android.security.KeyStoreException:无效的密钥Blob [英] android.security.KeyStoreException: Invalid key blob

问题描述

我无法从Android上的KeyStore获取(私钥).问题主要发生 在Samsung设备(S6，S6 Edge)和Android 6上运行.

I cannot obtain a (private) key from KeyStore on Android. Problem occurs mainly on Samsung devices (S6, S6 Edge) and Android 6.

android.security.KeyStoreException:无效的密钥Blob

(其中别名是存储密钥的名称).

is thrown when following line is called (where alias is name for store key).

KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry)keyStore.getEntry(alias, null);

KeyStore本身是通过

The KeyStore itself is obtained by

KeyStore.getInstance("AndroidKeyStore");

并且密钥是通过以下方法生成的:

And key is generated by the following method:

private static void createKey(String alias, String subject, KeyStore keyStore, BigInteger serialNumber, Date startDate, Date endDate, String algorithm, String keyStoreProvider, Context context)
            throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
    if (keyStore.containsAlias(alias)) {
        // Key already exists.
        return;
    }

    // Generate keys.
    KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(context)
            .setAlias(alias)
            .setSubject(new X500Principal(subject))
            .setSerialNumber(serialNumber)
            .setStartDate(startDate)
            .setEndDate(endDate)
            .build();

    KeyPairGenerator generator = KeyPairGenerator.getInstance(algorithm, keyStoreProvider);
    generator.initialize(spec);

    KeyPair keyPair = generator.generateKeyPair();
}

其中算法为"RSA"，keyStoreProvider为"AndroidKeyStore".

Where algorithm is "RSA" and keyStoreProvider is "AndroidKeyStore".

堆栈跟踪的一部分:

android.security.KeyStoreException: Invalid key blob
       at android.security.KeyStore.getKeyStoreException(KeyStore.java:939)
       at android.security.keystore.AndroidKeyStoreProvider.loadAndroidKeyStorePublicKeyFromKeystore(AndroidKeyStoreProvider.java:216)
       at android.security.keystore.AndroidKeyStoreProvider.loadAndroidKeyStoreKeyPairFromKeystore(AndroidKeyStoreProvider.java:252)
       at android.security.keystore.AndroidKeyStoreProvider.loadAndroidKeyStorePrivateKeyFromKeystore(AndroidKeyStoreProvider.java:263)
       at android.security.keystore.AndroidKeyStoreSpi.engineGetKey(AndroidKeyStoreSpi.java:93)
       at java.security.KeyStoreSpi.engineGetEntry(KeyStoreSpi.java:372)
       at java.security.KeyStore.getEntry(KeyStore.java:645)

该异常导致 java.security.UnrecoverableKeyException:无法获取有关私钥的信息.

我找不到有关无效密钥Blob"的任何更详细的信息， 仅在此处定义了消息本身: https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/security/keymaster/KeymasterDefs.java

I was not able to find any closer information about "Invalid key blob", only that the message itself is defined here: https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/security/keymaster/KeymasterDefs.java

推荐答案

当用户尝试从LOCK/UNINITIALIZED到UNLOCK时，会出现此问题.默认情况下，它为计时定义为30 secs. 此问题是与API相关的实现问题.

This problem is occurred when user tries to UNLOCK from LOCK/UNINITIALIZED. It is by default defined as 30 secs for timing. This problem is it's API related implementation issue.

此错误是从InvalidKeyException生成的.通过绕过此异常并再次调用该方法，您可以摆脱此错误.

This error is generated from InvalidKeyException. By bypassing this exception and call the method again, you can get rid of this error.

您必须从catch参数中删除InvalidKeyException类.这仍然允许您检查InvalidKeyException.检查后，您必须再次尝试使用代码，以便该问题不会立即出现，但进行2次检查可能会解决您的问题.代码如下.

You have to remove the InvalidKeyException class from the catch argument. This will still allow you to check for InvalidKeyException. After checking you have to try for second time with code so that the problem is not shown in eye but doing 2 times checking it may solve your issue. Code is given below.

try {
    KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.keyStore
            .getEntry("alias", null);

} catch (InvalidKeyException ex) {
    ex.printStackTrace();
    if (ex instanceof InvalidKeyException) { // bypass
                                                // InvalidKeyException
        // You can again call the method and make a counter for deadlock
        // situation or implement your own code according to your
        // situation
        if (retry) {
            keyStore.deleteEntry(keyName);
            return getCypher(keyName, false);
        } else {
            throw ex;
        }
    }
} catch (final Exception e) {
    e.printStackTrace();
    throw e;
}

您可以看到我的另一个 answer 一一描述发生的情况 问题和解决方案.

You can see my another answer that describes one by one occurring issue and solution.

来自 @Ankis 的更新:

在解决问题时，将InvalidKeyException更改为UnrecoverableKeyException.因此，我已根据您的建议进行了更新，以便全世界都可以知道实际的答案.感谢您的分享:).

UPDATE from @Ankis:

As you solved the issue by changing InvalidKeyException to UnrecoverableKeyException. So I have updated as per your suggestion so that world can know the actual answer. Thanks for sharing :).

try {
    KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.keyStore
            .getEntry("alias", null);

} catch (UnrecoverableKeyException ex) {
    ex.printStackTrace();
        // You can again call the method and make a counter for deadlock
        // situation or implement your own code according to your
        // situation
        if (retry) {
            keyStore.deleteEntry(keyName);
            return getCypher(keyName, false);
        }
} catch (final Exception e) {
    e.printStackTrace();
    throw e;
}

这篇关于android.security.KeyStoreException:无效的密钥Blob的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！