Android密钥库 - 无效密钥异常 - 首选提供商不支持密钥(仅限ON EMULATOR)

时间:2018-06-08 03:10:18

标签: java android security keystore provider

我已经在conscrypt github页面(here)上发布了这个问题,但在我放弃之前我想我会在这里发帖。

背景摘要

我的应用从我们的服务器下载了一个启用了双向身份验证的文件。我使用以下代码生成密钥对。当我在我的实际平板电脑上测试时,我的代码正常工作(api 24上的三星Galaxy Tab S2)。但是,到目前为止,我无法在任何模拟器上工作(api 24,25和26)。该应用程序崩溃,下面的例外情况(底部列出的完整日志)

...android.security.KeyStore.getKeyStoreException(KeyStore.java:666)
    W/System.err:   ... 41 more
    W/System.err: Could not find provider for algorithm: NONEwithRSA

我的密钥对生成代码:

try {
      KeyGenParameterSpec spec = new KeyGenParameterSpec.Builder(
        alias,
        KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_DECRYPT | KeyProperties.PURPOSE_VERIFY )
        .setKeySize(keySize)
        .setSignaturePaddings(SIGNATURE_PADDING_RSA_PKCS1)
        .setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512)
        .setCertificateSubject(new X500Principal("CN=" + alias))
        .build();
      KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
      keyGen.initialize(spec);
      return keyGen.generateKeyPair();
    } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidAlgorithmParameterException e) {
      return null;
    }

崩溃日志中的错误表明找不到算法的提供者" NONEwithRSA"。但是我在模拟器和平板电脑上运行了以下代码,结果如下:

for (Provider provider : Security.getProviders())
        for (Provider.Service service : provider.getServices())
          if (service.getType().equals("Signature") && service.getAlgorithm().equals("NONEwithRSA"))
            algorithms.add(service.getAlgorithm());...

模拟器和平板电脑包含Signature.NONEwithRSA的提供商的结果:

提供商 = OpenSSLProvider

服务 = AndroidOpenSSL:Signature.NONEwithRSA - > com.android.org.conscrypt.OpenSSLSignatureRawRSA属性:{SupportedKeyClasses = com.android.org.conscrypt.OpenSSLRSAPrivateKey | java.security.interfaces.RSAPrivateKey | com.android.org.conscrypt.OpenSSLRSAPublicKey | java.security.interfaces.RSAPublicKey}

提供商 = AndroidKeyStoreBCWorkaroundProvider

服务 = AndroidKeyStoreBCWorkaround:Signature.NONEwithRSA - > android.security.keystore.AndroidKeyStoreRSASignatureSpi $ NONEWithPKCS1Padding attributes:{SupportedKeyClasses = android.security.keystore.AndroidKeyStorePrivateKey | android.security.keystore.AndroidKeyStorePublicKey}

据此,有一个提供商存在 OpenSSLProvide r,其中包含 NONEwithRSA 签名算法...所以我不明白为什么会崩溃使用Could not find provider for algorithm: NONEwithRSA...,为什么只能在模拟器上使用。

我收到了Conscrypt页面上某人的回复,说明了以下内容:

  

看起来这是一个问题,因为Android Keystore正在抛出   可能是因为某种原因试图使用密钥时的异常   与实际设备具有安全硬件支持密钥的事实有关   存储和模拟器没有足够准确地模拟   对于Keystore的需求。

     

不幸的是,Android N已经发货很久了,所以我们并不多   可以做到改变平台的行为。你最好的选择是使用   来自Google Play服务的ProviderInstaller获取现代版本   加密到你的应用程序,这应该有希望解决这个问题   远。看到   https://developers.google.com/android/reference/com/google/android/gms/security/ProviderInstaller

在我问他们之前我没有使用Oreo(api 26)在模拟器上进行测试,所以我测试了它并且仍然看到了相同的问题。我还测试了他推荐的内容,并且无法解决问题。我回复了,但没有得到回复。

我做错了什么或这只是模拟器的问题bc它没有正确模拟密钥库?还有其他的解决方法吗?

