Android 9 - KeyStore 异常 android.os.ServiceSpecificException
Android 9 - KeyStore exception android.os.ServiceSpecificException
如果我在 Android 9 上 运行 此代码,我会收到以下异常:
private static KeyStore.PrivateKeyEntry getPrivateKeyEntry(String alias) {
try {
KeyStore ks = KeyStore
.getInstance(SecurityConstants.KEYSTORE_PROVIDER_ANDROID_KEYSTORE);
ks.load(null);
KeyStore.Entry entry = ks.getEntry(alias, null);
if (entry == null) {
Log.w(TAG, "No key found under alias: " + alias);
Log.w(TAG, "Exiting signData()...");
return null;
}
if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
Log.w(TAG, "Not an instance of a PrivateKeyEntry");
Log.w(TAG, "Exiting signData()...");
return null;
}
return (KeyStore.PrivateKeyEntry) entry;
} catch (Exception e) {
Log.e(TAG, e.getMessage(), e);
return null;
}
}
异常:
KeyStore exception
android.os.ServiceSpecificException: (code 7)
at android.os.Parcel.createException(Parcel.java:1956)
at android.os.Parcel.readException(Parcel.java:1910)
at android.os.Parcel.readException(Parcel.java:1860)
at android.security.IKeystoreService$Stub$Proxy.get(IKeystoreService.java:786)
at android.security.KeyStore.get(KeyStore.java:195)
at android.security.keystore.AndroidKeyStoreSpi.engineGetCertificateChain(AndroidKeyStoreSpi.java:118)
at java.security.KeyStoreSpi.engineGetEntry(KeyStoreSpi.java:484)
at java.security.KeyStore.getEntry(KeyStore.java:1560)
at com.phenodev.testenc.KeyStoreHelper.getPrivateKeyEntry(KeyStoreHelper.java:151)
at com.phenodev.testenc.KeyStoreHelper.encrypt(KeyStoreHelper.java:173)
at com.phenodev.testenc.KeyStoreEncryptor.encrypt(KeyStoreEncryptor.java:19)
请帮忙修复。
终于找到解决办法了。看起来 since Android P (KeyStore.PrivateKeyEntry) keyStore.getEntry("alias", null)
不是获取私钥的正确方法。
我可以通过这种方式访问 private/public 键来摆脱这个警告
KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
keyStore.load(null);
PrivateKey privateKey = (PrivateKey) keyStore.getKey("alias", null);
PublicKey publicKey = keyStore.getCertificate("alias").getPublicKey();
我在从 AndroidKeyStore
中检索非对称密钥时遇到了同样的问题
我基于 Dr Glass 答案获取密钥的解决方案如下:(aliasKey 是您的别名字符串)
公钥:
val keyStore = KeyStore.getInstance("AndroidKeyStore")
keyStore.load(null)
val asymmetricPublicKey = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
keyStore.getCertificate(aliasKey).publicKey
} else {
val asymmetricKey = keyStore.getEntry(aliasKey, null) as KeyStore.PrivateKeyEntry
asymmetricKey.certificate.publicKey
}
私钥:
val keyStore = KeyStore.getInstance("AndroidKeyStore")
keyStore.load(null)
val asymmetricPrivateKey = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
keyStore.getKey(aliasKey, null) as PrivateKey
} else {
val asymmetricKey = keyStore.getEntry(aliasKey, null) as KeyStore.PrivateKeyEntry
asymmetricKey.privateKey
}
并且使用此代码,我在具有 Android P
的模拟器 and/or 设备中没有任何警告
我找到了如何删除警告的解决方案,如果您也能对其进行测试,那就太好了。实际上调用方法的顺序是问题所在。
val privateKey = keyStore.getKey(alias, null)
val publicKey = if (privateKey != null) keyStore.getCertificate(alias).publicKey else null
if (privateKey != null && publicKey != null) {
KeyPair(publicKey, privateKey as PrivateKey)
}
这是调用方法的正确顺序。
当你这样做时:
val privateKey = keyStore.getKey(alias, null)
val certificate = keyStore.getCertificate(alias)
if (privateKey != null && certificate != null) {
KeyPair(certificate.publicKey, privateKey as PrivateKey)
}
您将收到以下警告(因为 keyStore.getCertificate(别名):
KeyStore exception
android.os.ServiceSpecificException: (code 7)
at android.os.Parcel.createException(Parcel.java:2085)
at android.os.Parcel.readException(Parcel.java:2039)
at android.os.Parcel.readException(Parcel.java:1987)
at android.security.keystore.IKeystoreService$Stub$Proxy.get(IKeystoreService.java:978)
at android.security.KeyStore.get(KeyStore.java:236)
at android.security.KeyStore.get(KeyStore.java:225)
at android.security.keystore.AndroidKeyStoreSpi.engineGetCertificate(AndroidKeyStoreSpi.java:160)
at java.security.KeyStore.getCertificate(KeyStore.java:1120)
这意味着没有私钥,您应该先创建并存储一个密钥对然后在密钥库中搜索它。
现在有了 MatPag 的答案应该是这样的:
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
val privateKey = keyStore.getKey(alias, null)
val publicKey = if (privateKey != null) keyStore.getCertificate(alias).publicKey else null
return if (privateKey != null && publicKey != null) {
KeyPair(publicKey, privateKey as PrivateKey)
} else {
null
}
} else {
val asymmetricKey = keyStore.getEntry(alias, null) as KeyStore.PrivateKeyEntry
val privateKey = asymmetricKey.privateKey
val publicKey = if(privateKey != null) asymmetricKey.certificate.publicKey else null
return if(privateKey != null && publicKey != null) {
