0

I've read a lot-a-lot of conflicting info on this forum and others. Some say you can't and others give examples how-to. My setEntry() seems to work fine. But the getEntry() always catch's UnrecoverableEntryException/UnrecoverableKeyEntryException/CipherTextException.

My questions:
1) How do I associate an alias to a String and store into my KeyStore? (I've had no problem storing/retrieving my Keypair (priv/pub) into it)
2) Is my setEntry() correct?
3) Why does my getEntry() fail?
4) What's the difference between an "Entry", a "KeyEntry", and a "SecretKeyEntry"? (Are those just Bouncy terms or generic Crypto terms?).

void setEntry( final String alias, String aValue ){
    SecretKey secretKey = null;
    try{
        secretKey = KeyGenerator.getInstance("AES", PROVIDER.getName()).generateKey();
    }
    catch ( NoSuchAlgorithmException |NoSuchProviderException aE ){ aE.printStackTrace(); }

// store the secret key
    KeyStore.Entry keyStoreEntry = new KeyStore.SecretKeyEntry( secretKey );
    ProtectionParameter keyPassword = new PasswordProtection( aValue.toCharArray() );

    try{
        mKEYSTORE.setEntry( alias, keyStoreEntry, keyPassword );
    }catch ( KeyStoreException X ){
        X.printStackTrace();
        mLog.debug( X.getMessage() ); }

}//setEntry()


String getEntry( entryType aEntryType ){
    String retVal;
    try{
        KeyStore.SecretKeyEntry secretKeyEntry = (SecretKeyEntry) mKEYSTORE.getEntry( aEntryType.name(), null );
        retVal = new String( secretKeyEntry.getSecretKey().getEncoded() );
    }catch ( NoSuchAlgorithmException | UnrecoverableEntryException | KeyStoreException X ){
        mLog.error( X.getMessage() );
        retVal = "ERROR getEntry";
    }
    return retVal;
}//getEntry()


void genKeyStore(){
    try{
        mKEYSTORE = KeyStore.getInstance( "BKS", "SC" );
//Pass null as the stream argument to initialize an empty KeyStore or to initialize a KeyStore which does not rely on an InputStream.
        mKEYSTORE.load( null, "KSpw".toCharArray(); );
        mLog.debug( "mKEYSTORE init'd" );
    }
    catch ( KeyStoreException | NoSuchProviderException | IOException | NoSuchAlgorithmException | CertificateException X )
    {throw X;}
}//genKeyStore()
JDOaktown
  • 2,085
  • 4
  • 25
  • 37
  • 1
    You're trying to store strings in a `KeyStore`, or am I misunderstaning you? A `KeyStore` is not meant for storing arbitrary data like strings. They're meant - as their name implies - for storing _keys_. You could then use one of your keys to e.g. generate a `Cipher` which can be used to encrypt data, such as a string. – Michael Jul 07 '16 at 18:13
  • Why is it better to have two files (keystore file and cipher file) than one keystore file? Yes I am trying to store metadata/arbitrary strings into KeyStore. Here are my favorite responses (among many) to this issue ( sorry I'm ~noob and ~confused): http://stackoverflow.com/questions/6243446/how-to-store-a-simple-key-string-inside-java-keystore?rq=1 http://stackoverflow.com/questions/27320610/how-can-i-use-the-android-keystore-to-securely-store-arbitrary-strings?lq=1 – JDOaktown Jul 07 '16 at 19:12
  • 1
    A cipher is not a file, it's an object that you generate when you want to use your key for a cryptographic operation (e.g. encrypting some data). The first question you linked to appears to be about importing a key into a `KeyStore`, so it's not some arbitrary data. The other one has an answer from the same person that asked the question, where he says essentially the same thing that I said in my first comment, just in more detail. – Michael Jul 07 '16 at 20:59
  • Ok but if I want to persist/store that cipher encrypted string....? – JDOaktown Jul 07 '16 at 21:02
  • 1
    Store the encrypted data in a file. But you've left out some important details - e.g. will decrypting the data require some form of user authentication (a fingerprint or password)? will you be sharing encrypted data with other devices or a server? etc. – Michael Jul 07 '16 at 21:10

0 Answers0