-1

It is a pretty straightforward question. I want to use Android Keystore API to decypher string that was previously encrypted with application signing key SHA-1.

Is there a way to get the key (for encryption) that will later be available from keystore during runtime?

arenaq
  • 2,078
  • 1
  • 19
  • 29
  • 1
    What would be the point? Anyone can decipher that string, as the public key is part of your APK. – CommonsWare Feb 22 '17 at 15:35
  • The point is not that relevant to this question, but what do you mean exactly by public key? – arenaq Feb 23 '17 at 20:50
  • The app signing process uses a digital signature, which is an offshoot of public-key cryptography. The signing keystore has two keys: a public key and a private key. You sign the APK with the private key, and the public key is used for validating that the APK has not been modified. However, the only way for Android to *get* the public key is for it to be "baked into" the APK itself, which is part of the app signing process. – CommonsWare Feb 23 '17 at 20:59
  • Thank you for clarification. Btw I do not see why this Q has so many downvotes. I have my own reasons why I want to do it and that should not be relevant. Q itself is well stated. – arenaq Mar 06 '17 at 18:07
  • 1
    Why is this question has taken so many downvotes? I think the point to decrypt or encrypt an string using appSign is to implement some sort of a tamper resistant code which is valid, Thought I suggest you implement it using JNI to make it more difficult to decompile – Hossein Shahdoost Apr 25 '19 at 11:29

1 Answers1

0

I found the answer here and here. Keytool can be used to get the application certificate signatures (refered here as "signing key").

Community
  • 1
  • 1
arenaq
  • 2,078
  • 1
  • 19
  • 29