0

I am not very much familiar with android keystore. In my project, i have include previously created password protected custom keystore, from which i need to extract the secret key in my project with known alias. I do not want to modify the secret key or do not want to create any secret key. Is it possible? I need some clarification on android keystore. please help me regarding this context.

Dev b
  • 17
  • 6

1 Answers1

0

Yea. You can get key with key alias Look at this code Key store used for save encryption keys only, don`t save your password there!!!

 private fun init() {
    keyStore = KeyStore.getInstance(AndroidKeyStore)
    keyStore.load(null)

    if (!keyStore.containsAlias(KEY_ALIAS)) {

        val keyGenerator: KeyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, AndroidKeyStore)
        keyGenerator.init(
                KeyGenParameterSpec.Builder(KEY_ALIAS, KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT)
                        .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
                        .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
                        .build())

        keyGenerator.generateKey()
    }
}


override fun encrypt(byteArray: ByteArray): ByteArray {
    val keyStoreKey = keyStore.getKey(KEY_ALIAS, null)
    val cipher = Cipher.getInstance(AES_MODE)
    cipher.init(Cipher.ENCRYPT_MODE, keyStoreKey)
    val encodedBytes = cipher.doFinal(byteArray)
    val params = cipher.parameters
    val iv = params.getParameterSpec(GCMParameterSpec::class.java).iv
    saveIv(iv)

    return encodedBytes
}

override fun decrypt(byteArray: ByteArray): ByteArray {
    val iv = getIv()
    val ivSpec = GCMParameterSpec(128, iv)
    val keyStoreKey = keyStore.getKey(KEY_ALIAS, null) as SecretKey
    val cipher = Cipher.getInstance(AES_MODE)
    cipher.init(Cipher.DECRYPT_MODE, keyStoreKey, ivSpec)

    return cipher.doFinal(byteArray)
}

It`s my encryption and decryption for android API level >= 23 for 18>=API level <23 you need AES crypt

logoped583st
  • 27
  • 2
  • You have misunderstood my problem, the keystore was already created somewhere and protected by a password. I just want to get the secret key of a know alias. that's it. – Dev b Jul 31 '18 at 16:32
  • https://stackoverflow.com/questions/18589694/i-have-never-set-any-passwords-to-my-keystore-and-alias-so-how-are-they-created read there. You need to save key that you use to access keystore. – logoped583st Jul 31 '18 at 16:35