encoded text of secretkey from keystore is null in android M

Question

I need to implement 256 bit AES encryption, I refer this- http://nelenkov.blogspot.jp/2015/06/keystore-redesign-in-android-m.html The KeyGenerator looks like this .

KeyGenerator keyGenerator = KeyGenerator
                    .getInstance(KeyProperties.KEY_ALGORITHM_AES,"AndroidKeyStore");
            KeyGenParameterSpec spec = new KeyGenParameterSpec.Builder(keyName,
                     KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)  

                     .setUserAuthenticationValidityDurationSeconds(5 *11160)
                     .build();
            keyGenerator.init(spec);
            SecretKey key1 =   keyGenerator.generateKey();

When I import encoded value of the key from keystore, it returns null to me.

KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
               keyStore.load(null); 
SecretKey key3 = (SecretKey) keyStore.getKey(keyName, null);
Log.d("Test MM",key3.getEncoded()+",");

I found null value of key3.getEncoded() in logcat.Please give me some suggestions.

Answer 1

Symmetric keys generated in the keystore are unexportable in Android M. So it works exactly as it is supposed to. You can still use the key with a Cipher to encrypt/decrypt, but you cannot get the raw key bytes. Generally you should need to either.