android.security.KeyStoreException:使用RSA签名时不兼容的摘要

时间:2017-02-16 10:50:28

标签: android hash rsa android-keystore

当我尝试在我的Android应用程序中签署一个哈希值时,我得到了上面提到的异常。

生成密钥对的代码是:

public static KeyPair generateKeyPair(Context context, String username) throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_RSA, ANDROID_KEY_STORE);
        Calendar start = Calendar.getInstance();
        Calendar end = Calendar.getInstance();
        end.add(Calendar.YEAR, 1);
        AlgorithmParameterSpec parameterSpec;
        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
            parameterSpec = new KeyGenParameterSpec.Builder(MY_KEY_ALIAS, KeyProperties.PURPOSE_SIGN)
                    .setKeySize(KEY_SIZE)
                    .setCertificateSubject(usernameToSubject(username))
                    .setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA1)
                    .setCertificateNotBefore(start.getTime())
                    .setCertificateNotAfter(end.getTime())
                    .setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1)
                    .build();
        } else {
           // Here I build the keys for older versions. This is not part of my problem
        }
        keyPairGenerator.initialize(parameterSpec);
        return keyPairGenerator.generateKeyPair();
    }

稍后我签署了我从外面获得的哈希:

 public static byte[] signHash(byte[] hashToSign) {
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
            keyStore.load(null);
            KeyStore.PrivateKeyEntry keyEntry = (KeyStore.PrivateKeyEntry)keyStore.getEntry(MY_KEY_ALIAS, null);
            PrivateKey privateKey = keyEntry.getPrivateKey();

            DigestAlgorithmIdentifierFinder hashAlgorithmFinder = new DefaultDigestAlgorithmIdentifierFinder();
            AlgorithmIdentifier hashingAlgorithmIdentifier = hashAlgorithmFinder.find(KeyProperties.DIGEST_SHA256);
            DigestInfo digestInfo = new DigestInfo(hashingAlgorithmIdentifier, hashToSign);
            byte[] hashToEncrypt = digestInfo.getEncoded();
            Cipher cipher = Cipher.getInstance("RSA/ECB/Pkcs1Padding");
            cipher.init(Cipher.ENCRYPT_MODE, privateKey); // <= the exception is thrown here
            return cipher.doFinal(hashToEncrypt);
        } catch (Throwable e) {
            Log.e("KeyStoreWrapper", "Error while signing: ", e);
        }
        return "Could not sign the message.".getBytes(StandardCharsets.UTF_16LE);
    }

我得到的错误是:

java.security.InvalidKeyException: Keystore operation failed
 at android.security.KeyStore.getInvalidKeyException(KeyStore.java:1004)
 at android.security.KeyStore.getInvalidKeyException(KeyStore.java:1024)
 at android.security.keystore.KeyStoreCryptoOperationUtils.getInvalidKeyExceptionForInit(KeyStoreCryptoOperationUtils.java:53)
 at android.security.keystore.KeyStoreCryptoOperationUtils.getExceptionForCipherInit(KeyStoreCryptoOperationUtils.java:89)
 at android.security.keystore.AndroidKeyStoreCipherSpiBase.ensureKeystoreOperationInitialized(AndroidKeyStoreCipherSpiBase.java:263)
 at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineInit(AndroidKeyStoreCipherSpiBase.java:108)
 at javax.crypto.Cipher.tryTransformWithProvider(Cipher.java:612)
 at javax.crypto.Cipher.tryCombinations(Cipher.java:532)
 at javax.crypto.Cipher.getSpi(Cipher.java:437)
 at javax.crypto.Cipher.init(Cipher.java:815)
 at javax.crypto.Cipher.init(Cipher.java:774)
 at de.new_frontiers.m2fa.security.KeyStoreWrapper.signHash(KeyStoreWrapper.java:186)
 at de.new_frontiers.m2fa.bluetooth.BluetoothHandler.handleMessage(BluetoothHandler.java:93)
 at android.os.Handler.dispatchMessage(Handler.java:102)
 at android.os.Looper.loop(Looper.java:158)
 at android.app.ActivityThread.main(ActivityThread.java:7229)
 at java.lang.reflect.Method.invoke(Native Method)
 at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1230)
 at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1120)
Caused by: android.security.KeyStoreException: Incompatible digest
 at android.security.KeyStore.getKeyStoreException(KeyStore.java:944)
 at android.security.KeyStore.getInvalidKeyException(KeyStore.java:1024) 
 at android.security.keystore.KeyStoreCryptoOperationUtils.getInvalidKeyExceptionForInit(KeyStoreCryptoOperationUtils.java:53) 
 at android.security.keystore.KeyStoreCryptoOperationUtils.getExceptionForCipherInit(KeyStoreCryptoOperationUtils.java:89) 
 at android.security.keystore.AndroidKeyStoreCipherSpiBase.ensureKeystoreOperationInitialized(AndroidKeyStoreCipherSpiBase.java:263) 
 at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineInit(AndroidKeyStoreCipherSpiBase.java:108) 
 at javax.crypto.Cipher.tryTransformWithProvider(Cipher.java:612) 
 at javax.crypto.Cipher.tryCombinations(Cipher.java:532) 
 at javax.crypto.Cipher.getSpi(Cipher.java:437) 
 at javax.crypto.Cipher.init(Cipher.java:815) 
 at javax.crypto.Cipher.init(Cipher.java:774) 
 at com.mycompany.security.KeyStoreWrapper.signHash(KeyStoreWrapper.java:186) 

