我无法从 Android 上的 KeyStore 获取(私有(private)) key 。问题主要出现 在三星设备(S6、S6 Edge)和 Android 6 上。
android.security.KeyStoreException:无效的 key blob
调用以下行时抛出(其中别名是存储 key 的名称)。
KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry)keyStore.getEntry(alias, null);
KeyStore本身是通过
获取的KeyStore.getInstance("AndroidKeyStore");
key 通过以下方法生成:
private static void createKey(String alias, String subject, KeyStore keyStore, BigInteger serialNumber, Date startDate, Date endDate, String algorithm, String keyStoreProvider, Context context)
throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
if (keyStore.containsAlias(alias)) {
// Key already exists.
return;
}
// Generate keys.
KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(context)
.setAlias(alias)
.setSubject(new X500Principal(subject))
.setSerialNumber(serialNumber)
.setStartDate(startDate)
.setEndDate(endDate)
.build();
KeyPairGenerator generator = KeyPairGenerator.getInstance(algorithm, keyStoreProvider);
generator.initialize(spec);
KeyPair keyPair = generator.generateKeyPair();
}
其中算法是“RSA”,keyStoreProvider 是“AndroidKeyStore”。
堆栈跟踪部分:
android.security.KeyStoreException: Invalid key blob
at android.security.KeyStore.getKeyStoreException(KeyStore.java:939)
at android.security.keystore.AndroidKeyStoreProvider.loadAndroidKeyStorePublicKeyFromKeystore(AndroidKeyStoreProvider.java:216)
at android.security.keystore.AndroidKeyStoreProvider.loadAndroidKeyStoreKeyPairFromKeystore(AndroidKeyStoreProvider.java:252)
at android.security.keystore.AndroidKeyStoreProvider.loadAndroidKeyStorePrivateKeyFromKeystore(AndroidKeyStoreProvider.java:263)
at android.security.keystore.AndroidKeyStoreSpi.engineGetKey(AndroidKeyStoreSpi.java:93)
at java.security.KeyStoreSpi.engineGetEntry(KeyStoreSpi.java:372)
at java.security.KeyStore.getEntry(KeyStore.java:645)
异常导致 java.security.UnrecoverableKeyException: Failed to obtain information about private key 被抛出。
我找不到任何关于“无效 key blob”的更详细信息, 只是消息本身在此处定义:https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/security/keymaster/KeymasterDefs.java
最佳答案
当用户尝试从LOCK/UNINITIALIZED
中UNLOCK
时会出现此问题。它默认定义为 30 secs
计时。 此问题是与 API 相关的实现问题。
此错误由 InvalidKeyException
生成。通过绕过此异常并再次调用该方法,您可以摆脱此错误。
您必须从 catch 参数中删除 InvalidKeyException
类。这仍然允许您检查 InvalidKeyException
。检查后,您必须再次尝试使用代码,这样问题就不会出现在眼睛中,但进行 2 次检查可能会解决您的问题。代码如下。
try {
KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.keyStore
.getEntry("alias", null);
} catch (InvalidKeyException ex) {
ex.printStackTrace();
if (ex instanceof InvalidKeyException) { // bypass
// InvalidKeyException
// You can again call the method and make a counter for deadlock
// situation or implement your own code according to your
// situation
if (retry) {
keyStore.deleteEntry(keyName);
return getCypher(keyName, false);
} else {
throw ex;
}
}
} catch (final Exception e) {
e.printStackTrace();
throw e;
}
You can see my another answer that describes one by one occurring issue and solution.
更新自 @Ankis :
当您通过将 InvalidKeyException
更改为 UnrecoverableKeyException
解决问题时。因此,我已根据您的建议进行了更新,以便全世界都可以知道实际答案。感谢分享:)。
try {
KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.keyStore
.getEntry("alias", null);
} catch (UnrecoverableKeyException ex) {
ex.printStackTrace();
// You can again call the method and make a counter for deadlock
// situation or implement your own code according to your
// situation
if (retry) {
keyStore.deleteEntry(keyName);
return getCypher(keyName, false);
}
} catch (final Exception e) {
e.printStackTrace();
throw e;
}
关于安卓.security.KeyStoreException : Invalid key blob,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/36488219/