Menu
I need to encrypt the some file which are created by the android native service written in C++. I have to use Keystore but I dont know how to use. is there any libraries or document?
519
I know the thread is old but maybe it will help someone in the future. The hints below refer to Android Keystore v3 and v4 (Oreo and Pie respectively).
Basically the HAL keystore (as described here) is wrapped in the keystore service. The service API mimics the interface described in IKeymasterDevice.hal. Instead of blob you can use a string alias for the key (e.g. "mySecretKey"). The service stores the keyblobs (raw key material + key parameters) to the file system. Default location is /data/misc/keystore/user_0/<uid>_<key_alias>.
Keystore service is also the layer which checks whether requesting process is allowed to use the key (based on process uid).
The communication with keystore service is done via binder interface (IPC). You may want to read more about it here.
AOSP contains reference client implementation here.
Example usage can be found in the stock CLI here
The AOSP comes with SW based keystore implementation which can be found here. By default the keyblob on AOSP builds are not encrypted.
Note that the stock keystore_cli_v2 does NOT provide support for key import. If you plan to encrypt the data offline (e.g. pycrypto) you must extend it. If you plan to do so remember that the keystore_client_impl.cpp is linked to libkeystore_binder.so and not the keystore_cli_v2.
For the asymmetric key ciphers you may export the public key component using the API.
194
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
