问题

对于我的应用程序，我创建了一个AES密钥，并且想要检查该密钥是否存储在安全硬件内部。我通过谷歌搜索找到了一个关于RSA的示例，但我认为这不应该影响。下面是我找到的RSA示例：

```java
final KeyGenerator keyGenerator = KeyGenerator
        .getInstance(KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore");

final KeyGenParameterSpec keyGenParameterSpec = new KeyGenParameterSpec.Builder("key_alias",
        KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
        .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
        .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
        .build();

keyGenerator.init(keyGenParameterSpec);
final SecretKey secretKey = keyGenerator.generateKey();

final Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, secretKey);

KeyFactory keyFactory = KeyFactory.getInstance(secretKey.getAlgorithm(), "AndroidKeyStore");
KeyInfo keyInfo = keyFactory.getKeySpec(secretKey, KeyInfo.class);
keyInfo.isInsideSecureHardware();

然而，第一行代码返回了一个no such algorithm: AES for provider AndroidKeyStore异常。但是，理论上来说，检查AES密钥是否位于安全硬件内部也是可能的，对吗？

从理论上讲，我可以使用非对称加密，因为我只想对一小段数据进行加密/解密，但我仍然更喜欢使用对称加密。

你们有什么想法吗？

编辑：添加了进一步的实现细节。

<details>
<summary>英文:</summary>

For my application, I create an AES key and want to check whether said key is stored inside the Secure Hardware. I googled and found an example for RSA, but figured it shouldn&#39;t matter. Below is the RSA example I found:

final KeyGenerator keyGenerator = KeyGenerator
.getInstance(KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore");

final KeyGenParameterSpec keyGenParameterSpec = new KeyGenParameterSpec.Builder("key_alias",
KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_GCM)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
.build();

keyGenerator.init(keyGenParameterSpec);
final SecretKey secretKey = keyGenerator.generateKey();

final Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, secretKey);

KeyFactory keyFactory = KeyFactory.getInstance(secretKey.getAlgorithm(), "AndroidKeyStore");
KeyInfo keyInfo = keyFactory.getKeySpec(secretKey, KeyInfo.class);
keyInfo.isInsideSecureHardware();

However, the very first line returns a `no such algorithm: AES for provider AndroidKeyStore` exception. But shouldn't it be possible to check if an AES key is inside the secure hardware for AES as well?

Theoretically I could use asymmetric encryption, since it is only a small snippet of data I want to en/decrypt but I would still prefer if I could use symmetric encryption.

Do you guys have an idea?

Edit: Added further implementation details.

</details>


# 答案1
**得分**: 0

为了获取对称密钥的KeyInfo，需要以下代码：

```java
SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(secretKey.getAlgorithm(), "AndroidKeyStore");
KeyInfo keyInfo = (KeyInfo) secretKeyFactory.getKeySpec(secretKey, KeyInfo.class);

SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(secretKey.getAlgorithm(), "AndroidKeyStore");
KeyInfo keyInfo = (KeyInfo) secretKeyFactory.getKeySpec(secretKey, KeyInfo.class);