尝试为某些设备生成密钥时出错。我能够在运行4.4.2的三星Galaxy Note上重现错误。
java.lang.IllegalStateException: could not generate key in keystore
at android.security.AndroidKeyPairGenerator.generateKeyPair(AndroidKeyPairGenerator.java:100)
at java.security.KeyPairGenerator$KeyPairGeneratorImpl.generateKeyPair(KeyPairGenerator.java:275)
at com.eric.demo.MainActivity.generateKeyPair(MainActivity.java:65)
at com.eric.demo.MainActivity.onClickButton(MainActivity.java:43)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:515)
at android.view.View$1.onClick(View.java:3964)
at android.view.View.performClick(View.java:4640)
at android.view.View$PerformClick.run(View.java:19421)
at android.os.Handler.handleCallback(Handler.java:733)
at android.os.Handler.dispatchMessage(Handler.java:95)
at android.os.Looper.loop(Looper.java:136)
at android.app.ActivityThread.main(ActivityThread.java:5476)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:515)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1268)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1084)
at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:132)
at dalvik.system.NativeStart.main(Native Method)
我创建了一个小型应用,只通过在“生成新私钥”下的Android开发者页面https://developer.android.com/training/articles/keystore.html中逐行复制代码来生成密钥。
public void onClickButton (View view) {
try {
generateKeyPair(this, "test3");
} catch (Exception e){
Log.wtf("exception", e);
}
}
private void generateKeyPair(Context context, String alias)
throws Exception {
Calendar cal = Calendar.getInstance();
Date now = cal.getTime();
cal.add(Calendar.YEAR, 1);
Date end = cal.getTime();
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
kpg.initialize(new KeyPairGeneratorSpec.Builder(getApplicationContext())
.setAlias(alias)
.setStartDate(now)
.setEndDate(end)
.setSerialNumber(BigInteger.valueOf(1))
.setSubject(new X500Principal("CN=test3"))
.build());
KeyPair kp = kpg.generateKeyPair();
}
错误似乎发生在AndroidKeyPairGenerator.java中的kpg.generateKeyPair()中:
if (!mKeyStore.generate(privateKeyAlias, KeyStore.UID_SELF, keyType,
mSpec.getKeySize(), mSpec.getFlags(), args)) {
throw new IllegalStateException("could not generate key in keystore");
}
并在KeyStore.java中:
public boolean generate(String key, int uid, int keyType, int keySize, int flags,
byte[][] args) {
try {
return mBinder.generate(key, uid, keyType, keySize, flags, args) == NO_ERROR;
} catch (RemoteException e) {
Log.w(TAG, "Cannot connect to keystore", e);
return false;
}
}
mBinder.generate()调用似乎返回2表示密钥库被锁定了?
// ResponseCodes
public static final int NO_ERROR = 1;
public static final int LOCKED = 2;
public static final int UNINITIALIZED = 3;
public static final int SYSTEM_ERROR = 4;
public static final int PROTOCOL_ERROR = 5;
public static final int PERMISSION_DENIED = 6;
public static final int KEY_NOT_FOUND = 7;
public static final int VALUE_CORRUPTED = 8;
public static final int UNDEFINED_ACTION = 9;
public static final int WRONG_PASSWORD = 10;
我尝试过的一些事情以及以下各项的组合:
1.需要设置加密。结果是另一个错误:“如果需要加密,Android密钥库必须处于初始化和解锁状态”
2.设置锁定屏幕(图案,PIN,无,密码,滑动)。相同的行为
3.以编程方式尝试使用startActivity(new Intent("com.android.credentials.UNLOCK"));或startActivity(new Intent("com.android.credentials.RESET"));解锁或重置凭据存储。尝试解锁会显示“输入凭据存储密码”消息,其中没有合理的密码可用,甚至清除凭据也不会没帮忙。
答案 0 :(得分:2)
虽然我不知道完整的答案,但我可以帮助您继续搜索。 mBinder另一侧的绑定器实现是native keystore。如果我完全记得,它的行为是:1)支持软件级别的关键操作,或者2)委托给OEM提供的密钥管理库(可能)与OEM的硬件支持接口密钥库。有关此here,here和here的更多信息。
注意:我放弃了将外部链接内容提取到答案中的正常政策,因为我将您链接到三篇全部> 1页的文章,似乎发表一个6页的答案有点荒谬;-)
答案 1 :(得分:2)
public class EncryptionApi18AndAbove{
private Context context;
private KeyStore keyStore;
private static String alias = "alias";
public EncryptionApi18AndAbove(Context context) {
this.context = context;
try {
keyStore = KeyStore.getInstance("AndroidKeyStore");
keyStore.load(null);
} catch (Exception e) {
// bla bla
}
}
private String createNewKeys(String alias, Context context) {
try {
if (!keyStore.containsAlias(alias)) {
Calendar start = Calendar.getInstance();
Calendar end = Calendar.getInstance();
end.add(Calendar.YEAR, 1);
KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(context)
.setAlias(alias)
.setSubject(new X500Principal("CN=Sample Name, O=Android Authority"))
.setSerialNumber(BigInteger.ONE)
.setStartDate(start.getTime())
.setEndDate(end.getTime())
.build();
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
generator.initialize(spec);
generator.initialize(spec);
generator.generateKeyPair();
}
} catch (Exception e) {
//bla bla
}
return alias;
}
@Override
public String encrypt(String text) {
if (text == null || text.length() == 0) {
return text;
}
try {
KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(createNewKeys(alias, context), null);
PublicKey publicKey = privateKeyEntry.getCertificate().getPublicKey();
Cipher inCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
inCipher.init(Cipher.ENCRYPT_MODE, publicKey);
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
CipherOutputStream cipherOutputStream = new CipherOutputStream(
outputStream, inCipher);
cipherOutputStream.write(text.getBytes("UTF-8"));
cipherOutputStream.close();
return Base64.encodeToString(outputStream.toByteArray(), Base64.DEFAULT);
} catch (Exception e) {
//bla bla
}
return text;
}
@Override
public String decrypt(String text) {
if (text == null || text.length() == 0) {
return text;
}
try {
KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(createNewKeys(alias, context), null);
PrivateKey privateKey = privateKeyEntry.getPrivateKey();
Cipher output = Cipher.getInstance("RSA/ECB/PKCS1Padding");
output.init(Cipher.DECRYPT_MODE, privateKey);
CipherInputStream cipherInputStream = new CipherInputStream(
new ByteArrayInputStream(Base64.decode(text, Base64.DEFAULT)), output);
ArrayList<Byte> values = new ArrayList<>();
int nextByte;
while ((nextByte = cipherInputStream.read()) != -1) {
values.add((byte) nextByte);
}
byte[] bytes = new byte[values.size()];
for (int i = 0; i < bytes.length; i++) {
bytes[i] = values.get(i).byteValue();
}
return new String(bytes, 0, bytes.length, "UTF-8");
} catch (Exception e) {
// bla bla
}
return text;
}
}
您可以使用此课程。这适用于SDK 18及更高版本。您可以创建Android密钥库密钥,解密和加密简单文本。
答案 2 :(得分:0)
如果您的代码没问题,请记住您需要为您的设备设置PIN / PW /指纹(安全解锁),以便密钥库开始运行。如果您尝试生成密钥对,则简单的滑动就会出现此错误。
答案 3 :(得分:-4)
我认为这是正确的方向: 右键单击项目&gt; Android工具&gt;导出签名的应用程序包 出现“导出Android应用程序”向导。 选择我要导出的项目,单击“下一步”。 将出现密钥库选择屏幕。