在 AndroidKeystore 中保存和检索密钥对 [英] Save and Retrieve KeyPair in AndroidKeystore
问题描述
我需要生成一个 RSA 2048 密钥对,然后保存它,如果存在则恢复它.
I need to generate a RSA 2048 Keypair, then save it, and recover it if it exists.
此刻,我有这个:
SecureRandom random = new SecureRandom();
RSAKeyGenParameterSpec spec = new RSAKeyGenParameterSpec(keySize, RSAKeyGenParameterSpec.F4);
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA", "SC");
generator.initialize(spec, random);
return generator.generateKeyPair();
这很完美,但现在我尝试从 Android Keystore 中保存并获取它,但我没有实现.我试过了:
This works perfect, but now I tried to save and take it from Android Keystore, but I'm not achieving it. I tryed:
String alias = "TESTINGKEY";
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null);
if (!keyStore.containsAlias(alias)) {
SecureRandom random = new SecureRandom();
RSAKeyGenParameterSpec spec = new RSAKeyGenParameterSpec(keySize, RSAKeyGenParameterSpec.F4);
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA", "SC");
generator.initialize(spec, random);
return generator.generateKeyPair();
} else {
Key key = keyStore.getKey(alias, null);
if (key instanceof PrivateKey) {
Certificate cert = keyStore.getCertificate(alias);
return new KeyPair(cert.getPublicKey(), (PrivateKey) key);
} else {
return null;
}
}
但工作不正常,因为在第二次运行应用程序时,密钥库不包含密钥对.
But is not working right, because at the second run of the app, the keystore don't contains the Keypair.
在 https://developer.android.com/training/文章/keystore.html?hl=es 我看到KeyGenParameterSpec
,构建器有一个别名"值,但 RSAKeyGenParameterSpec
没有.
In https://developer.android.com/training/articles/keystore.html?hl=es I saw that the KeyGenParameterSpec
, the builder have a "alias" value, but int the RSAKeyGenParameterSpec
don't.
如何保存?
推荐答案
使用 AndroidKeyStore 需要使用 KeyGenParameterSpec.Builder
来生成密钥.也使用 AndroidKeyStore
而不是 SC
.您可以使用以下代码
With AndroidKeyStore is needed to use KeyGenParameterSpec.Builder
to generate the keys. Also use AndroidKeyStore
instead of SC
. You can use the following code
生成密钥 (Android>=23)
KeyPairGenerator kpg = KeyPairGenerator.getInstance(
KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore");
kpg.initialize(new KeyGenParameterSpec.Builder(
alias,
KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY)
.setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512)
.setKeySize(keySize)
.build());
KeyPair keyPair = kpg.generateKeyPair();
加载密钥
KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
keyStore.load(null);
KeyStore.Entry entry = keyStore.getEntry(alias, null);
PrivateKey privateKey = ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
PublicKey publicKey = keyStore.getCertificate(alias).getPublicKey();
这篇关于在 AndroidKeystore 中保存和检索密钥对的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!