How to store modulus, public exponent and private exponent securely on Android?

Question

I have given modulus, public exponent and private exponent and I need to store those values securely on Android. How can I achieve that?

Most examples are creating public and private keys without getting n,d,e parameters. I have given those n,e,d values and want to store them securely and then use those values to create my ICC Public Key Certificate and also to sign my dynamic data.

How can I achieve that?

Answer 1

Use the Keystore System.

setEntry() allows you to store any object implementing KeyStore.Entry. You can simply implement your own subtype if you need to store data that doesn't fit the defaults. (There's RSAPrivateCrtKey though, which you can store in a PrivateKeyEntry.)

Answer 2

Probably, the only secure storage on an Android device would be Android Keystore System.

Key material never enters the application process.

and

Key material may be bound to the secure hardware.

(see http://developer.android.com/training/articles/keystore.html)

The problem with it is that you are restricted in what you can store in it. The KeyChain class allows you to store private keys and certificate chains. While, the Keystore Provider supports the following types of entries: PrivateKeyEntry, SecretKeyEntry, TrustedCertificateEntry according to docs. In practice, trying to put an instance of SecretKeyEntry causes an exception.

I suggest putting two entries in the keystore.

1. KeyStore.PrivateKeyEntry that you can instantiate given a PrivateKey (generated from the modulus and the private exponent using RSAPrivateKeySpec in conjunction with KeyFactory)
2. KeyStore.TrustedCertificateEntry with your self signed certificate, which you would have to pre-generate using java keytool and load at runtime from assets. It is not supposed to be secret by definition.