Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Android: Store SecretKey in KeyStore

Tags:

android

encryption

keystore

android-keystore

secret-key

I use a SecretKey to encrypt sensitive data in my application. Currently I am storing my SecretKey in Base64 encoded format in DB or SharedPrefs which is not a safe place to store Secret on a rooted phone. Hence, I want to move my SecretKey to Android KeyStore. The problem I am facing is when I try this sample code from Google, it expects a PrivateKey instead of SecretKey. I couldn't figure out a way to store my SecretKey in KeyStore and fetch it for later use. I tried this:

private static void writeSecretKeyToKeystore(SecretKey secretKey, Context context) {
KeyStore keyStore = null;
try {
  keyStore = KeyStore.getInstance("AndroidKeyStore");
  keyStore.load(null);
  KeyStore.SecretKeyEntry secretKeyEntry = new KeyStore.SecretKeyEntry(secretKey);
  keyStore.setKeyEntry("Key", secretKeyEntry.getSecretKey().getEncoded(), null);
} catch (KeyStoreException e) {
  e.printStackTrace();
} catch (CertificateException e) {
  e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
  e.printStackTrace();
} catch (IOException e) {
  e.printStackTrace();
}

When I try above code, it throws an exception Operation not supported because encoding is unknown.

Any sample code would be of great help.

like image 254
Rajkiran Avatar asked Apr 19 '16 06:04

Rajkiran

People also ask

What can be stored in Android keystore?

The Android Keystore system lets you store cryptographic keys in a container to make them more difficult to extract from the device. Once keys are in the keystore, you can use them for cryptographic operations, with the key material remaining non-exportable.

Where are Android encryption keys stored?

The Android Key Store system lets you store cryptographic keys in a container to make it more difficult to extract from the device. Once keys are in the key store, they can be used for cryptographic operations with the key material remaining non-exportable.

Where do I put API key Android?

Go to the Google Maps Platform > Credentials page. On the Credentials page, click Create credentials > API key. The API key created dialog displays your newly created API key. Click Close.

1 Answers

WRONG
java.security.KeyStore can store both symmetric and asymmetric keys. You just need to instantiate KeyStore.SecretKeyEntry passing it your SecretKey in the constructor and then use the KeyStore#setEntry method to save it:

keyStore.setEntry(
     "key1",
     new KeyStore.SecretKeyEntry(secretKey),
     new KeyProtection.Builder(KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
             .setBlockMode(KeyProperties.BLOCK_MODE_GCM)
             .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
             .build());

To get it back out use:

SecretKey keyStoreKey = (SecretKey) keyStore.getKey("key1", null);

UPDATE
After some research I was surprised to find out, that AndroidKeyStore doesn't support symmetric keys. (see the discussion: https://groups.google.com/forum/#!topic/android-developers/gbmIRKRbfq8)

like image 168
dev.bmax Avatar answered Sep 19 '22 20:09

dev.bmax
Sign in to Comment

Related questions

Search view close icon appearing disabled rather than white
CREATE TABLE android_metadata failed when re-opening sqlcipher DB
Android - excluding an api key from github, where to store the api key in code?
Pass scroll event to another view
Android, DrawerLayout + Fragments + CollapsingToolbarLayout
Android - how to run a socket in a long lives background thread
Meaning of { *; } in ProGuard
How to Let Users Rate an Android App from inside the App (without redirecting to the Play Store)
How can I prevent my custom view drawing from being clipped by the view bounds?
Timeout for server request made using "Volley" only on Android not iOS
Android `templateMergeStrategy` in strings.xml
How to set an image's width and height when it's set in drawableLeft
How to mock MotionEvent and SensorEvent for Unit Testing in android?
Where should the android service calls and calls to GoogleAPIClient be written while using MVP pattern in android?
Size of ShareAction icon issue on ActionBar with ShareActionProvider-v7
Android app crashes with WIN DEATH after memory-intensive activity
How to support dpad controls for RecyclerView
Android Studio Theme editor not showing previews
Android Retrofit AES encrypt/decrypt POST and Response
Native crashes received in Samsung devices only with Lollipop 5.0 & 5.1 versions

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!