Stack Overflow
Stack Overflow

Questions tagged [android-keystore]

The Android system requires that all installed applications be digitally signed with a certificate whose private key is held by the application's developer. "Android keystore" may also refer to Android Keystore System, introduced in API level 18, which allows storing cryptographic keys securely within an app.

Android requires that all apps be digitally signed with a certificate before they can be installed. Android uses this certificate to identify the author of an app, and the certificate does not need to be signed by a certificate authority. Android apps often use self-signed certificates. The app developer holds the certificate's private key.

"Android keystore" may also refer to Android Keystore System, introduced in API level 18, which allows storing cryptographic keys securely within an app.

Useful links

882 questions
9
votes
1 answer

Android Keystore's password protection

We used Anroid Keystore to store some confidential data and set up a password for Keystore. This passwords are used in conjunction with the KeyStore class in the load, getKey and setKeyEntry methods. The Keystore itself is encrypted and app can only…
Ketan
  • 91
  • 2
9
votes
3 answers

Can Android's keystore be backed up?

Android supports cloud and local backup of APK files, application data, and so on. Is the device keystore included in the backup? (I don't think you can extract private keys from an hardware-backed keystore even in rooted devices, not so sure about…
Daniel
  • 1,830
  • 22
  • 40
9
votes
4 answers

Android Facebook SDK : "(# 404) Keyhash XXXXXX does not match any stored key hashes"

I am trying Android Facebook integration for an app. I am new to this. I have got the Facebook SDK & I am trying to run a few samples from there. When I run the samples I get this error " (# 404) Keyhash XXXXXX does not match any stored key hashes…
sudhishkr
  • 2,636
  • 4
  • 24
  • 51
9
votes
2 answers

Android Studio 0.4.+ custom debug keystore

Prior to Android Studio 0.4, I was able to set a custom debug keystore via File -> Project Structure -> Facets -> Compiler Tab This option has gone at least with Android Studio 0.4.2. Where can I set the custom keystore for being able to share it…
Matthias
  • 6,835
  • 6
  • 51
  • 84
9
votes
5 answers

Google Play says my APK built with Android Studio Build->Generate Signed APK is debuggable

I get the message: You uploaded a debuggable APK. For security reasons you need to disable debugging before it can be published in Google Play. Learn more about debuggable APKs. I generate my APK with Android Studio, Build->Generate Signed APK. I…
user1178729
9
votes
1 answer

How to reset keystores when you do not know their password?

For some reason I got this message: keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect I know that I cannot "repair" the keystore, but I want to reset the keystore, but don't know how to do it, especially…
sorin
  • 137,198
  • 150
  • 472
  • 707
8
votes
0 answers

UnrecoverableKeyException caused by obscure KeyStoreException: 112

I'm seeing this in my crash logs a lot when prompting the fingerprint dialog to authenticate the user. java.security.UnrecoverableKeyException: Failed to obtain information about key at ..my…
tango whiskey double
  • 17,662
  • 15
  • 86
  • 132
8
votes
1 answer

Can we extract public/private keys from the Android Keystore?

Regarding Android Keystore system article, Key material never enters the application process. When an application performs cryptographic operations using an Android Keystore key, behind the scenes plaintext, ciphertext, and messages to be signed or…
frogatto
  • 26,401
  • 10
  • 73
  • 111
8
votes
1 answer

KeyStore vs KeyChain

I have an app that generates a key for encryption/decryption and it is working just fine. I store my key in KeyStore and IV as first 12B in encrypted file saved on external storage. When I want to decrypt the file, I get the file from external…
Mediha
  • 580
  • 2
  • 8
  • 22
8
votes
2 answers

How to store Android KeyStore passwords securely

In one application I use the Android KeyStore. I have set up a password for the whole KeyStore and for each password entry. Since these passwords are strings they are stored in string members in code. Oviously this is not safe if I want to publish…
JoeFox
  • 921
  • 1
  • 8
  • 20
8
votes
4 answers

How to read SHA and MD5 fingerprint programmatically in Android

Hello I want to read SHA and MD5 fingerprint value of keystore programmatically of my app from which it was signed. I'll take either SHA or MD5 value as key for security. This key I will use in the code to encrypt something and decrypt same at…
N Sharma
  • 28,073
  • 81
  • 228
  • 405
8
votes
1 answer

AndroidKeystore on 4.1 API

I am using AndroidKeystore as the provider in my current project to store private keys securely. Now I want to make my app available for older Android releases down to 4.1 (API version 16). Therefore I need to find an alternative for the…
fr00tyl00p
  • 317
  • 2
  • 10
8
votes
3 answers

How to store key using Android Key Store Provider

I am trying to use the Android Key Store Provider that became available in Android 4.3 to securely save a Private Key and to then use this private key to encrypt and decode data. I think I have implemented the correct approach and code for this so…
Donal Rafferty
  • 19,239
  • 37
  • 110
  • 186
8
votes
3 answers

Android 4.3 KeyStore - chain == null while trying to retrieve keys

Following this blog, I'm using this code to create and store a KeyPair in Android KeyStore: Context ctx = getApplicationContext(); Calendar notBefore = Calendar.getInstance(); Calendar notAfter = Calendar.getInstance(); notAfter.add(1,…
iMan Biglari
  • 4,426
  • 1
  • 30
  • 78
8
votes
6 answers

Issues in publishing unsigned .apk file?

There are many questions about signed and unsigned .apk files.for testing & debugging we can use unsigned .apk file that generated inside bin folder. This apk file generated using a dummy keystore file. My question is why we need to use signed apk.…
Buru
  • 8,018
  • 7
  • 47
  • 77
1 2 3
58 59