java - 我可以在 Android 上使用 Bouncy CaSTLe Keystore.UBER 吗？

Question

根据 Bouncy CaSTLe 文档，KeyStore 有三种实现方式:

The Bouncy Castle package has three implementation of a keystore.

The first "BKS" is a keystore that will work with the keytool in the same fashion as the Sun "JKS" keystore. The keystore is resistent to tampering but not inspection.

> The second, Keystore.BouncyCastle, or Keystore.UBER will only work with the keytool if the password is provided on the command line, as the entire keystore is encrypted with a PBE based on SHA1 and Twofish. PBEWithSHAAndTwofish-CBC. This makes the entire keystore resistant to tampering and inspection, and forces verification. The Sun JDK provided keytool will attempt to load a keystore even if no password is given, this is impossible for this version. (One might wonder about going to all this trouble and then having the password on the command line! New keytool anyone?).

In the first case, the keys are encrypted with 3-Key-TripleDES.

The third is a PKCS12 compatible keystore. PKCS12 provides a slightly different situation from the regular key store, the keystore password is currently the only password used for storing keys. Otherwise it supports all the functionality required for it to be used with the keytool. In some situations other libraries always expect to be dealing with Sun certificates, if this is the case use PKCS12-DEF, and the certificates produced by the key store will be made using the default provider. In the default case PKCS12 uses 3DES for key protection and 40 bit RC2 for protecting the certificates. It is also possible to use 3DES for both by using PKCS12-3DES-3DES or PKCS12-DEF-3DES-3DES as the KeyStore type.

我在 Internet 上找不到任何关于此的有趣信息，似乎没有人使用它。

是否可以在 Android 上使用 Keystore.BouncyCaSTLe 或 Keystore.UBER？如何获取实例？ KeyStore.getInstance("UBER","BC"); ?它适用于所有 android 版本吗？

Answer 1

是的，可以使用，通过以下方式获取实例:

KeyStore.getInstance("UBER", "SC");

在普通的 java 代码中，这里应该是“BC”(BouncyCaSTLe)提供者，但是在 Android 上使用的是 SpongyCaSTLe，所以我们需要把“SC”放在这里。