Android P - KeyStore异常android.os.ServiceSpecificException

Question

Android P - KeyStore异常android.os.ServiceSpecificException

phn*_*mnn 26 java android keystore android-keystore

如果我在Android P上运行此代码,我会收到以下异常:

private static KeyStore.PrivateKeyEntry getPrivateKeyEntry(String alias) {
        try {
            KeyStore ks = KeyStore
                    .getInstance(SecurityConstants.KEYSTORE_PROVIDER_ANDROID_KEYSTORE);
            ks.load(null);
            KeyStore.Entry entry = ks.getEntry(alias, null);

            if (entry == null) {
                Log.w(TAG, "No key found under alias: " + alias);
                Log.w(TAG, "Exiting signData()...");
                return null;
            }

            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                Log.w(TAG, "Not an instance of a PrivateKeyEntry");
                Log.w(TAG, "Exiting signData()...");
                return null;
            }
            return (KeyStore.PrivateKeyEntry) entry;
        } catch (Exception e) {
            Log.e(TAG, e.getMessage(), e);
            return null;
        }
    }

Run Code Online (Sandbox Code Playgroud)

例外:

在android.os.Parcel.readException的android.os.Parcel.readException(Parcel.java:1910)的android.os.Parcel.createException(Parcel.java:1956)上的KeyStore异常android.os.ServiceSpecificException :(代码7) (Parcel.java:1860)位于android.security.keynd.KandStoreStoreSpi的android.security.IKeystoreService $ Stub $ Proxy.get(IKeystoreService.java:786)android.security.KeyStore.get(KeyStore.java:195). engineGetCertificateChain(AndroidKeyStoreSpi.java:118)at java.security.KeyStoreSpi.engineGetEntry(KeyStoreSpi.java:484)at java.security.KeyStore.getEntry(KeyStore.java:1560)at com.phenodev.testenc.KeyStoreHelper.getPrivateKeyEntry(KeyStoreHelper) .java:151)com.phenodev.testenc.KeyStoreHelper.encrypt(KeyStoreHelper.java:173)at com.phenodev.testenc.KeyStoreEncryptor.encrypt(KeyStoreEncryptor.java:19)

请帮忙解决它.

Answer 1

Dr *_*ass 39

最后我找到了解决方案.看起来好像因为Android P (KeyStore.PrivateKeyEntry) keyStore.getEntry("alias", null)不是获取私钥的正确方法.

通过这种方式访问私钥/公钥,我能够摆脱这个警告

KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
keyStore.load(null);

PrivateKey privateKey = (PrivateKey) keyStore.getKey("alias", null);
PublicKey publicKey = keyStore.getCertificate("alias").getPublicKey();

Run Code Online (Sandbox Code Playgroud)

尽管我目前正在以这种方式提取密钥，但是在使用API 29的仿真器中，我第一次尝试获取密钥时（仍然是第一次）仍收到警告。如果我终止了该过程并再次启动该应用程序，则警告消失了。 (8认同)
只是为了清楚起见，我在API级别21上对其进行了测试（以查看是否需要在API版本上使用不同的逻辑条件），但它似乎也可以正常工作。 (2认同)
至少在Android Q beta 2上，它无法解决问题。 (2认同)

Answer 2

Mat*_*Pag 7

I had the same problem retrieving an asymmetricKey from AndroidKeyStore

My solution based on Dr Glass answer to get keys is the following: (aliasKey is your alias string)

PublicKey:

val keyStore = KeyStore.getInstance("AndroidKeyStore")
keyStore.load(null)

val asymmetricPublicKey = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
    keyStore.getCertificate(aliasKey).publicKey
} else {
    val asymmetricKey = keyStore.getEntry(aliasKey, null) as KeyStore.PrivateKeyEntry
    asymmetricKey.certificate.publicKey
}

Run Code Online (Sandbox Code Playgroud)

PrivateKey:

val keyStore = KeyStore.getInstance("AndroidKeyStore")
keyStore.load(null)

val asymmetricPrivateKey = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
    keyStore.getKey(aliasKey, null) as PrivateKey
} else {
    val asymmetricKey = keyStore.getEntry(aliasKey, null) as KeyStore.PrivateKeyEntry
    asymmetricKey.privateKey
}

Run Code Online (Sandbox Code Playgroud)

and with this code I have no warning in the emulator and/or device with Android P

归档时间：	7 年，3 月前
查看次数：	8026 次
最近记录：	6 年前