I am using the Android 4.1 Keychain and the following code worked fine under 4.0 but now gives me a Nullpointer exception (Cipher can't read some internal attribute)

privateKey = KeyChain.getPrivateKey(context,mAlias);
byte[] data = // some biary data
Cipher rsasinger = javax.crypto.Cipher.getInstance("RSA/ECB/PKCS1PADDING");
rsasinger.init(Cipher.ENCRYPT_MODE, privkey);

byte[] signed_bytes = rsasinger.doFinal(data);

I am handling the private key from the KeyChain as opaque and simply use it with the java security Api. Do need I need to use the KeyChain API in a different way?

After further debugging and by contacted by a Google engenier (Thanks!) it turned out that Android registers differents JAVA Crypto providers and only the OpenSSL Provider is able to use the PrivateKeys from the Keystore.

But with some hacks and using /system/lib/ssl/engines/libkeystore.so it should be possible to work around this problem.

See http://code.google.com/p/ics-openvpn/source/browse/jni/jbcrypto.cpp and proccessSignJellyBean in http://code.google.com/p/ics-openvpn/source/browse/src/de/blinkt/openvpn/OpenVpnManagementThread.java#446 for my solution.