AndroidKeystore NoSuchAlgorithm exception

Question

I am trying to initialize a Cipher object for encryption and decryption.

String cipher = privateKey.getAlgorithm() + "/ECB/PKCS1Padding";
        mCipher = Cipher.getInstance(cipher, "AndroidKeyStore");

I keep getting the following exception on android:

    System.err: java.security.NoSuchAlgorithmException: Provider   AndroidKeyStore does not provide RSA/ECB/PKCS1Padding
   03-20 00:28:38.270 19817 21488 W System.err:     at javax.crypto.Cipher.getCipher(Cipher.java:357)
   03-20 00:28:38.270 19817 21488 W System.err:     at javax.crypto.Cipher.getInstance(Cipher.java:325)
   03-20 00:28:38.271 19817 21488 W System.err:     at javax.crypto.Cipher.getInstance(Cipher.java:297)

Answer 1

According to Google there is a bug in BouncyCastle that prevented them from installing their provider normally, so they used the provider name AndroidKeyStoreBCWorkaround when installing algorithms relating to AndroidKeyStore keys. See AOSP source here.

The following code will run on KitKat through Marshmallow, but I don't recommend it since Google says they will eliminate the work-around when it isn't needed any more:

Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidKeyStoreBCWorkaround");

Instead use the private key to get the Cipher, the Cipher class will find the correct compatible Cipher:

KeyStore ks = KeyStore.getInstance("AndroidKeyStore");
ks.load(null);

KeyStore.PrivateKeyEntry keyEntry = 
        (KeyStore.PrivateKeyEntry) ks.getEntry("mykeypair", null);
PrivateKey privKey = keyEntry.getPrivateKey();

Cipher c = Cipher.getInstance("RSA/ECB/PKCS1Padding");
c.init(Cipher.ENCRYPT_MODE, privKey);
byte[] cipherText = c.doFinal(clearText, 0, clearText.length);