我正在使用 Android KeyStore 来存储加密 key 。我最近发现,对于极少数设备(全部是 Android 10),在尝试使用 KeyStore 中包含的 key 解密数据时会产生错误。
初始化密码时出现错误。
val cipher = Cipher.getInstance(TRANSFORMATION)
val spec = GCMParameterSpec(128, Base64.decode(ivString, Base64.NO_WRAP))
cipher.init(Cipher.DECRYPT_MODE, getSecretKey(), spec) // Here I get the error.
getSecretKey()是:@Throws(NoSuchAlgorithmException::class, UnrecoverableEntryException::class, KeyStoreException::class)
private fun getSecretKey(): SecretKey {
return (keyStore.getEntry(ALIAS, null) as KeyStore.SecretKeyEntry).secretKey
}
android.security.keystore.KeyStoreConnectException
Failed to communicate with keystore service
android.security.keystore.AndroidKeyStoreCipherSpiBase.ensureKeystoreOperationInitialized (AndroidKeyStoreCipherSpiBase.java:256)
android.security.keystore.AndroidKeyStoreCipherSpiBase.engineInit (AndroidKeyStoreCipherSpiBase.java:148)
javax.crypto.Cipher.tryTransformWithProvider (Cipher.java:2980)
javax.crypto.Cipher.tryCombinations (Cipher.java:2891)
javax.crypto.Cipher$SpiAndProviderUpdater.updateAndGetSpiAndProvider (Cipher.java:2796)
javax.crypto.Cipher.chooseProvider (Cipher.java:773)
javax.crypto.Cipher.init (Cipher.java:1288)
javax.crypto.Cipher.init (Cipher.java:1223)
mypackage.data.source.pass.storage.security.AesDecryptor.decryptData (AesDecryptor.kt:42)
AndroidKeyStoreCipherSpiBase.java 的代码我看到失败与mKeyStore.begin()有关返回 null .OperationResult opResult = mKeyStore.begin(
mKey.getAlias(),
purpose,
true, // permit aborting this operation if keystore runs out of resources
keymasterInputArgs,
additionalEntropy,
mKey.getUid());
if (opResult == null) {
throw new KeyStoreConnectException(); // LINE 256. This exception is thrown
}
注意:一个有趣的细节是目前我们正在后台线程中获取 key 。在它出现在主线程之前,我们从未遇到过问题(即使我们没有大的统计数据)。
最佳答案
不幸的是,这似乎是 Android 10 中的一个错误。https://issuetracker.google.com/issues/152240028
https://issuetracker.google.com/issues/147384380
谷歌工程师正在研究它。
关于java - 如何解决 Android KeyStore 上的 "communication failure"?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/62674630/