android.security.KeyStoreException：少数设备上发生未知错误 [英] android.security.KeyStoreException: Unknown error On a rare number of devices

问题描述

我遇到 android.security.KeyStoreException：未知错误在极少数具有不同Android版本（6-8）的设备上

I'm getting android.security.KeyStoreException: Unknown error On a rare number of devices with different Android Versions (6 - 8)

这是我的密钥生成代码：

This is my key generation code:

final KeyPairGenerator keyGenerator = KeyPairGenerator
                        .getInstance(KeyProperties.KEY_ALGORITHM_RSA, 

ANDROID_KEY_STORE);

keyGenerator.initialize(new KeyGenParameterSpec.Builder(ALIAS,
                    KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
                    .setKeySize(2048)
                    .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1)
                    .build());

return keyGenerator.generateKeyPair();

这是我加载密钥对的方式：

This is how I load the keyPair:

if (keyStore.containsAlias(ALIAS))
            {
                KeyStore.Entry entry = keyStore.getEntry(ALIAS, null);
                if (entry != null)
                {
                    if (entry instanceof KeyStore.PrivateKeyEntry)
                    {
                        Log.i(TAG, "KeyPair found.");
                        KeyStore.PrivateKeyEntry pke = (KeyStore.PrivateKeyEntry) entry;
                        Certificate cert = pke.getCertificate();

                        if (cert != null)
                        {
                            return new KeyPair(cert.getPublicKey(), pke.getPrivateKey());
                        }

                        Log.w(TAG, "Cert / Public Key is null");
                    }
                }
            }

这是我的解密代码：

Cipher RSACipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");          

RSACipher.init(Cipher.DECRYPT_MODE, privateKey);
return new String(RSACipher.doFinal(base64.decode(textToDecrypt)), "UTF-8");

以下是解密过程失败的示例跟踪：

Here is a sample stracktrace of a failing decryption process:

Caused by javax.crypto.IllegalBlockSizeException
       at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:519)
       at javax.crypto.Cipher.doFinal(Cipher.java:1736)
       at com.examplecompany.security.EncryptionController.decryptAsymmetric(EncryptionController.java:297)
       at com.example.crypto.android2.services.CryptoClass.decryptMessage(CryptoClass.java:684)
       at com.example.crypto.android2.services.CryptoClass.handleDecryption(CryptoClass.java:619)
       at com.example.crypto.android2.services.CryptoClass.doInBackgroundInternal(CryptoClass.java:450)
       at com.example.crypto.android2.services.CryptoClass.doInBackground(CryptoClass.java:165)
       at com.example.crypto.android2.services.CryptoClass.doInBackground(CryptoClass.java:84)
       at android.os.AsyncTask$2.call(AsyncTask.java:333)
       at java.util.concurrent.FutureTask.run(FutureTask.java:266)
       at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:245)
       at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
       at java.lang.Thread.run(Thread.java:764)

Caused by android.security.KeyStoreException: Unknown error
       at android.security.KeyStore.getKeyStoreException(KeyStore.java:1137)
       at android.security.keystore.KeyStoreCryptoOperationChunkedStreamer.doFinal(KeyStoreCryptoOperationChunkedStreamer.java:224)
       at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:506)
       at javax.crypto.Cipher.doFinal(Cipher.java:1736)
       at com.examplecompany.security.EncryptionController.decryptAsymmetric(EncryptionController.java:297)
       at com.example.crypto.android2.services.CryptoClass.decryptMessage(CryptoClass.java:684)
       at com.example.crypto.android2.services.CryptoClass.handleDecryption(CryptoClass.java:619)
       at com.example.crypto.android2.services.CryptoClass.doInBackgroundInternal(CryptoClass.java:450)
       at com.example.crypto.android2.services.CryptoClass.doInBackground(CryptoClass.java:165)
       at com.example.crypto.android2.services.CryptoClass.doInBackground(CryptoClass.java:84)
       at android.os.AsyncTask$2.call(AsyncTask.java:333)
       at java.util.concurrent.FutureTask.run(FutureTask.java:266)
       at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:245)
       at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
       at java.lang.Thread.run(Thread.java:764)

在要在数千个设备上加密的所有邮件中，99.999％的加密效果很好，但有时会失败。您能帮我吗？

It works well in 99.999% of all messages to be encrypted on thousands of devices, but sometimes it fails. Can you help me?

推荐答案

刚刚在 SO中的其他问题

我在 Android问题跟踪器，据我
理解，不受限制的 PublicKey ，用于在
附近工作已知问题与当前的
密码不兼容。解决方法是在初始化 Cipher 时指定
OAEPParameterSpec ：

I found my answer on the Android Issue Tracker, from what I understand, the unrestricted PublicKey, created to work around another known issue, becomes incompatible with the current Cipher. The work around for this is to specify an OAEPParameterSpec when the Cipher is initialized:

您需要以下内容作为 Cipher 初始代码的第三个参数

You need the following as a third argument to your Cipher init code

OAEPParameterSpec spec = new OAEPParameterSpec(
        "SHA-256", "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT);


RSACipher.init(Cipher.DECRYPT_MODE, privateKey, spec); // I added the same to the init in Cipher.ENCRYPT_MODE too

这篇关于android.security.KeyStoreException：少数设备上发生未知错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！