Google Tink 加密库 - 未找到 KeyGenerator AES 实现
Google Tink Crypto library - KeyGenerator AES implementation not found
我 运行 在平板设备 运行 Android KitKat 以及 Lollipop 上的 Samsung Tab-A 上遇到了这个问题。它在 Acer 平板电脑上运行良好 运行 Android M.
这里是失败点:
private KeysetHandle getOrGenerateNewKeysetHandle() throws IOException, GeneralSecurityException {
return new AndroidKeysetManager.Builder()
.withSharedPref(getApplicationContext(), TINK_KEYSET_NAME, TINK_PREF_FILE_NAME)
.withKeyTemplate(AeadKeyTemplates.AES256_GCM) // Failure point
.withMasterKeyUri(ANDROID_KEYSTORE_TINK_MASTER_KEY_URI)
.build()
.getKeysetHandle();
}
然后我在初始化 Tink 时初始化我的 AEAD:
// google\Tink crypto
try {
TinkConfig.register();
aead = AeadFactory.getPrimitive(getOrGenerateNewKeysetHandle());
Log.i(LOG_TAG, "Tink registered.");
} catch (GeneralSecurityException | IOException e) {
e.printStackTrace();
Log.e(LOG_TAG, "Tink failed to register or could not generate a keyset handle.");
Log.e(LOG_TAG, "Tink failed to register: " + e.getMessage());
}
无论哪种方式,Tink 都无法使用以下捕获的消息进行初始化:
10-03 16:10:58.319 com.mycompany.myapp.debug E/MainActivity: Tink failed to register: KeyGenerator AES implementation not found
是否有特定的 KeyTemplate 可以替换以下内容?
AeadKeyTemplates.AES256_GCM
完整堆栈跟踪:
10-03 17:25:45.235 com.mycompany.myapp.debug W/System.err: java.security.NoSuchAlgorithmException: KeyGenerator AES implementation not found
10-03 17:25:45.245 com.mycompany.myapp.debug W/System.err: at org.apache.harmony.security.fortress.Engine.notFound(Engine.java:177)
10-03 17:25:45.255 com.mycompany.myapp.debug W/System.err: at org.apache.harmony.security.fortress.Engine.getInstance(Engine.java:170)
10-03 17:25:45.255 com.mycompany.myapp.debug W/System.err: at javax.crypto.KeyGenerator.getInstance(KeyGenerator.java:163)
10-03 17:25:45.255 com.mycompany.myapp.debug W/System.err: at javax.crypto.KeyGenerator.getInstance(KeyGenerator.java:135)
10-03 17:25:45.255 com.mycompany.myapp.debug W/System.err: at com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient.generateNewAeadKey(AndroidKeystoreKmsClient.java:141)
10-03 17:25:45.265 com.mycompany.myapp.debug W/System.err: at com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient.getOrGenerateNewAeadKey(AndroidKeystoreKmsClient.java:128)
10-03 17:25:45.265 com.mycompany.myapp.debug W/System.err: at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.withMasterKeyUri(AndroidKeysetManager.java:157)
10-03 17:25:45.265 com.mycompany.myapp.debug W/System.err: at com.mycompany.myapp.MainActivity.getOrGenerateNewKeysetHandle(MainActivity.java:2520)
10-03 17:25:45.265 com.mycompany.myapp.debug W/System.err: at com.mycompany.myapp.MainActivity.initializeRequiredAppComponents(MainActivity.java:2554)
10-03 17:25:45.265 com.mycompany.myapp.debug W/System.err: at com.mycompany.myapp.MainActivity.onCreate(MainActivity.java:230)
10-03 17:25:45.275 com.mycompany.myapp.debug W/System.err: at android.app.Activity.performCreate(Activity.java:5231)
10-03 17:25:45.275 com.mycompany.myapp.debug W/System.err: at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1087)
10-03 17:25:45.275 com.mycompany.myapp.debug W/System.err: at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2159)
10-03 17:25:45.275 com.mycompany.myapp.debug W/System.err: at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2245)
