Uda*_*day 25 encryption android cryptography rsa android-keystore
我正在尝试使用KeyStore在应用程序中加密和解密用户名,
使用KeyPairGeneratorSpec在旧版本中创建密钥,如18到22,
KeyPairGeneratorSpec如被depricated android的M的23版本,但版本的Android M支持KeyGenParameterSpec.
此KeyGenParameterSpec是否支持向后兼容性或如何执行此操作?
我尝试了这样的事情,有没有更好的解决方案.现在工作正常!
在加密和解密的Ciper.getInstance时我需要这样做.是否有任何单个参数"RSA/ECB/OAEPWithSHA-256AndMGF1Padding"或"RSA/ECB/PKCS1Padding"我可以通过这两个版本?
if(android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.M){
c = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
}else{
c = Cipher.getInstance("RSA/ECB/PKCS1Padding");
}
下面的代码现在工作正常,让我知道如何改善这一点.
密钥生成器:
genkey(){
KeyPairGenerator generator = KeyPairGenerator .getInstance(KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore");
if(android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.M){
TCLog.e(TAG,"Current version is 23(MashMello)");
//Api level 23
KeyGenParameterSpec spec = new KeyGenParameterSpec.Builder(
keyName,
KeyProperties.PURPOSE_DECRYPT | KeyProperties.PURPOSE_ENCRYPT )
.setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_OAEP)
.build();
generator.initialize(spec);
}else{
TCLog.e(TAG,"Current version is < 23(MashMello)");
//api level 17+ 4.4.3
KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(getActivity())
.setAlias(keyName)
.setSubject(new X500Principal("CN=Sample Name, O=Android Authority"))
.setSerialNumber(BigInteger.ONE)
.setStartDate(start.getTime())
.setEndDate(end.getTime())
.build();
generator.initialize(spec);
}
KeyPair keyPair = generator.generateKeyPair();
}
加密代码:
doEncription(){
try {
KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) ks.getEntry(keyName, null);
PublicKey publicKey = (PublicKey) privateKeyEntry.getCertificate().getPublicKey();
Cipher c;
if(android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.M){
c = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
}else{
c = Cipher.getInstance("RSA/ECB/PKCS1Padding");
}
c.init(Cipher.ENCRYPT_MODE, publicKey);
encodedUser = c.doFinal(userName.getBytes());
encodedPassword = c.doFinal(userPassword.getBytes());
userName = Base64.encodeToString(encodedUser, Base64.DEFAULT);
userPassword = Base64.encodeToString(encodedPassword, Base64.DEFAULT);
// Log.e("MainActivity","AES Encription Error.!");
} catch (Exception e) {
Log.e("MainActivity", "AES Encription Error.!");
}
}
解密代码:
doDecryption(){
try {
KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) ks.getEntry(keyName, null);
PrivateKey privateKey = (PrivateKey) privateKeyEntry.getPrivateKey();
Cipher c;
if(android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.M){
c = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
}else{
c = Cipher.getInstance("RSA/ECB/PKCS1Padding");
}
c.init(Cipher.DECRYPT_MODE, privateKey);
decodedUser = c.doFinal(encodedUser);
decodedPassword = c.doFinal(encodedPassword);
} catch (Exception e) {
Log.e("MainActivity", "AES Decryption Error.!");
}
}
小智 5
密码变换取决于您为KeyGenParameterSpec或提供的参数KeyPairGeneratorSpec。"RSA/ECB/PKCS1Padding"如果您想在两种情况下使用(Android M及以下),请更改
spec.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_OAEP)
到
spec.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1)
您可以使用以下代码检查哪些算法可用:
Provider[] providers = Security.getProviders();
for (Provider p : providers) {
Log.d(TAG, "provider: " + p.getName());
Set<Provider.Service> services = p.getServices();
for (Provider.Service s : services) {
Log.d(TAG, "--> algorithm: " + s.getAlgorithm());
}
}
我通过声明一个接口 IKeyStoreHandler 来避免编写大量 if-else,该接口提供所有必要的方法(添加/删除密钥、按别名列出所有密钥、获取私钥/公钥、解密/加密文本)并针对这两种情况实现它。
| 归档时间: |
|
| 查看次数: |
5642 次 |
| 最近记录: |