Android:检查密钥是否位于安全硬件中

huangapple
go评论125阅读模式
英文:

Android: Check if Key is in Secure Hardware

问题

  1. 对于我的应用程序,我创建了一个AES密钥,并且想要检查该密钥是否存储在安全硬件内部。我通过谷歌搜索找到了一个关于RSA的示例,但我认为这不应该影响。下面是我找到的RSA示例:
  3. ```java
  4. final KeyGenerator keyGenerator = KeyGenerator
  5.         .getInstance(KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore");
  7. final KeyGenParameterSpec keyGenParameterSpec = new KeyGenParameterSpec.Builder("key_alias",
  8.         KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
  9.         .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
  10.         .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
  11.         .build();
  13. keyGenerator.init(keyGenParameterSpec);
  14. final SecretKey secretKey = keyGenerator.generateKey();
  16. final Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
  17. cipher.init(Cipher.ENCRYPT_MODE, secretKey);
  19. KeyFactory keyFactory = KeyFactory.getInstance(secretKey.getAlgorithm(), "AndroidKeyStore");
  20. KeyInfo keyInfo = keyFactory.getKeySpec(secretKey, KeyInfo.class);
  21. keyInfo.isInsideSecureHardware();

然而,第一行代码返回了一个no such algorithm: AES for provider AndroidKeyStore异常。但是,理论上来说,检查AES密钥是否位于安全硬件内部也是可能的,对吗?

从理论上讲,我可以使用非对称加密,因为我只想对一小段数据进行加密/解密,但我仍然更喜欢使用对称加密。

你们有什么想法吗?

编辑:添加了进一步的实现细节。

  2. <details>
  3. <summary>英文:</summary>
  5. For my application, I create an AES key and want to check whether said key is stored inside the Secure Hardware. I googled and found an example for RSA, but figured it shouldn&#39;t matter. Below is the RSA example I found:

final KeyGenerator keyGenerator = KeyGenerator
.getInstance(KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore");

final KeyGenParameterSpec keyGenParameterSpec = new KeyGenParameterSpec.Builder("key_alias",
KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_GCM)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
.build();

keyGenerator.init(keyGenParameterSpec);
final SecretKey secretKey = keyGenerator.generateKey();

final Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, secretKey);

KeyFactory keyFactory = KeyFactory.getInstance(secretKey.getAlgorithm(), "AndroidKeyStore");
KeyInfo keyInfo = keyFactory.getKeySpec(secretKey, KeyInfo.class);
keyInfo.isInsideSecureHardware();

  2. However, the very first line returns a `no such algorithm: AES for provider AndroidKeyStore` exception. But shouldn&#39;t it be possible to check if an AES key is inside the secure hardware for AES as well?
  4. Theoretically I could use asymmetric encryption, since it is only a small snippet of data I want to en/decrypt but I would still prefer if I could use symmetric encryption.
  6. Do you guys have an idea?
  8. Edit: Added further implementation details.
  10. </details>
  13. # 答案1
  14. **得分**: 0
  16. 为了获取对称密钥的KeyInfo,需要以下代码:
  18. ```java
  19. SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(secretKey.getAlgorithm(), "AndroidKeyStore");
  20. KeyInfo keyInfo = (KeyInfo) secretKeyFactory.getKeySpec(secretKey, KeyInfo.class);
英文:

In order to get KeyInfo for a symmetric key, the following code is needed:

  1. SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(secretKey.getAlgorithm(), &quot;AndroidKeyStore&quot;);
  2. KeyInfo keyInfo = (KeyInfo) secretKeyFactory.getKeySpec(secretKey, KeyInfo.class);

huangapple
  • 本文由 发表于 2020年9月3日 23:29:49
  • 转载请务必保留本文链接:https://go.coder-hub.com/63726912.html
  • aes
  • android
  • encryption
  • java
  • tee
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定