Transfer PrivateKey from KeyStore, use in OpenSSL with JNI

Question

I have Android application which using WebRTC. All works perfect. But now, main problem, with encryption.

For making call and transfer data, WebRTC creates and uses a single KeyPair for every call. But I want to use custom KeyPair from AndroidKeyStore. For this problem I need to send own KeyPair to OpenSSL shared object to work.

The fix will be in NATIVE OpenSSL code, where WebRTC is getting OpenSSL context for encryption data using this function (opensslidnetity.cc):

bool OpenSSLIdentity::ConfigureIdentity
{
    ...
}

How transfer PK from AndroidKeyStore to WebRTC native code? Another case, how set custom PK for WebRTC encryption work?

---

AndroidKeyStore

In Java I can open the KeyStore (AndroidKeyStore) and get the public key - which ready to transfer (has bytes of key with method - getEncoded()). Also I can get private Key for encryption data, but I can't send this key in bytes, because getEncoded() return null. In this case, I thought, I can get PublicKey and PrivateKey and save them in bytes array. And after, call prepared methods in native code.

---

UPDATE: There is something similar located in google.source.chromium. Where they get key from Android KeyStore and creating OpenSSL context in native code. Native class for getting and using AndroidKeyStore for TLS - Link 1 and Link 2.

Answer 1

Android Keystore does not expose the key material of private or secret keys, by design (see https://developer.android.com/training/articles/keystore.html). You options are:

• Present Android Keystore PrivateKey + Signature or Cipher as OpenSSL EVP_PKEY.

• Don't use Android Keystore. Perhaps you don't need the additional protections it offered compared to storing private keys inside your process?