错误的 RSA 私钥密钥库
Wrong RSA PrivateKey KeyStore
我的应用程序在打开时生成 KeyPair
。我可以使用 PublicKey
加密文本,但是当我尝试使用 PrivateKey
解密它时,它会抛出 InvalidKeyException
.
一些Log.v
调试:
(...) V/Aliases: The public key created is [android.security.keystore.AndroidKeyStoreRSAPublicKey@1840131a]
(...) V/Aliases: The private key created is [android.security.keystore.AndroidKeyStoreRSAPrivateKey@37ad0430]
(...) V/Aliases: The public key used is [android.security.keystore.AndroidKeyStoreRSAPublicKey@1840131a]
(...) V/Aliases: The private key used is [android.security.keystore.AndroidKeyStoreRSAPrivateKey@37ad0430]
(...) V/Aliases: The private key [android.security.keystore.AndroidKeyStoreRSAPrivateKey@37ad0430] is incorrect
KeyPair
代数:
try {
//Load KeyStore
keystore = KeyStore.getInstance("AndroidKeyStore");
keystore.load(null);
} catch (KeyStoreException | IOException | NoSuchAlgorithmException | CertificateException e) {
e.printStackTrace();
}
//KeyPair generation
KeyPairGenerator kpg = null;
try {
kpg = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
kpg.initialize(new KeyGenParameterSpec.Builder("Test",KeyProperties.PURPOSE_DECRYPT | KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_SIGN)
.setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512)
.build());
kp = kpg.generateKeyPair();
Log.v("Aliases", "The public key created is [" + kp.getPublic() + "]");
Log.v("Aliases", "The private key created is [" + kp.getPrivate()+ "]");
} catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidAlgorithmParameterException e) {
e.printStackTrace();
}
Encryption
函数:
//Removed try/catch
KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keystore.getEntry("Test", null);
PublicKey publicKey = privateKeyEntry.getCertificate().getPublicKey();
Log.v("Aliases", "The public key used is [" + publicKey + "]");
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
[] bytes = cipher.doFinal(edittext.getText().toString().getBytes());
edittext.setText(Base64.encodeToString(bytes, Base64.DEFAULT));
Decryption
函数:
//Removed try/catch
KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keystore.getEntry("Test", null);
PrivateKey privateKey = privateKeyEntry.getPrivateKey();
Log.v("Aliases", "The private key used is [" + privateKey + "]");
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, privateKey);
String decrypted = new String(cipher.doFinal(Base64.decode(edittext.getText().toString(), Base64.DEFAULT)));
edittext.setText(decrypted);
//Removed the "try" part. This gets executed when cipher.init returns InvalidKeyException
catch (InvalidKeyException e) {
KeyStore.PrivateKeyEntry privateKeyEntry = null;
privateKeyEntry = (KeyStore.PrivateKeyEntry) keystore.getEntry("Test", null);
PrivateKey privateKey = privateKeyEntry.getPrivateKey();
Log.v("Aliases", "The private key [" + privateKey + "] is incorrect");
e.printStackTrace();
}
不要这样做:
Cipher cipher = Cipher.getInstance("RSA");
始终指定完整的 "algorithm/mode/padding" 规范。例如,
Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPwithSHA-256andMGF1Padding");
现在您还需要告诉 AndroidKeyStore 您允许您的密钥使用哪些加密填充。因此,在 KeyGenParameterSpec.Builder(...)
的调用链中添加一个 setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_OAEP)
调用,即
kpg.initialize(new KeyGenParameterSpec.Builder("Test",
KeyProperties.PURPOSE_DECRYPT | KeyProperties.PURPOSE_ENCRYPT |
KeyProperties.PURPOSE_SIGN)
.setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_OAEP)
.build());
我的应用程序在打开时生成 KeyPair
。我可以使用 PublicKey
加密文本,但是当我尝试使用 PrivateKey
解密它时,它会抛出 InvalidKeyException
.
一些Log.v
调试:
(...) V/Aliases: The public key created is [android.security.keystore.AndroidKeyStoreRSAPublicKey@1840131a]
(...) V/Aliases: The private key created is [android.security.keystore.AndroidKeyStoreRSAPrivateKey@37ad0430]
(...) V/Aliases: The public key used is [android.security.keystore.AndroidKeyStoreRSAPublicKey@1840131a]
(...) V/Aliases: The private key used is [android.security.keystore.AndroidKeyStoreRSAPrivateKey@37ad0430]
(...) V/Aliases: The private key [android.security.keystore.AndroidKeyStoreRSAPrivateKey@37ad0430] is incorrect
KeyPair
代数:
try {
//Load KeyStore
keystore = KeyStore.getInstance("AndroidKeyStore");
keystore.load(null);
} catch (KeyStoreException | IOException | NoSuchAlgorithmException | CertificateException e) {
e.printStackTrace();
}
//KeyPair generation
KeyPairGenerator kpg = null;
try {
kpg = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
kpg.initialize(new KeyGenParameterSpec.Builder("Test",KeyProperties.PURPOSE_DECRYPT | KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_SIGN)
.setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512)
.build());
kp = kpg.generateKeyPair();
Log.v("Aliases", "The public key created is [" + kp.getPublic() + "]");
Log.v("Aliases", "The private key created is [" + kp.getPrivate()+ "]");
} catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidAlgorithmParameterException e) {
e.printStackTrace();
}
Encryption
函数:
//Removed try/catch
KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keystore.getEntry("Test", null);
PublicKey publicKey = privateKeyEntry.getCertificate().getPublicKey();
Log.v("Aliases", "The public key used is [" + publicKey + "]");
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
[] bytes = cipher.doFinal(edittext.getText().toString().getBytes());
edittext.setText(Base64.encodeToString(bytes, Base64.DEFAULT));
Decryption
函数:
//Removed try/catch
KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keystore.getEntry("Test", null);
PrivateKey privateKey = privateKeyEntry.getPrivateKey();
Log.v("Aliases", "The private key used is [" + privateKey + "]");
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, privateKey);
String decrypted = new String(cipher.doFinal(Base64.decode(edittext.getText().toString(), Base64.DEFAULT)));
edittext.setText(decrypted);
//Removed the "try" part. This gets executed when cipher.init returns InvalidKeyException
catch (InvalidKeyException e) {
KeyStore.PrivateKeyEntry privateKeyEntry = null;
privateKeyEntry = (KeyStore.PrivateKeyEntry) keystore.getEntry("Test", null);
PrivateKey privateKey = privateKeyEntry.getPrivateKey();
Log.v("Aliases", "The private key [" + privateKey + "] is incorrect");
e.printStackTrace();
}
不要这样做:
Cipher cipher = Cipher.getInstance("RSA");
始终指定完整的 "algorithm/mode/padding" 规范。例如,
Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPwithSHA-256andMGF1Padding");
现在您还需要告诉 AndroidKeyStore 您允许您的密钥使用哪些加密填充。因此,在 KeyGenParameterSpec.Builder(...)
的调用链中添加一个 setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_OAEP)
调用,即
kpg.initialize(new KeyGenParameterSpec.Builder("Test",
KeyProperties.PURPOSE_DECRYPT | KeyProperties.PURPOSE_ENCRYPT |
KeyProperties.PURPOSE_SIGN)
.setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_OAEP)
.build());