android-keystore | Direct access to Android 's credential storage | Encryption library
kandi X-RAY | android-keystore Summary
kandi X-RAY | android-keystore Summary
Direct access to Android’s credential storage (keystore). Sample code for the Storing application secrets in Android’s credential storage blog post: Accesses the credential storage directly using a private API. Not guaranteed to work on all Android versions, but tested with 2.1 to 4.0. 2013/8/21: updated for Android 4.3. Blog post: 2014/1/16: updated for Android 4.4. Major changes in Android are support for EC and DSA keys. Added ECDSA sign/verify sample.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- On click on keystore
- Executes the remote command
- Verify the signed string
- Signs the given string with the specified key alias
- Initialize the activity
- Finds all views
- Returns an instance of KeyStore
- Generates the seed for the process
- Updates the state of the keystore
- Display keystore state
- Create a sha512 encryption block
- Pads a key - value into a byte array
- Processes a block
- Converts the output into a byte array
- Test keystore
- Toggles the controls
- Initializes the cipher
- Get build fingerprint and serial number
- Copy the encrypted state to the encrypted state
- List available algorithms
- Returns the last modification time for the given key
- Create an RSA public key from a byte array
- Unlock a key
- Returns the key type corresponding to the given algorithm type
android-keystore Key Features
android-keystore Examples and Code Snippets
Community Discussions
Trending Discussions on android-keystore
QUESTION
I just inherited an old project, which created back in 2013.
The Keystore is probably created with jdk 7.
When I try to generate the APK in Android studio, an exception is thrown:
Cannot load key store: Unable to initialize, java.io.IOException: DerInputStream.getLength(): Redundant length bytes found
What I tried is:
- Convert the Keystore to pk12 - Here I'm getting the same exception as above
- Open the keystore in KeyStore Explorer - Not working either, I'm unable to view the key
- I also tried to contact google (play store support), but they respond with "our team isn’t trained to provide technical support for key."
Related posts:
Android keystore corrupted
Unable to open keystore in AndroidStudio - "Redundant length bytes found"
I have no idea what to do next.
The only thing that works is by manually sign an unsigned apk in terminal.
This solution is not optimal.
Furthermore, it only works when using an old jdk version (jdk1.7.0_80 in this case)
So I cannot use this solution for a long term.
ANSWER
Answered 2021-Mar-03 at 09:00This might help you. Here is the same case of keystore generated on JDK 7 unable to read with JDK 8.
https://forum.unity.com/threads/keystore-generated-on-jdk-7-unable-to-read-with-jdk-8.460020/
QUESTION
For an app that signs data to be sent to a server, I'm researching ways to protect the private key used for signing. This private key's material should ideally never be exposed to the app and signing should be done in Android's trusted execution environment (TEE).
The app needs to protect access to the key by biometrics OR an app-password. App-password instead of device PIN/pattern/password because I can impose limits on the strength while device PIN/pattern/password may be weak.
When another biometric fingerprint/face was added, the app would alert the user and require the app-password to either sign data and allow re-enabling biometrics. The app-password would act as fallback and also authorization for users who do not want to use biometrics on their devices.
Target platform would be Android 8 and above.
I learned from here that the protection of the key material using biometrics is (relatively) straight forward:
- Create the key using keystore instance "AndroidKeyStore"
- Use
setUserAuthenticationRequired(true)
to protect the private key with biometric prompt. - Use
setUserAuthenticationValidityDurationSeconds(-1)
on the key to avoid allowing access to the key with a (potentially weak) device pattern/password/pin. - Use
setInvalidatedByBiometricEnrollment(true)
to invalidate the key when
another fingerprint/face is enrolled to devices biometrics. - Finally, use the CryptoObject in the
onAuthenticationSucceded
callback to sign data.
The key material is never directly exposed to the app and sits nicely protected in the TEE.
Now to the part of protecting the private key using an app-password - I got struck there: Is there a way to password-protect the key (so we have a non-biometric fallback) AND have similar protection properties, i.e. private key material stays in secure TEE KeyStore and is not exposed to the app?
...ANSWER
Answered 2020-May-22 at 16:14You can't do that, as that key-store has no passwords. The only option you'd have is to add 2 keys (they'd likely need to same key material); one with setUserAuthenticationRequired(true)
and the other with setUserAuthenticationRequired(false)
...else you'd always need to provide biometric authentication to proceed, as this flag is not optional once set.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install android-keystore
You can use android-keystore like any standard Java library. Please include the the jar files in your classpath. You can also use any IDE and you can run and debug the android-keystore component as you would do with any other Java program. Best practice is to use a build tool that supports dependency management such as Maven or Gradle. For Maven installation, please refer maven.apache.org. For Gradle installation, please refer gradle.org .
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page