android documentation我看到:

  

对于签名和验证操作,必须在中指定摘要   begin的additional_params参数。如果指定的摘要是   不在与密钥关联的摘要中,操作必须失败   使用KM_ERROR_INCOMPATIBLE_DIGEST。

但正如您所见,我使用KeyProperties.DIGEST_SHA256创建了密钥对,并将DigestInfo设置为相同的算法。所以我不明白为什么我得到错误“不兼容的摘要”。任何人都可以对此有所了解吗?

哦,对于任何想知道为什么我不使用Signature.sign()的人:这需要明文签名然后创建一个散列,一个DigestInfo然后用私钥加密它。我已经从外面得到了哈希,这是我无法改变的。

2 个答案:

答案 0 :(得分:3)

使用RSA/ECB/PKCS1Padding的私钥加密可以在Android 18的AndroidKeyStore上获得,因此您应该能够使用收到的哈希执行有效的数字签名。

我想问题是将密钥用法设置为签名而不是加密(这就是你想要的密钥)。试试这个:

parameterSpec = new KeyGenParameterSpec.Builder(MY_KEY_ALIAS, KeyProperties.PURPOSE_ENCRYPT | | KeyProperties.PURPOSE_DECRYPT)
                .setKeySize(KEY_SIZE)
                .setCertificateSubject(usernameToSubject(username))
                .setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA1)
                .setCertificateNotBefore(start.getTime())
                .setCertificateNotAfter(end.getTime())
                .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1)
                .build();

还要检查hashToSign是否为SHA-256(32字节)

答案 1 :(得分:1)

pedrofbs 回答帮助我最终把事情弄清楚了。我已经将关键字的目的更改为我的评论中提及的答案:KeyProperties.PURPOSE_SIGN|KeyProperties.PURPOSE_ENCRYPT|Key‌​Properties.PURPOSE_D‌​ECRYPT,但忘记致电.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1)。所以非常感谢pedrofs发现这个!

不幸的是它仍然没有用。摆弄键上的不同设置我意识到我没有保护我用于测试的设备密码,密码或别的东西。因此,将.setUserAuthenticationRequired(false)添加到KeyGenParameterSpec就可以了。我知道这不安全,必须改变,但目前我只是在做一个概念验证,所以没关系。 : - )

如果其他人偶然发现了这个问题:这是密钥生成的整个工作代码:

 if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
            parameterSpec = new KeyGenParameterSpec.Builder(LOGON_KEY_ALIAS, KeyProperties.PURPOSE_SIGN|KeyProperties.PURPOSE_ENCRYPT|KeyProperties.PURPOSE_DECRYPT)
                    .setKeySize(KEY_SIZE)
                    .setUserAuthenticationRequired(false)
                    .setCertificateSubject(usernameToSubject(username))
                    .setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA1)//, KeyProperties.DIGEST_NONE, KeyProperties.DIGEST_SHA224, KeyProperties.DIGEST_SHA384, KeyProperties.DIGEST_SHA512, KeyProperties.DIGEST_MD5)
                    .setCertificateNotBefore(start.getTime())
                    .setCertificateNotAfter(end.getTime())
                    .setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1)
                    .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1)
                    .build();
        }
相关问题
最新问题