10-03 17:25:45.275 com.mycompany.myapp.debug W/System.err: at android.app.ActivityThread.access0(ActivityThread.java:135)
10-03 17:25:45.285 com.mycompany.myapp.debug W/System.err: at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1196)
10-03 17:25:45.285 com.mycompany.myapp.debug W/System.err: at android.os.Handler.dispatchMessage(Handler.java:102)
10-03 17:25:45.285 com.mycompany.myapp.debug W/System.err: at android.os.Looper.loop(Looper.java:136)
10-03 17:25:45.285 com.mycompany.myapp.debug W/System.err: at android.app.ActivityThread.main(ActivityThread.java:5017)
10-03 17:25:45.285 com.mycompany.myapp.debug W/System.err: at java.lang.reflect.Method.invokeNative(Native Method)
10-03 17:25:45.295 com.mycompany.myapp.debug W/System.err: at java.lang.reflect.Method.invoke(Method.java:515)
10-03 17:25:45.295 com.mycompany.myapp.debug W/System.err: at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:779)
10-03 17:25:45.295 com.mycompany.myapp.debug W/System.err: at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:595)
10-03 17:25:45.295 com.mycompany.myapp.debug W/System.err: at dalvik.system.NativeStart.main(Native Method)
10-03 17:25:45.295 com.mycompany.myapp.debug E/MainActivity: GeneralSecurityException - Tink failed to register or could not generate a keyset handle: KeyGenerator AES implementation not found
10-03 17:25:45.295 com.mycompany.myapp.debug E/MainActivity: isMDMAPISupported: Exception ignored
当 运行 解决 Tink v1.2.0 上的问题时,下面的 作为临时解决方法。对于 23 以下的 Android SDK,我们在构建 keysetManager 时跳过使用 Keystore。
但是,这应该不再是 Tink v1.2.1(发布时)的问题,因为我已经测试了最新的 HEAD-SNAPSHOT 并且没有遇到崩溃。
private KeysetHandle getOrGenerateNewKeysetHandle() throws IOException, GeneralSecurityException {
AndroidKeysetManager.Builder keysetManagerBuilder = new AndroidKeysetManager.Builder()
.withSharedPref(getApplicationContext(), TINK_KEYSET_NAME, TINK_PREF_FILE_NAME)
.withKeyTemplate(AeadKeyTemplates.AES256_GCM);
if (Build.VERSION.SDK_INT >= 23) {
keysetManagerBuilder.withMasterKeyUri(ANDROID_KEYSTORE_TINK_MASTER_KEY_URI);
} else {
keysetManagerBuilder.doNotUseKeystore();
}
return keysetManagerBuilder.build().getKeysetHandle();
}
我 运行 在平板设备 运行 Android KitKat 以及 Lollipop 上的 Samsung Tab-A 上遇到了这个问题。它在 Acer 平板电脑上运行良好 运行 Android M.
这里是失败点:
private KeysetHandle getOrGenerateNewKeysetHandle() throws IOException, GeneralSecurityException {
return new AndroidKeysetManager.Builder()
.withSharedPref(getApplicationContext(), TINK_KEYSET_NAME, TINK_PREF_FILE_NAME)
.withKeyTemplate(AeadKeyTemplates.AES256_GCM) // Failure point
.withMasterKeyUri(ANDROID_KEYSTORE_TINK_MASTER_KEY_URI)
.build()
.getKeysetHandle();
}
然后我在初始化 Tink 时初始化我的 AEAD:
// google\Tink crypto
try {
TinkConfig.register();
aead = AeadFactory.getPrimitive(getOrGenerateNewKeysetHandle());
Log.i(LOG_TAG, "Tink registered.");
} catch (GeneralSecurityException | IOException e) {
e.printStackTrace();
Log.e(LOG_TAG, "Tink failed to register or could not generate a keyset handle.");
Log.e(LOG_TAG, "Tink failed to register: " + e.getMessage());
}
无论哪种方式,Tink 都无法使用以下捕获的消息进行初始化:
10-03 16:10:58.319 com.mycompany.myapp.debug E/MainActivity: Tink failed to register: KeyGenerator AES implementation not found
是否有特定的 KeyTemplate 可以替换以下内容?