KeyPair(publicKey, privateKey as PrivateKey)
} else {
null
}
}
如果我在 Android 9 上 运行 此代码,我会收到以下异常:
private static KeyStore.PrivateKeyEntry getPrivateKeyEntry(String alias) {
try {
KeyStore ks = KeyStore
.getInstance(SecurityConstants.KEYSTORE_PROVIDER_ANDROID_KEYSTORE);
ks.load(null);
KeyStore.Entry entry = ks.getEntry(alias, null);
if (entry == null) {
Log.w(TAG, "No key found under alias: " + alias);
Log.w(TAG, "Exiting signData()...");
return null;
}
if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
Log.w(TAG, "Not an instance of a PrivateKeyEntry");
Log.w(TAG, "Exiting signData()...");
return null;
}
return (KeyStore.PrivateKeyEntry) entry;
} catch (Exception e) {
Log.e(TAG, e.getMessage(), e);
return null;
}
}
异常:
KeyStore exception android.os.ServiceSpecificException: (code 7) at android.os.Parcel.createException(Parcel.java:1956) at android.os.Parcel.readException(Parcel.java:1910) at android.os.Parcel.readException(Parcel.java:1860) at android.security.IKeystoreService$Stub$Proxy.get(IKeystoreService.java:786) at android.security.KeyStore.get(KeyStore.java:195) at android.security.keystore.AndroidKeyStoreSpi.engineGetCertificateChain(AndroidKeyStoreSpi.java:118) at java.security.KeyStoreSpi.engineGetEntry(KeyStoreSpi.java:484) at java.security.KeyStore.getEntry(KeyStore.java:1560) at com.phenodev.testenc.KeyStoreHelper.getPrivateKeyEntry(KeyStoreHelper.java:151) at com.phenodev.testenc.KeyStoreHelper.encrypt(KeyStoreHelper.java:173) at com.phenodev.testenc.KeyStoreEncryptor.encrypt(KeyStoreEncryptor.java:19)
请帮忙修复。
终于找到解决办法了。看起来 since Android P (KeyStore.PrivateKeyEntry) keyStore.getEntry("alias", null)
不是获取私钥的正确方法。
我可以通过这种方式访问 private/public 键来摆脱这个警告
KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
keyStore.load(null);
PrivateKey privateKey = (PrivateKey) keyStore.getKey("alias", null);
PublicKey publicKey = keyStore.getCertificate("alias").getPublicKey();
我在从 AndroidKeyStore
我基于 Dr Glass 答案获取密钥的解决方案如下:(aliasKey 是您的别名字符串)
公钥:
val keyStore = KeyStore.getInstance("AndroidKeyStore")
keyStore.load(null)
val asymmetricPublicKey = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
keyStore.getCertificate(aliasKey).publicKey
} else {
val asymmetricKey = keyStore.getEntry(aliasKey, null) as KeyStore.PrivateKeyEntry
asymmetricKey.certificate.publicKey
}
私钥:
val keyStore = KeyStore.getInstance("AndroidKeyStore")
keyStore.load(null)
val asymmetricPrivateKey = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
keyStore.getKey(aliasKey, null) as PrivateKey
} else {
val asymmetricKey = keyStore.getEntry(aliasKey, null) as KeyStore.PrivateKeyEntry
asymmetricKey.privateKey
}
并且使用此代码,我在具有 Android P
的模拟器 and/or 设备中没有任何警告我找到了如何删除警告的解决方案,如果您也能对其进行测试,那就太好了。实际上调用方法的顺序是问题所在。
val privateKey = keyStore.getKey(alias, null)
val publicKey = if (privateKey != null) keyStore.getCertificate(alias).publicKey else null
if (privateKey != null && publicKey != null) {
KeyPair(publicKey, privateKey as PrivateKey)
}
这是调用方法的正确顺序。
当你这样做时:
val privateKey = keyStore.getKey(alias, null)
val certificate = keyStore.getCertificate(alias)
if (privateKey != null && certificate != null) {
KeyPair(certificate.publicKey, privateKey as PrivateKey)
}
您将收到以下警告(因为 keyStore.getCertificate(别名):
KeyStore exception
android.os.ServiceSpecificException: (code 7)
at android.os.Parcel.createException(Parcel.java:2085)
at android.os.Parcel.readException(Parcel.java:2039)
at android.os.Parcel.readException(Parcel.java:1987)
at android.security.keystore.IKeystoreService$Stub$Proxy.get(IKeystoreService.java:978)
at android.security.KeyStore.get(KeyStore.java:236)
at android.security.KeyStore.get(KeyStore.java:225)
at android.security.keystore.AndroidKeyStoreSpi.engineGetCertificate(AndroidKeyStoreSpi.java:160)
at java.security.KeyStore.getCertificate(KeyStore.java:1120)
这意味着没有私钥,您应该先创建并存储一个密钥对然后在密钥库中搜索它。
现在有了 MatPag 的答案应该是这样的:
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
val privateKey = keyStore.getKey(alias, null)
val publicKey = if (privateKey != null) keyStore.getCertificate(alias).publicKey else null
return if (privateKey != null && publicKey != null) {
KeyPair(publicKey, privateKey as PrivateKey)
} else {
null
}
} else {
val asymmetricKey = keyStore.getEntry(alias, null) as KeyStore.PrivateKeyEntry
val privateKey = asymmetricKey.privateKey
val publicKey = if(privateKey != null) asymmetricKey.certificate.publicKey else null
return if(privateKey != null && publicKey != null) {
KeyPair(publicKey, privateKey as PrivateKey)
} else {
null
}
}