崩溃日志:

javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x8c026640: Failure in SSL library, usually a protocol error
error:04000044:RSA routines:OPENSSL_internal:internal error (external/conscrypt/src/main/native/org_conscrypt_NativeCrypto.cpp:1958 0x995ce266:0x00000000)

SSL handshake aborted: ssl=0x8af34480: Failure in SSL library, usually a protocol error
error:04000044:RSA routines:OPENSSL_internal:internal error (external/conscrypt/src/main/native/org_conscrypt_NativeCrypto.cpp:1958 0x995ce266:0x00000000)

W/System.err: Preferred provider doesn't support key:
W/System.err: java.security.InvalidKeyException: Keystore operation failed
W/System.err:     at android.security.KeyStore.getInvalidKeyException(KeyStore.java:727)
W/System.err:     at android.security.KeyStore.getInvalidKeyException(KeyStore.java:748)
W/System.err:     at android.security.keystore.KeyStoreCryptoOperationUtils.getInvalidKeyExceptionForInit(KeyStoreCryptoOperationUtils.java:54)
W/System.err:     at android.security.keystore.AndroidKeyStoreSignatureSpiBase.ensureKeystoreOperationInitialized(AndroidKeyStoreSignatureSpiBase.java:219)
W/System.err:     at android.security.keystore.AndroidKeyStoreSignatureSpiBase.engineInitSign(AndroidKeyStoreSignatureSpiBase.java:99)
W/System.err:     at android.security.keystore.AndroidKeyStoreSignatureSpiBase.engineInitSign(AndroidKeyStoreSignatureSpiBase.java:77)
W/System.err:     at java.security.Signature$Delegate.init(Signature.java:1208)
W/System.err:     at java.security.Signature$Delegate.chooseProvider(Signature.java:1167)
W/System.err:     at java.security.Signature$Delegate.engineInitSign(Signature.java:1232)
W/System.err:     at java.security.Signature.initSign(Signature.java:607)
W/System.err:     at com.android.org.conscrypt.CryptoUpcalls.rawSignDigestWithPrivateKey(CryptoUpcalls.java:86)
W/System.err:     at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)
W/System.err:     at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:281)
W/System.err:     at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:251)
W/System.err:     at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:151)
W/System.err:     at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:192)
W/System.err:     at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:121)
W/System.err:     at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:100)
W/System.err:     at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42)
W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
W/System.err:     at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93)
W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
W/System.err:     at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
W/System.err:     at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:120)
W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
W/System.err:     at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:185)
W/System.err:     at okhttp3.RealCall.execute(RealCall.java:69)
W/System.err:     at retrofit2.OkHttpCall.execute(OkHttpCall.java:180)
W/System.err:     at retrofit2.ExecutorCallAdapterFactory$ExecutorCallbackCall.execute(ExecutorCallAdapterFactory.java:91)
W/System.err:     at com.saic.refmanone.models.RetrofitFileDownloadService.downloadFile(RetrofitFileDownloadService.java:239)
W/System.err:     at com.saic.refmanone.models.WebBundlerUpdateService.getUpdatesForBook(WebBundlerUpdateService.java:56)
W/System.err:     at com.saic.refmanone.models.FetchBookUpdatesUtility.fetchAllBookUpdates(FetchBookUpdatesUtility.java:36)
W/System.err:     at com.saic.refmanone.models.FetchBookUpdatesIntentService.onHandleIntent(FetchBookUpdatesIntentService.java:91)
W/System.err:     at android.app.IntentService$ServiceHandler.handleMessage(IntentService.java:68)
W/System.err:     at android.os.Handler.dispatchMessage(Handler.java:102)
W/System.err:     at android.os.Looper.loop(Looper.java:154)
W/System.err:     at android.os.HandlerThread.run(HandlerThread.java:61)
W/System.err: Caused by: android.security.KeyStoreException: Incompatible digest
W/System.err:     at android.security.KeyStore.getKeyStoreException(KeyStore.java:666)
W/System.err:   ... 41 more
W/System.err: Could not find provider for algorithm: NONEwithRSA

0 个答案:

没有答案