AeadKeyTemplates.AES256_GCM
完整堆栈跟踪:
10-03 17:25:45.235 com.mycompany.myapp.debug W/System.err: java.security.NoSuchAlgorithmException: KeyGenerator AES implementation not found
10-03 17:25:45.245 com.mycompany.myapp.debug W/System.err: at org.apache.harmony.security.fortress.Engine.notFound(Engine.java:177)
10-03 17:25:45.255 com.mycompany.myapp.debug W/System.err: at org.apache.harmony.security.fortress.Engine.getInstance(Engine.java:170)
10-03 17:25:45.255 com.mycompany.myapp.debug W/System.err: at javax.crypto.KeyGenerator.getInstance(KeyGenerator.java:163)
10-03 17:25:45.255 com.mycompany.myapp.debug W/System.err: at javax.crypto.KeyGenerator.getInstance(KeyGenerator.java:135)
10-03 17:25:45.255 com.mycompany.myapp.debug W/System.err: at com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient.generateNewAeadKey(AndroidKeystoreKmsClient.java:141)
10-03 17:25:45.265 com.mycompany.myapp.debug W/System.err: at com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient.getOrGenerateNewAeadKey(AndroidKeystoreKmsClient.java:128)
10-03 17:25:45.265 com.mycompany.myapp.debug W/System.err: at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.withMasterKeyUri(AndroidKeysetManager.java:157)
10-03 17:25:45.265 com.mycompany.myapp.debug W/System.err: at com.mycompany.myapp.MainActivity.getOrGenerateNewKeysetHandle(MainActivity.java:2520)
10-03 17:25:45.265 com.mycompany.myapp.debug W/System.err: at com.mycompany.myapp.MainActivity.initializeRequiredAppComponents(MainActivity.java:2554)
10-03 17:25:45.265 com.mycompany.myapp.debug W/System.err: at com.mycompany.myapp.MainActivity.onCreate(MainActivity.java:230)
10-03 17:25:45.275 com.mycompany.myapp.debug W/System.err: at android.app.Activity.performCreate(Activity.java:5231)
10-03 17:25:45.275 com.mycompany.myapp.debug W/System.err: at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1087)
10-03 17:25:45.275 com.mycompany.myapp.debug W/System.err: at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2159)
10-03 17:25:45.275 com.mycompany.myapp.debug W/System.err: at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2245)
10-03 17:25:45.275 com.mycompany.myapp.debug W/System.err: at android.app.ActivityThread.access0(ActivityThread.java:135)
10-03 17:25:45.285 com.mycompany.myapp.debug W/System.err: at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1196)
10-03 17:25:45.285 com.mycompany.myapp.debug W/System.err: at android.os.Handler.dispatchMessage(Handler.java:102)
10-03 17:25:45.285 com.mycompany.myapp.debug W/System.err: at android.os.Looper.loop(Looper.java:136)
10-03 17:25:45.285 com.mycompany.myapp.debug W/System.err: at android.app.ActivityThread.main(ActivityThread.java:5017)
10-03 17:25:45.285 com.mycompany.myapp.debug W/System.err: at java.lang.reflect.Method.invokeNative(Native Method)
10-03 17:25:45.295 com.mycompany.myapp.debug W/System.err: at java.lang.reflect.Method.invoke(Method.java:515)
10-03 17:25:45.295 com.mycompany.myapp.debug W/System.err: at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:779)
10-03 17:25:45.295 com.mycompany.myapp.debug W/System.err: at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:595)
10-03 17:25:45.295 com.mycompany.myapp.debug W/System.err: at dalvik.system.NativeStart.main(Native Method)
10-03 17:25:45.295 com.mycompany.myapp.debug E/MainActivity: GeneralSecurityException - Tink failed to register or could not generate a keyset handle: KeyGenerator AES implementation not found
10-03 17:25:45.295 com.mycompany.myapp.debug E/MainActivity: isMDMAPISupported: Exception ignored
当 运行 解决 Tink v1.2.0 上的问题时,下面的 作为临时解决方法。对于 23 以下的 Android SDK,我们在构建 keysetManager 时跳过使用 Keystore。
但是,这应该不再是 Tink v1.2.1(发布时)的问题,因为我已经测试了最新的 HEAD-SNAPSHOT 并且没有遇到崩溃。
private KeysetHandle getOrGenerateNewKeysetHandle() throws IOException, GeneralSecurityException {
AndroidKeysetManager.Builder keysetManagerBuilder = new AndroidKeysetManager.Builder()
.withSharedPref(getApplicationContext(), TINK_KEYSET_NAME, TINK_PREF_FILE_NAME)
.withKeyTemplate(AeadKeyTemplates.AES256_GCM);
if (Build.VERSION.SDK_INT >= 23) {
keysetManagerBuilder.withMasterKeyUri(ANDROID_KEYSTORE_TINK_MASTER_KEY_URI);
} else {
keysetManagerBuilder.doNotUseKeystore();
}
return keysetManagerBuilder.build().getKeysetHandle();
}