I have recently started seeing this error in devices.
java.security.InvalidKeyException: Only SecretKey is supported
at com.android.org.conscrypt.OpenSSLCipher.checkAndSetEncodedKey(OpenSSLCipher.java:436)
at com.android.org.conscrypt.OpenSSLCipher.engineInit(OpenSSLCipher.java:273)
at javax.crypto.Cipher.tryTransformWithProvider(Cipher.java:2664)
at javax.crypto.Cipher.tryCombinations(Cipher.java:2575)
at javax.crypto.Cipher$SpiAndProviderUpdater.updateAndGetSpiAndProvider(Cipher.java:2480)
at javax.crypto.Cipher.chooseProvider(Cipher.java:567)
at javax.crypto.Cipher.init(Cipher.java:975)
at javax.crypto.Cipher.init(Cipher.java:910)
From https://github.com/justinsb/android-libcore/blob/master/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLCipher.java#L232 exception is thrown when:
if (!(key instanceof SecretKey)) {
throw new InvalidKeyException("Only SecretKey is supported");
}
I always get my SecretKey from store like this:
SecretKey key = (SecretKey) keyStore.getKey(KEY_NAME, null);
Any idea what is going on?
This happens if key is null.
I had a similar issue, was just a bug in my code which prevented from correctly reading the key. So null was passed in Cipher.init() and caused this message.
Generate Secret Key with Key_Generator Object.
For example:
Initialize SecretKeyObject as Global
SecretKey secretKeyObject;
Initialize the Key Generator Object by:
KeyGenerator keyGeneratorObject = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES,"AndroidKeyStore");
keyStoreObject.load(null);
keyGeneratorObject.init(new KeyGenParameterSpec.Builder(key_name,KeyProperties.PURPOSE_ENCRYPT|KeyProperties.PURPOSE_DECRYPT).setBlockModes(KeyProperties.BLOCK_MODE_CBC).setUserAuthenticationRequired(true)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_PKCS7).build());
secretKeyObject = keyGeneratorObject.generateKey();
And then
cipherObject.init(Cipher.ENCRYPT_MODE, secretKeyObject);
This Worked For me.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With