无法提取Android KeyStore私有指数 [英] Android KeyStore private exponent cannot be extracted
问题描述
我想在Android Keystore中生成RSA密钥对。由于Android 4.3应该可以在Android系统Keystore中生成RSA密钥。
I want to generate a RSA keypair in the Android Keystore. Since Android 4.3 is should be possible to generate RSA keys in the Android system Keystore.
我生成我的RSA密钥(工作正常)
I generate my RSA key by (works fine)
Calendar notBefore = Calendar.getInstance();
Calendar notAfter = Calendar.getInstance();
notAfter.add(1, Calendar.YEAR);
KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(ctx)
.setAlias("key")
.setSubject(
new X500Principal(String.format("CN=%s, OU=%s",
"key", ctx.getPackageName())))
.setSerialNumber(BigInteger.ONE)
.setStartDate(notBefore.getTime())
.setEndDate(notAfter.getTime()).build();
KeyPairGenerator kpg;
kpg = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
kpg.initialize(spec);
KeyPair kp = kpg.genKeyPair();
publicKey = kp.getPublic();
privateKey = kp.getPrivate();
我的RSA加密看起来像(也适用):
my RSA encryption looks like (works also):
public static byte[] RSAEncrypt(final byte[] plain)
throws NoSuchAlgorithmException, NoSuchPaddingException,
InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
Cipher cipher = Cipher.getInstance("RSA");
System.out.println("RSA Encryption key: " + publicKey.getAlgorithm());
System.out.println("RSA Encryption key: " + publicKey.getEncoded());
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] encryptedBytes = cipher.doFinal(plain);
return encryptedBytes;
}
解密:
public static byte[] RSADecrypt(final byte[] encryptedBytes)
throws NoSuchAlgorithmException, NoSuchPaddingException,
InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
Cipher cipher1 = Cipher.getInstance("RSA");
System.out.println("RSA Encryption key: " + privateKey.getAlgorithm());
System.out.println("RSA Encryption key: " + privateKey.getEncoded());
cipher1.init(Cipher.DECRYPT_MODE, privateKey);
byte[] decryptedBytes = cipher1.doFinal(encryptedBytes);
return decryptedBytes;
}
在解密函数中,我收到以下错误消息(当privateKey被编码时,并在cipher1.init()):
In the decryption function i get the following error message(when the privateKey is encoded, and in cipher1.init()):
12-12 21:49:40.338: E/AndroidRuntime(20423): FATAL EXCEPTION: main
12-12 21:49:40.338: E/AndroidRuntime(20423): java.lang.UnsupportedOperationException: private exponent cannot be extracted
12-12 21:49:40.338: E/AndroidRuntime(20423): at org.apache.harmony.xnet.provider.jsse.OpenSSLRSAPrivateKey.getPrivateExponent(OpenSSLRSAPrivateKey.java:143)
我不明白。是否无法在Android KeyStore中生成RSA密钥?任何人都可以向我提供在Android KeyStore中生成RSA密钥并使用私钥解密的示例。
I don't get it. Is it not possible to generate a RSA key in the Android KeyStore? Can anyone provide me with an example of generating a RSA key in the Android KeyStore and decrypt with the private Key.
非常感谢提前!
推荐答案
根据代码,我认为OpenSSL提供程序可以防止在密钥生成到设备中时导出私有指数。
According to the code, I think that the OpenSSL provider prevents the private exponent to be exported when the key has been generated into the device.
@Override
public final BigInteger getPrivateExponent() {
if (key.isEngineBased()) {
throw new UnsupportedOperationException("private exponent cannot be extracted");
}
ensureReadParams();
return privateExponent;
}
因此,您可能需要指定要使用相同的加密提供程序检索密码实例时。此提供程序支持这些RSA密码:
Thus, you probably need to specify that you want to use the same crypto provider when retrieving the cipher instance. This provider supports these RSA ciphers:
- RSA / ECB / NoPadding
- RSA / ECB / PKCS1Padding
你应该用这种方式创建一个密码实例:
You should create an instance of the cipher this way:
Cipher cipher1 = Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidOpenSSL");
这篇关于无法提取Android KeyStore私有指数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!