Android:检查密钥是否位于安全硬件中

huangapple go评论101阅读模式
英文:

Android: Check if Key is in Secure Hardware

问题

对于我的应用程序,我创建了一个AES密钥,并且想要检查该密钥是否存储在安全硬件内部。我通过谷歌搜索找到了一个关于RSA的示例,但我认为这不应该影响。下面是我找到的RSA示例:

```java
final KeyGenerator keyGenerator = KeyGenerator
        .getInstance(KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore");

final KeyGenParameterSpec keyGenParameterSpec = new KeyGenParameterSpec.Builder("key_alias",
        KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
        .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
        .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
        .build();

keyGenerator.init(keyGenParameterSpec);
final SecretKey secretKey = keyGenerator.generateKey();

final Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, secretKey);

KeyFactory keyFactory = KeyFactory.getInstance(secretKey.getAlgorithm(), "AndroidKeyStore");
KeyInfo keyInfo = keyFactory.getKeySpec(secretKey, KeyInfo.class);
keyInfo.isInsideSecureHardware();

然而,第一行代码返回了一个no such algorithm: AES for provider AndroidKeyStore异常。但是,理论上来说,检查AES密钥是否位于安全硬件内部也是可能的,对吗?

从理论上讲,我可以使用非对称加密,因为我只想对一小段数据进行加密/解密,但我仍然更喜欢使用对称加密。

你们有什么想法吗?

编辑:添加了进一步的实现细节。


<details>
<summary>英文:</summary>

For my application, I create an AES key and want to check whether said key is stored inside the Secure Hardware. I googled and found an example for RSA, but figured it shouldn&#39;t matter. Below is the RSA example I found:

final KeyGenerator keyGenerator = KeyGenerator
.getInstance(KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore");

final KeyGenParameterSpec keyGenParameterSpec = new KeyGenParameterSpec.Builder("key_alias",
KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_GCM)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
.build();

keyGenerator.init(keyGenParameterSpec);
final SecretKey secretKey = keyGenerator.generateKey();

final Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, secretKey);

KeyFactory keyFactory = KeyFactory.getInstance(secretKey.getAlgorithm(), "AndroidKeyStore");
KeyInfo keyInfo = keyFactory.getKeySpec(secretKey, KeyInfo.class);
keyInfo.isInsideSecureHardware();


However, the very first line returns a `no such algorithm: AES for provider AndroidKeyStore` exception. But shouldn&#39;t it be possible to check if an AES key is inside the secure hardware for AES as well?

Theoretically I could use asymmetric encryption, since it is only a small snippet of data I want to en/decrypt but I would still prefer if I could use symmetric encryption.

Do you guys have an idea?

Edit: Added further implementation details.

</details>


# 答案1
**得分**: 0

为了获取对称密钥的KeyInfo,需要以下代码:

```java
SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(secretKey.getAlgorithm(), "AndroidKeyStore");
KeyInfo keyInfo = (KeyInfo) secretKeyFactory.getKeySpec(secretKey, KeyInfo.class);
英文:

In order to get KeyInfo for a symmetric key, the following code is needed:

SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(secretKey.getAlgorithm(), &quot;AndroidKeyStore&quot;);
KeyInfo keyInfo = (KeyInfo) secretKeyFactory.getKeySpec(secretKey, KeyInfo.class);

huangapple
  • 本文由 发表于 2020年9月3日 23:29:49
  • 转载请务必保留本文链接:https://go.coder-hub.com/63726912.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定