android.security.KeyStoreException: 无效的密钥 blob

android.security.KeyStoreException: Invalid key blob

我无法从 Android 上的 KeyStore 获取(私有)密钥。问题主要出现 在三星设备(S6、S6 Edge)和 Android 6.

android.security.KeyStoreException: 无效的密钥 blob

调用以下行时抛出(其中别名是存储密钥的名称)。

KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry)keyStore.getEntry(alias, null);

KeyStore本身是通过

获得的 
KeyStore.getInstance("AndroidKeyStore");

密钥是通过以下方法生成的:

private static void createKey(String alias, String subject, KeyStore keyStore, BigInteger serialNumber, Date startDate, Date endDate, String algorithm, String keyStoreProvider, Context context)
            throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
    if (keyStore.containsAlias(alias)) {
        // Key already exists.
        return;
    }

    // Generate keys.
    KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(context)
            .setAlias(alias)
            .setSubject(new X500Principal(subject))
            .setSerialNumber(serialNumber)
            .setStartDate(startDate)
            .setEndDate(endDate)
            .build();

    KeyPairGenerator generator = KeyPairGenerator.getInstance(algorithm, keyStoreProvider);
    generator.initialize(spec);

    KeyPair keyPair = generator.generateKeyPair();
}

算法是"RSA",keyStoreProvider是"AndroidKeyStore"。

堆栈跟踪部分:

android.security.KeyStoreException: Invalid key blob
       at android.security.KeyStore.getKeyStoreException(KeyStore.java:939)
       at android.security.keystore.AndroidKeyStoreProvider.loadAndroidKeyStorePublicKeyFromKeystore(AndroidKeyStoreProvider.java:216)
       at android.security.keystore.AndroidKeyStoreProvider.loadAndroidKeyStoreKeyPairFromKeystore(AndroidKeyStoreProvider.java:252)
       at android.security.keystore.AndroidKeyStoreProvider.loadAndroidKeyStorePrivateKeyFromKeystore(AndroidKeyStoreProvider.java:263)
       at android.security.keystore.AndroidKeyStoreSpi.engineGetKey(AndroidKeyStoreSpi.java:93)
       at java.security.KeyStoreSpi.engineGetEntry(KeyStoreSpi.java:372)
       at java.security.KeyStore.getEntry(KeyStore.java:645)

异常导致java.security.UnrecoverableKeyException: 获取私钥信息失败

我找不到关于 "Invalid key blob" 的更详细信息, 只有消息本身在此处定义:https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/security/keymaster/KeymasterDefs.java

当用户尝试从 LOCK/UNINITIALIZEDUNLOCK 时会出现此问题。它默认定义为 30 secs 用于计时。 此问题是 API 相关的实施问题。

此错误由 InvalidKeyException 生成。通过绕过此异常并再次调用该方法,您可以摆脱此错误。

您必须从 catch 参数中删除 InvalidKeyException class。这仍然允许您检查 InvalidKeyException。检查后,您必须再次尝试使用代码,这样问题就不会出现在眼睛中,但进行 2 次检查可能会解决您的问题。代码如下。

try {
    KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.keyStore
            .getEntry("alias", null);

} catch (InvalidKeyException ex) {
    ex.printStackTrace();
    if (ex instanceof InvalidKeyException) { // bypass
                                                // InvalidKeyException
        // You can again call the method and make a counter for deadlock
        // situation or implement your own code according to your
        // situation
        if (retry) {
            keyStore.deleteEntry(keyName);
            return getCypher(keyName, false);
        } else {
            throw ex;
        }
    }
} catch (final Exception e) {
    e.printStackTrace();
    throw e;
}

You can see my another that describes one by one occurring issue and solution.

来自 @Ankis 的更新:

您通过将 InvalidKeyException 更改为 UnrecoverableKeyException 解决了问题。因此,我已根据您的建议进行了更新,以便全世界都可以知道实际答案。感谢分享:).

try {
    KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.keyStore
            .getEntry("alias", null);

} catch (UnrecoverableKeyException ex) {
    ex.printStackTrace();
        // You can again call the method and make a counter for deadlock
        // situation or implement your own code according to your
        // situation
        if (retry) {
            keyStore.deleteEntry(keyName);
            return getCypher(keyName, false);
        }
} catch (final Exception e) {
    e.printStackTrace();
    throw e;
}