key depending on your target version. See how to securely store encryption keys in android?

这篇关于具有Android Key Store中密钥的ECDH的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！