Hi,
I am currently working on android application which is based on
Client-server architecture. For data security, I am using Public-Private
key pair for data encryption and signing. I am using AndroidKeyStore for
storing key pair. Below is the code to generate key pair :
KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder
(
mContext)
.setAlias(mPrivateKeyAlias)
.setSubject(new X500Principal("CN=" +
mPrivateKeyAlias))
.setSerialNumber(
BigInteger.valueOf(System.currentTimeMillis
()))
.setStartDate(start.getTime())
.setEndDate(end.getTime()).setKeySize(2048).build();
KeyPairGenerator kpGenerator = KeyPairGenerator.getInstance(
"RSA",
"AndroidKeyStore");
kpGenerator.initialize(spec);
// Key Pair will be saved in AndroidKeyStore
KeyPair pair = kpGenerator.generateKeyPair();
After executing this code, Keystore releated files (CERT and PKEY files)
will be generated at '/data/misc/keystore/user_0/' directory.
I am encrypting application sensitive data like auth-token and saving it to
Shared Pref for security reasons.
But now when user changes device password or pin, keystore files are
getting deleted as Masterkey used for keystore encryption is generated
using device credentials.
Now to fix this issue, I tried to keep Public-Private key pair in RAM and
when password gets changed. From onPasswordChanged(Context context, Intent
intent) method of DeviceAdminReceiver, I am executing below code :
KeyStore keyStore = KeyStore
.getInstance("AndroidKeyStore");
keyStore.load(null);
keyStore.setKeyEntry(mPrivateKeyAlias, mPrivateKey.getPrivateKey
(),
null, new Certificate[] { mPrivateKey.getCertificate()
});
But, after this code only CERT file gets created at
'/data/misc/keystore/user_0/' directory and while decryption using private
key, giving some invalid signature error.
Also, I have shared my public key with server, encrypted data with private
key, so creating new key pair would not be better solution.
So, how I can retain my public private key pair after device password
change ? If there is no work around, what is the exact use of
AndroidKeyStore? Where can I use it ?
Please help me.
--
You received this message because you are subscribed to the Google Groups
"Android Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/d/optout.
