android-keystore
Android 9 – KeyStore exception android.os.ServiceSpecificException
Finally I found a solution. It looks like since Android P (KeyStore.PrivateKeyEntry) keyStore.getEntry(“alias”, null) is not a proper way to get private key. I was able to get rid of this warning by accessing private/public key this way KeyStore keyStore = KeyStore.getInstance(“AndroidKeyStore”); keyStore.load(null); PrivateKey privateKey = (PrivateKey) keyStore.getKey(“alias”, null); PublicKey publicKey = keyStore.getCertificate(“alias”).getPublicKey();
Android Keystore Error “could not generate key in keystore”
public class EncryptionApi18AndAbove{ private Context context; private KeyStore keyStore; private static String alias = “alias”; public EncryptionApi18AndAbove(Context context) { this.context = context; try { keyStore = KeyStore.getInstance(“AndroidKeyStore”); keyStore.load(null); } catch (Exception e) { // bla bla } } private String createNewKeys(String alias, Context context) { try { if (!keyStore.containsAlias(alias)) { Calendar start = Calendar.getInstance(); Calendar … Read more
Android Fingerprint API Encryption and Decryption
I found the final piece of the puzzle on the Android Issue Tracker, another known bug causes the unrestricted PublicKey to be incompatible with the Cipher when using OAEP. The work around is to add a new OAEPParameterSpec to the Cipher upon initialization: OAEPParameterSpec spec = new OAEPParameterSpec( “SHA-256”, “MGF1”, MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT); mCipher.init(opmode, unrestricted, spec); … Read more
Android keystore password change
If you are using the same keystore for signing your application before pushing it to the play store, it should be fine. Changing Keystore’s password or alias password doesn’t affect the way it is used to generate the signed apk. In order to update the password using keytool: Open cmd prompt Browse to the location … Read more
Is there any reason I shouldn’t store my keystore in version control?
Anyone with read access to your Git repo will get the private key. This is considered a security issue and for that reason it is not recommended. If your GIT repo is completely private meaning no one but you has access to it (NOT A private repo on i.e. GitHub, but rather git repo on … Read more
AndroidKeyStore KeyPairGenerator Crashes On Small Number of Devices
you must have to try this one… “SHA-256” instead of “SHA-1” setDigests(“SHA-256”)
Chain is null when retrieving private key
I believe you are simply facing Keystore bugs. See this article for example: Android Security: The Forgetful Keystore. There are also numberous bug reports in Android tracker related to keystore, like AndroidKeyStore deleted after changing screen lock type.
How Can I Use the Android KeyStore to securely store arbitrary strings?
I started with the premise that I could use AndroidKeyStore to secure arbitrary blobs of data, and call them “keys”. However, the deeper I delved into this, the clearer it became that the KeyStore API is deeply entangled with Security-related objects: Certificates, KeySpecs, Providers, etc. It’s not designed to store arbitrary data, and I don’t … Read more
Warning: Different store and key passwords not supported for PKCS12 KeyStores. Ignoring user-specified -keypass value. in Android Studio
This is a known issue with Android Studio 4.2. It runs on JDK11 which has this limitation. Google’s own documentation on app signing states that the key password “should be different from the password you chose for your keystore” so I’m guessing they intend to fix this at some point.