在 AndroidKeystore 中保存和检索密钥对 [英] Save and Retrieve KeyPair in AndroidKeystore

查看:75
本文介绍了在 AndroidKeystore 中保存和检索密钥对的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我需要生成一个 RSA 2048 密钥对,然后保存它,如果存在则恢复它.

I need to generate a RSA 2048 Keypair, then save it, and recover it if it exists.

此刻,我有这个:

SecureRandom random = new SecureRandom();
RSAKeyGenParameterSpec spec = new RSAKeyGenParameterSpec(keySize, RSAKeyGenParameterSpec.F4);
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA", "SC");
generator.initialize(spec, random);
return generator.generateKeyPair();

这很完美,但现在我尝试从 Android Keystore 中保存并获取它,但我没有实现.我试过了:

This works perfect, but now I tried to save and take it from Android Keystore, but I'm not achieving it. I tryed:

String alias = "TESTINGKEY";
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null);
if (!keyStore.containsAlias(alias)) {
    SecureRandom random = new SecureRandom();
    RSAKeyGenParameterSpec spec = new RSAKeyGenParameterSpec(keySize, RSAKeyGenParameterSpec.F4);
    KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA", "SC");
    generator.initialize(spec, random);
    return generator.generateKeyPair();
} else {
    Key key = keyStore.getKey(alias, null);
    if (key instanceof PrivateKey) {
        Certificate cert = keyStore.getCertificate(alias);
        return new KeyPair(cert.getPublicKey(), (PrivateKey) key);
    } else {
        return null;
    }
}

但工作不正常,因为在第二次运行应用程序时,密钥库不包含密钥对.

But is not working right, because at the second run of the app, the keystore don't contains the Keypair.

https://developer.android.com/training/文章/keystore.html?hl=es 我看到KeyGenParameterSpec,构建器有一个别名"值,但 RSAKeyGenParameterSpec 没有.

In https://developer.android.com/training/articles/keystore.html?hl=es I saw that the KeyGenParameterSpec, the builder have a "alias" value, but int the RSAKeyGenParameterSpec don't.

如何保存?

推荐答案

使用 AndroidKeyStore 需要使用 KeyGenParameterSpec.Builder 来生成密钥.也使用 AndroidKeyStore 而不是 SC.您可以使用以下代码

With AndroidKeyStore is needed to use KeyGenParameterSpec.Builder to generate the keys. Also use AndroidKeyStore instead of SC. You can use the following code

生成密钥 (Android>=23)

KeyPairGenerator kpg = KeyPairGenerator.getInstance(
                KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore");

kpg.initialize(new KeyGenParameterSpec.Builder(
                alias,
                KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY)
                .setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512)
                .setKeySize(keySize)
                .build());

KeyPair keyPair = kpg.generateKeyPair();

加载密钥

KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
keyStore.load(null);
KeyStore.Entry entry = keyStore.getEntry(alias, null);
PrivateKey privateKey = ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
PublicKey publicKey = keyStore.getCertificate(alias).getPublicKey();

这篇关于在 AndroidKeystore 中保存和检索密钥对的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
移动开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