android.security.KeyStoreException:无效的密钥Blob [英] android.security.KeyStoreException: Invalid key blob
问题描述
我无法从Android上的KeyStore获取(私钥).问题主要发生 在Samsung设备(S6,S6 Edge)和Android 6上运行.
I cannot obtain a (private) key from KeyStore on Android. Problem occurs mainly on Samsung devices (S6, S6 Edge) and Android 6.
android.security.KeyStoreException:无效的密钥Blob
(其中别名是存储密钥的名称).
is thrown when following line is called (where alias is name for store key).
KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry)keyStore.getEntry(alias, null);
KeyStore本身是通过
The KeyStore itself is obtained by
KeyStore.getInstance("AndroidKeyStore");
并且密钥是通过以下方法生成的:
And key is generated by the following method:
private static void createKey(String alias, String subject, KeyStore keyStore, BigInteger serialNumber, Date startDate, Date endDate, String algorithm, String keyStoreProvider, Context context)
throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
if (keyStore.containsAlias(alias)) {
// Key already exists.
return;
}
// Generate keys.
KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(context)
.setAlias(alias)
.setSubject(new X500Principal(subject))
.setSerialNumber(serialNumber)
.setStartDate(startDate)
.setEndDate(endDate)
.build();
KeyPairGenerator generator = KeyPairGenerator.getInstance(algorithm, keyStoreProvider);
generator.initialize(spec);
KeyPair keyPair = generator.generateKeyPair();
}
其中算法为"RSA",keyStoreProvider为"AndroidKeyStore".
Where algorithm is "RSA" and keyStoreProvider is "AndroidKeyStore".
堆栈跟踪的一部分:
android.security.KeyStoreException: Invalid key blob
at android.security.KeyStore.getKeyStoreException(KeyStore.java:939)
at android.security.keystore.AndroidKeyStoreProvider.loadAndroidKeyStorePublicKeyFromKeystore(AndroidKeyStoreProvider.java:216)
at android.security.keystore.AndroidKeyStoreProvider.loadAndroidKeyStoreKeyPairFromKeystore(AndroidKeyStoreProvider.java:252)
at android.security.keystore.AndroidKeyStoreProvider.loadAndroidKeyStorePrivateKeyFromKeystore(AndroidKeyStoreProvider.java:263)
at android.security.keystore.AndroidKeyStoreSpi.engineGetKey(AndroidKeyStoreSpi.java:93)
at java.security.KeyStoreSpi.engineGetEntry(KeyStoreSpi.java:372)
at java.security.KeyStore.getEntry(KeyStore.java:645)
该异常导致 java.security.UnrecoverableKeyException:无法获取有关私钥的信息.
我找不到有关无效密钥Blob"的任何更详细的信息, 仅在此处定义了消息本身: https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/security/keymaster/KeymasterDefs.java
I was not able to find any closer information about "Invalid key blob", only that the message itself is defined here: https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/security/keymaster/KeymasterDefs.java
推荐答案
当用户尝试从LOCK/UNINITIALIZED
到UNLOCK
时,会出现此问题.默认情况下,它为计时定义为30 secs
. 此问题是与API相关的实现问题.
This problem is occurred when user tries to UNLOCK
from LOCK/UNINITIALIZED
. It is by default defined as 30 secs
for timing. This problem is it's API related implementation issue.
此错误是从InvalidKeyException
生成的.通过绕过此异常并再次调用该方法,您可以摆脱此错误.
This error is generated from InvalidKeyException
. By bypassing this exception and call the method again, you can get rid of this error.
您必须从catch参数中删除InvalidKeyException
类.这仍然允许您检查InvalidKeyException
.检查后,您必须再次尝试使用代码,以便该问题不会立即出现,但进行2次检查可能会解决您的问题.代码如下.
You have to remove the InvalidKeyException
class from the catch argument. This will still allow you to check for InvalidKeyException
. After checking you have to try for second time with code so that the problem is not shown in eye but doing 2 times checking it may solve your issue. Code is given below.
try {
KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.keyStore
.getEntry("alias", null);
} catch (InvalidKeyException ex) {
ex.printStackTrace();
if (ex instanceof InvalidKeyException) { // bypass
// InvalidKeyException
// You can again call the method and make a counter for deadlock
// situation or implement your own code according to your
// situation
if (retry) {
keyStore.deleteEntry(keyName);
return getCypher(keyName, false);
} else {
throw ex;
}
}
} catch (final Exception e) {
e.printStackTrace();
throw e;
}
您可以看到我的另一个 answer 一一描述发生的情况 问题和解决方案.
You can see my another answer that describes one by one occurring issue and solution.
来自 @Ankis 的更新:
在解决问题时,将InvalidKeyException
更改为UnrecoverableKeyException
.因此,我已根据您的建议进行了更新,以便全世界都可以知道实际的答案.感谢您的分享:).
UPDATE from @Ankis:
As you solved the issue by changing InvalidKeyException
to UnrecoverableKeyException
. So I have updated as per your suggestion so that world can know the actual answer. Thanks for sharing :).
try {
KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.keyStore
.getEntry("alias", null);
} catch (UnrecoverableKeyException ex) {
ex.printStackTrace();
// You can again call the method and make a counter for deadlock
// situation or implement your own code according to your
// situation
if (retry) {
keyStore.deleteEntry(keyName);
return getCypher(keyName, false);
}
} catch (final Exception e) {
e.printStackTrace();
throw e;
}
这篇关于android.security.KeyStoreException:无效的密钥Blob的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!