Android KeyStore 加密和解密数据

Android KeyStore Encrypt and Decrypt Data

我的问题是:我试图在将一些用户的敏感数据保存到我的数据库之前对其进行加密。加密没有问题,问题出在解密部分。

我知道了:

07-22 16:25:38.941 18035-18035/io.nourish.strongerasfukk E/AndroidRuntime: FATAL EXCEPTION: main
Process: io.nourish.strongerasfukk, PID: 18035
java.lang.RuntimeException: Unable to start activity ComponentInfo{io.nourish.strongerasfukk/io.nourish.strongerasfukk.Register}: java.security.InvalidKeyException: Keystore operation failed
    at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2450)
    at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2520)
    at android.app.ActivityThread.-wrap11(ActivityThread.java)
    at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1363)
    at android.os.Handler.dispatchMessage(Handler.java:102)
    at android.os.Looper.loop(Looper.java:148)
    at android.app.ActivityThread.main(ActivityThread.java:5466)
    at java.lang.reflect.Method.invoke(Native Method)
    at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726)
    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616)
 Caused by: java.security.InvalidKeyException: Keystore operation failed
    at android.security.KeyStore.getInvalidKeyException(KeyStore.java:692)
    at android.security.KeyStore.getInvalidKeyException(KeyStore.java:712)
    at android.security.keystore.KeyStoreCryptoOperationUtils.getInvalidKeyExceptionForInit(KeyStoreCryptoOperationUtils.java:54)
    at android.security.keystore.KeyStoreCryptoOperationUtils.getExceptionForCipherInit(KeyStoreCryptoOperationUtils.java:89)
    at android.security.keystore.AndroidKeyStoreCipherSpiBase.ensureKeystoreOperationInitialized(AndroidKeyStoreCipherSpiBase.java:263)
    at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineInit(AndroidKeyStoreCipherSpiBase.java:108)
    at javax.crypto.Cipher.tryTransformWithProvider(Cipher.java:612)
    at javax.crypto.Cipher.tryCombinations(Cipher.java:532)
    at javax.crypto.Cipher.getSpi(Cipher.java:437)
    at javax.crypto.Cipher.init(Cipher.java:815)
    at javax.crypto.Cipher.init(Cipher.java:774)
    at **io.nourish.strongerasfukk.utilities.Encryption.decrypt(Encryption.kt:28)
    at io.nourish.strongerasfukk.Register.onCreate(Register.kt:54)**
    at android.app.Activity.performCreate(Activity.java:6251)
    at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1108)
    at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2403)
    at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2520) 
    at android.app.ActivityThread.-wrap11(ActivityThread.java) 
    at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1363) 
    at android.os.Handler.dispatchMessage(Handler.java:102) 
    at android.os.Looper.loop(Looper.java:148) 
    at android.app.ActivityThread.main(ActivityThread.java:5466) 
    at java.lang.reflect.Method.invoke(Native Method) 
    at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726) 
    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616) 
 Caused by: android.security.KeyStoreException: Incompatible padding mode
    at android.security.KeyStore.getKeyStoreException(KeyStore.java:632)
    at android.security.KeyStore.getInvalidKeyException(KeyStore.java:712) 
    at android.security.keystore.KeyStoreCryptoOperationUtils.getInvalidKeyExceptionForInit(KeyStoreCryptoOperationUtils.java:54) 
    at android.security.keystore.KeyStoreCryptoOperationUtils.getExceptionForCipherInit(KeyStoreCryptoOperationUtils.java:89) 
    at android.security.keystore.AndroidKeyStoreCipherSpiBase.ensureKeystoreOperationInitialized(AndroidKeyStoreCipherSpiBase.java:263) 
    at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineInit(AndroidKeyStoreCipherSpiBase.java:108) 
    at javax.crypto.Cipher.tryTransformWithProvider(Cipher.java:612) 
    at javax.crypto.Cipher.tryCombinations(Cipher.java:532) 
    at javax.crypto.Cipher.getSpi(Cipher.java:437) 
    at javax.crypto.Cipher.init(Cipher.java:815) 
    at javax.crypto.Cipher.init(Cipher.java:774) 
    at io.nourish.strongerasfukk.utilities.Encryption.decrypt(Encryption.kt:28) 
    at io.nourish.strongerasfukk.Register.onCreate(Register.kt:54) 
    at android.app.Activity.performCreate(Activity.java:6251) 
    at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1108) 
    at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2403) 
    at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2520) 
    at android.app.ActivityThread.-wrap11(ActivityThread.java) 
    at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1363) 
    at android.os.Handler.dispatchMessage(Handler.java:102) 
    at android.os.Looper.loop(Looper.java:148) 
    at android.app.ActivityThread.main(ActivityThread.java:5466) 
    at java.lang.reflect.Method.invoke(Native Method) 
    at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726) 
    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616) 

