encode() with private key in “AndroidKeyStore” ret

2019-02-19 00:25发布

问题:

With Android 4.3, this code return null.

KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
keyStore.load(null);
keyStore.setKeyEntry(alias, privateKey, null, certificateChain);
PrivateKeyEntry entry=(PrivateKeyEntry)keyStore.getEntry(alias, new PasswordProtection(password));
assert(entry.getPrivateKey().getEncoded()!=null);

How it's possible to get the encoded version of private key ?

Or, is it possible to transmit the private key handler to another application ?

Thank's

回答1:

The Android KeyChain API prevents you from being able to get an encoded private key.

See the method at line 158 of OpenSSLRSAPrivateKey.java

@Override
public final BigInteger getPrivateExponent() {
    if (key.isEngineBased()) {
        throw new UnsupportedOperationException("private exponent cannot be extracted");
    }

But the benefit of using the KeyChain API is that it provides system-wide credential storage. Any app should be able to retrieve the key pair and certificate by its alias. Refer to the KeyStore docs.