AndroidKeyStore无法生成证书

时间:2018-05-25 08:53:03

标签: java android security provider android-keystore

我一直在努力解决有关AndroidKeyStore的问题。我的应用似乎没有获得Android签名算法的NONEwithRSA原生提供商。这是代码参考:

Calendar startDate = Calendar.getInstance();
Calendar endDate = Calendar.getInstance();
endDate.add(Calendar.YEAR, 30);

KeyPairGeneratorSpec keyPairGeneratorSpec = new KeyPairGeneratorSpec.Builder(context)
                        .setAlias("aliasName")
                        .setSubject(new X500Principal("CN=aliasName"))
                        .setSerialNumber(BigInteger.TEN)
                        .setStartDate(startDate.getTime())
                        .setEndDate(endDate.getTime())
                        .build();

KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
keyPairGenerator.initialize(keyPairGeneratorSpec);
keyPairGenerator.generateKeyPair();

调用generateKeyPair()后,我得到了以下异常堆栈跟踪。

Caused by: java.security.SignatureException: java.security.ProviderException: No provider for NONEwithRSA
    at com.google.android.gms.org.conscrypt.OpenSSLSignature.engineSign(:com.google.android.gms@12673012@12.6.73 (020408-194189626):6)
    at java.security.Signature$SignatureImpl.engineSign(Signature.java:672)
    at java.security.Signature.sign(Signature.java:381)
    at com.android.org.bouncycastle.x509.X509Util.calculateSignature(X509Util.java:248)
    at com.android.org.bouncycastle.x509.X509V3CertificateGenerator.generate(X509V3CertificateGenerator.java:434)
    at com.android.org.bouncycastle.x509.X509V3CertificateGenerator.generate(X509V3CertificateGenerator.java:412)
    at android.security.AndroidKeyPairGenerator.generateKeyPair(AndroidKeyPairGenerator.java:133)
    ... 26 more
Caused by: java.security.ProviderException: No provider for NONEwithRSA
    at java.security.Signature$SignatureImpl.getSpi(Signature.java:734)
    at java.security.Signature$SignatureImpl.engineInitSign(Signature.java:692)
    at java.security.Signature.initSign(Signature.java:343)
    at com.google.android.gms.org.conscrypt.CryptoUpcalls.rawSignDigestWithPrivateKey(:com.google.android.gms@12673012@12.6.73 (020408-194189626):11)
    at com.google.android.gms.org.conscrypt.NativeCrypto.EVP_DigestSignFinal(Native Method)
    at com.google.android.gms.org.conscrypt.OpenSSLSignature.engineSign(:com.google.android.gms@12673012@12.6.73 (020408-194189626):2)
    ... 32 more

找不到与我的问题相关的解决方案。有没有人知道如何解决这个问题?

1 个答案:

答案 0 :(得分:0)

您可以用
替换该行 KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");

因为它在日志中显示NONEwithRSA没有提供者

<强>更新

您可以尝试以下代码在Androidkeystore中生成密钥对,Android版本应该大于18 

KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
           // generator.initialize(spec);
            generator.initialize(new KeyGenParameterSpec.Builder(
                    alias ,
                    KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY)
                    .setDigests(KeyProperties.DIGEST_SHA256,
                            KeyProperties.DIGEST_SHA512)
                    .setCertificateSubject(new X500Principal("CN=aliasName" ))
                    .setCertificateNotBefore(start.getTime())
                    .setCertificateNotAfter(end.getTime())
                    .setCertificateSerialNumber(BigInteger.ONE)
                    .setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1)
                    .build());
            KeyPair keyPair = generator.generateKeyPair();
相关问题
最新问题