Hi, I have the same issue. How can you solve it? Thanks.
On Monday, March 17, 2014 5:41:59 PM UTC+2, dori wrote:
>
> Great tips thank you.
>
> The example app creates the keys like
>
> KeyPairGenerator kpGenerator = KeyPairGenerator.getInstance("RSA",
> "AndroidKeyStore");
>
> where "AndroidKeyStore" has been used in place of a provider name (im
> assuming this is the provider for key generation that can be backed by the
> hardware impl). How would I also declare that I want to use the
> AndroidOpenSSL provider here?
>
> Many thanks
>
> Dori
>
> On Monday, 17 March 2014 15:32:14 UTC, Nikolay Elenkov wrote:
>>
>> On Tue, Mar 18, 2014 at 12:20 AM, dori <[email protected]> wrote:
>>
>> >
>> > It seems that the cause for this not working in my app is because I has
>> > replace the default security provider with SC - with the following
>> >
>> > static {
>> > Security.insertProviderAt(new
>> > org.spongycastle.jce.provider.BouncyCastleProvider(), 1);
>> > }
>> >
>> > Which causes the key generation to fail on hardware backed devices -
>> this
>> > can be replication using the android sample project referenced above.
>> >
>>
>> If you absolutely have to do this for some reason, you need to explicitly
>> specify the AndroidOpenSSL provider when generating or using keys.
>>
>> Still better not to insert SC, but just add it to the provider registry
>> and
>> have your code use it explicitly, rather than depend on the current
>> provider order.
>>
>
--
You received this message because you are subscribed to the Google Groups
"Android Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/d/optout.
