我想在 Android Keystore 中生成一个 RSA key 对。由于 Android 4.3 应该可以在 Android 系统 Keystore 中生成 RSA key 。
我通过(工作正常)生成我的 RSA key
Calendar notBefore = Calendar.getInstance();
Calendar notAfter = Calendar.getInstance();
notAfter.add(1, Calendar.YEAR);
KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(ctx)
.setAlias("key")
.setSubject(
new X500Principal(String.format("CN=%s, OU=%s",
"key", ctx.getPackageName())))
.setSerialNumber(BigInteger.ONE)
.setStartDate(notBefore.getTime())
.setEndDate(notAfter.getTime()).build();
KeyPairGenerator kpg;
kpg = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
kpg.initialize(spec);
KeyPair kp = kpg.genKeyPair();
publicKey = kp.getPublic();
privateKey = kp.getPrivate();
我的 RSA 加密看起来像(也有效):
public static byte[] RSAEncrypt(final byte[] plain)
throws NoSuchAlgorithmException, NoSuchPaddingException,
InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
Cipher cipher = Cipher.getInstance("RSA");
System.out.println("RSA Encryption key: " + publicKey.getAlgorithm());
System.out.println("RSA Encryption key: " + publicKey.getEncoded());
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] encryptedBytes = cipher.doFinal(plain);
return encryptedBytes;
}
解密:
public static byte[] RSADecrypt(final byte[] encryptedBytes)
throws NoSuchAlgorithmException, NoSuchPaddingException,
InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
Cipher cipher1 = Cipher.getInstance("RSA");
System.out.println("RSA Encryption key: " + privateKey.getAlgorithm());
System.out.println("RSA Encryption key: " + privateKey.getEncoded());
cipher1.init(Cipher.DECRYPT_MODE, privateKey);
byte[] decryptedBytes = cipher1.doFinal(encryptedBytes);
return decryptedBytes;
}
在解密函数中,我收到以下错误消息(当对私钥进行编码时,在 cipher1.init() 中):
12-12 21:49:40.338: E/AndroidRuntime(20423): FATAL EXCEPTION: main
12-12 21:49:40.338: E/AndroidRuntime(20423): java.lang.UnsupportedOperationException: private exponent cannot be extracted
12-12 21:49:40.338: E/AndroidRuntime(20423): at org.apache.harmony.xnet.provider.jsse.OpenSSLRSAPrivateKey.getPrivateExponent(OpenSSLRSAPrivateKey.java:143)
我不明白。 Android KeyStore 中无法生成 RSA key 吗?谁能给我提供一个在 Android KeyStore 中生成 RSA key 并使用私钥解密的示例。
非常感谢!
最佳答案
根据 the code ,我认为当 key 生成到设备中时,OpenSSL 提供程序会阻止导出私有(private)指数。
@Override
public final BigInteger getPrivateExponent() {
if (key.isEngineBased()) {
throw new UnsupportedOperationException("private exponent cannot be extracted");
}
ensureReadParams();
return privateExponent;
}
因此,您可能需要指定在检索密码实例时要使用相同的加密提供程序。本商supports these RSA ciphers :
- RSA/ECB/NoPadding
- RSA/ECB/PKCS1Padding
您应该以这种方式创建密码实例:
Cipher cipher1 = Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidOpenSSL");
关于java - 无法提取 Android KeyStore 私有(private)指数,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/20554389/