Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Android Keystore Type which one should I choose?

I want to store secure data in a keystore. Therefore I use

KeyStore store = KeyStore.getInstance("JCEKS");

But Android seems to not know "JCEKS".

04-18 10:52:17.236: WARN/System.err(474): java.security.KeyStoreException: KeyStore JCEKS implementation not found

Trying JKS gives the same error. What algorithm is good to use it on android?

like image 939
Till Avatar asked Apr 18 '11 09:04

Till


People also ask

What is the default keystore type?

jks file, the default keystore type is PKCS12. The following example shows a minimal SSL configuration. The default PKCS12 keystore is created in the resources/security directory as the key. p12 file when the server starts.

How do I know my keystore type?

By looking at the file java. security of my JRE , I see that the keystore type to use by default is set to JKS . Here, there is a list of the keystore types that can be used.

What is JKS and PKCS12?

The default format used for these files was JKS until Java 8. Since Java 9, the default keystore format is PKCS12. The biggest difference between JKS and PKCS12 is that JKS is a format specific to Java, while PKCS12 is a standardized and language-neutral way of storing encrypted private keys and certificates.

What are the different keystore types?

Note: KeyStore Explorer supports five KeyStore types: JKS, JCEKS, PKCS #12, BKS and UBER.


2 Answers

Android seems to be using bouncycastle provider. This is the default provider that, the api returns. To be sure which one is available as default on the device use KeyStore.getDefaultType().

In my case this returned 'BKS'. Also there seems to be an exception when there is a '.' character in the keystore file path.

when I stored the store to a folder with the name of my package (as recommended in the Android documentation), it resulted in an exception.

you may like to check this also.

like image 157
Harisankar Krishna Swamy Avatar answered Sep 27 '22 19:09

Harisankar Krishna Swamy


Did you load the keystore before you tried to access it? Did the error message happen right at the getInstance instruction?

Some googling has said that "PKCS12" worked for a few people, give that a go.

like image 23
Daisetsu Avatar answered Sep 27 '22 18:09

Daisetsu