可以看到,问题参考了这两行代码,分别是:

Encryption.kt(第 28 行)

cipher.init(Cipher.DECRYPT_MODE, key)

&

Register.kt(第 54 行)

var decryptedData = encryption.decrypt(encryptedData,masterKey?.private)

我尝试在 Cipher.init 中放入提供者或不放入提供者,但都出现了同样的错误;我在网上或在这里寻找一些解决方案,但一无所获。我错过了什么或做错了什么?另外,我试过这里的例子 (Link) 也没有任何结果。

我从这个 link (link) 中得到了代码示例,但不得不根据我自己的目的修改一些东西。

这是我的代码,以便更好地理解。

KeyStoreAdapter.kt

class KeyStoreAdapter {

private val kS = createAndroidKeyStore()

fun checkIfKeyExists(key: String) {
    val keyStore = KeyStore.getInstance("AndroidKeyStore").apply { load(null) }
    val alias = keyStore.aliases().toList()

    if(!alias.contains(key)) {
        val kpg: KeyPairGenerator = KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore")
        val parameterSpec: KeyGenParameterSpec = KeyGenParameterSpec.Builder("MasterKeys", KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT)
                .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
                .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1)
                .build()
        kpg.initialize(parameterSpec)
        kpg.generateKeyPair()
    }
}

fun getKeys(alias: String): KeyPair? {
    val privateKey = kS.getKey(alias, null) as PrivateKey?
    val publicKey = kS.getCertificate(alias)?.publicKey

    return if(privateKey != null && publicKey != null) {
        KeyPair(publicKey, privateKey)
    } else {
        null
    }
}

private fun createAndroidKeyStore(): KeyStore {
    val keyStore = KeyStore.getInstance("AndroidKeyStore")
    keyStore.load(null)
    return keyStore
}

}

Encryption.kt class 加密 {

val cipher = Cipher.getInstance(Config.TRANSFORMATION)

fun encrypt(data: String, key: Key?): String {
    cipher.init(Cipher.ENCRYPT_MODE, key)
    val bytes = cipher.doFinal(data.toByteArray())
    return Base64.encodeToString(bytes, Base64.DEFAULT)
}

fun decrypt(data: String, key: Key?): String {
    cipher.init(Cipher.DECRYPT_MODE, key)
    val encryptedData = Base64.decode(data, Base64.DEFAULT)
    val decodedData = cipher.doFinal(encryptedData)
    return String(decodedData)
}

}

const val TRANSFORMATION = "RSA/ECB/PKCS1Padding"

在此先感谢大家!

尝试使用填充 "OAEPwithSHA-1andMGF1Padding"。 SDK 10+ 支持它。 代码:

const val TRANSFORMATION = "RSA/ECB/OAEPwithSHA-1andMGF1Padding"

生成密钥

val keyPairGenerator = KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore")
keyPairGenerator.initialize(KeyGenParameterSpec.Builder(KEY_ALIAS, KeyProperties.PURPOSE_ENCRYPT
                    or KeyProperties.PURPOSE_DECRYPT)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_OAEP)
.setDigests(KeyProperties.DIGEST_SHA1) 
.build())