10

How I do to store a secret key in a android device with the only possibility to use the key, not retrieve it. Eg: I import a private/generate a RSA keypair or a symmetric key from a application to this "secure storage". Now, NOBODY should be able to retrieve the secret key, not even the original application. (The non-secret part of key - the public key of a RSA keypair - but no part of a symmetric key - should still be retrieveable, especially if the key is generated in the secure storage)

The keystore should now act as a black box, providing a input for encrypted data and a output for decrypted data, eg I feed my encrypted values that I want to decrypt, and gets the decrypted values back.

Its a big plus if this is implemented in a hardware security chip in the android device, like a smart card chip, which is tamper-resistant, which would also keep the keys secure even if the device is rooted & cloned.

Any ideas which android mobile phones, that has such a tamper-resistant chip? Any ideas on how to use such a storage?

Found a similiar question: Android Secure Storage but this does not answer my questions.

Community
  • 1
  • 1
sebastian nielsen
  • 487
  • 1
  • 10
  • 23
  • possible duplicate of [Storing a secret key on Android](http://stackoverflow.com/questions/2671955/storing-a-secret-key-on-android) – rook Mar 04 '11 at 03:15
  • So the only answer you have gotten is telling you that this is completely and totally impossible. Perhaps you should rethink this. – rook Mar 04 '11 at 15:46

4 Answers4

7

I'll answer this but with reservation.

https://developer.android.com/training/articles/keystore.html

"Key material may be bound to the secure hardware (e.g., Trusted Execution Environment (TEE), Secure Element (SE)) of the Android device. When this feature is enabled for a key, its key material is never exposed outside of secure hardware."

So you enable the feature for the key. However,

"If the Android OS is compromised or an attacker can read the device's internal storage, the attacker may be able to use any app's Android Keystore keys on the Android device, but not extract them from the device."

This is due to Android allowing the keys to be used without the secret which is inherently unsafe. Hence my reservation.

In answer to android devices with the secure chip I'd say to a search. Seems TEE socs have been around for a while.

secret: [ ______________ ]

  • 1
    Yeah. This is something that was changed with Android 6.0. I have sucessfully implemented the feature in my new authentication app QRSA Authentication. When this question was answered, Android 6.0, and not even 5.0 didn't yet exist. Ill change the answer status to your answer due to the change in Android architecture. This is exactly what I searched for when asking this question. – sebastian nielsen Jul 11 '16 at 16:55
  • 1
    And no, allowing a "random app" to use the key is not that unsafe, because as long as the key material is not exposed outside secure hardware, it means the user is supposed to exercise good logical and physical control of the device. If the device is compromised, a secure storage of keys means the device can be un-compromised without having to change or replace key material. Think like a car key. Anybody can use it, even unauthorized individuals, but as long as it cannot be copied, a car key can be un-compromised by taking it back. – sebastian nielsen Jul 11 '16 at 17:02
  • 1
    The KeyStore relies on the uid system being secure. If that is compromised and the user does not need to enter a secret (or password) to use a key a spoofed app can use the key without requiring any user input. Good logical or physical control won't help. –  Jul 11 '16 at 20:34
  • 1
    The important thing is here the "un-compromise" part. If the uid system is compromised, yes, a attacker may use the key. In the same way that a attacker may be able to use your car key to use your car. The important thing here is the security of the key material itself. If the key material itself is inaccessible, the key itself is uncopiable, and thus its easy to restore from a compromised state. If however, the key material itself is compromised, the key can be considered compromised anytime, even if protected by a passcode (as someone might have copied the key and looked over the shoulder) – sebastian nielsen Jul 11 '16 at 22:54
  • 1
    and thus, recovery requires changing the key, which would mean you have to constantly change the key. Compare with the car key. If somebody could have copied your car key, you would have to reprogram your car system at any time. But if the car key is uncopiable, you would only need to ensure it cannot be accessed to restore from a compromise. Even if somebody might have been able to use the key, it don't matter. As soon as you are in control of the key (and in Android, turning on Airplane mode for example and clearing off any RAT), the key is un-compromised. – sebastian nielsen Jul 11 '16 at 22:58
  • 1
    WIth a secret or a password the attacker can't use the car key without the secret. In fact if the phone is rooted all they have is a useless key since they do not have the secret. With Android's KeyStore alone, they can pretty much do whatever they want. What I'm saying here is that you need to use other levels of security using something like the java.security package whereby you can generate keypairs, encrypt them and then store them with the KeyStore. The "AndroidKeyStore" provider does not let you do this. –  Jul 12 '16 at 09:15
  • 1
    A problem with this approach is that the key is exposed outside of the secure storage, which means a attacker who has both the secret and the encrypted key can use it. To gain hardware security, you MUST use the AndroidKeyStore. Thats the only way to get trustzone security. However, a great thing here is to double encrypt in that case, eg encrypt using pubkey of a encrypted privatekey, and then encrypt using pubkey of a AndroidKeyStore key. To decrypt, you both need the password-protected key, and the AndroidKeyStore hardware protected key. – sebastian nielsen Jul 25 '16 at 13:40
  • 1
    I checked your app at github. For your purposes, which are rather unique, you are 100% correct and the additional java.security packages are not needed. Encrypting the key with a user's master password prior to storing in the KeyStore is for standard access like to an email account bear in mind we're speaking in the context of secure hardware. which often means the highest levels of security.. –  Jul 27 '16 at 02:28
5

Found out what you need to do to get secure storage on Android:

You need to buy a Secure MicroSD card, one which conforms to the ASSD specification (Advanced Security SD). That is a MicroSD card that contains a Secure Element, often a PKI solution where you can generate a private key on-card so the private key is impossible to extract, but the public key can be extracted and use it to encrypt things that only the MicroSD card can decrypt.

Two examples is CertGate MicroSD (which is available as a consumer version called "SmartCard-HSM Android") and one that is no longer available in consumer version, is the G&D Mobile Security Card.

That makes it a secure storage that CANNOT be hacked by a rooted phone, and it CANNOT be copied, impossible per the definition. Only way is to brute-force the private key using the public key as verification if you hit correctly. But if you use RSA-2048, that is technically impossible too.

The reason is that the Phone Manufacturers seems to lock the built-in Phone Secure Element to manufacturer approved apps, so you cannot use it arbitrarily. Only way is actually add a Secure Element to the phone in the form of a MicroSD card.

(This answer is only valid for Android versions prior to 5.0)

QED
  • 9,439
  • 6
  • 46
  • 82
sebastian nielsen
  • 487
  • 1
  • 10
  • 23
0

You might check out CertStore or KeyStore, although I do not know how these are implemented on Android. I did some searching around but couldn't find any promising examples, and actually found a post on the Android-Security-Discussions group indicating that this might not even work on Android.

jakebasile
  • 7,716
  • 3
  • 26
  • 34
-2

What you are asking is impossible. A user with a jail-broken device has more control over the device than you do. There is no place to hide anything, and there never will be. What you are looking for is "(in)Security Though Obscurity".

rook
  • 62,960
  • 36
  • 149
  • 231
  • 5
    Rook: No, it is not impossible. If a specific device has a hardware tamper-resistant security chip inside, like a smartcard chip, but embedded into the actual phone, even a jail-broken phone cannot in any way extract the secret key. Im searching for such devices and the possible to use the security chip from android. – sebastian nielsen Mar 04 '11 at 04:00
  • @sebastian nielsen So what smartcards are also easy to break. http://www.youtube.com/watch?v=tnY7UVyaFiQ – rook Mar 04 '11 at 06:28