在我的android应用中,我想将秘密密钥存储在android密钥存储区中。但是当我在密码初始化中使用java.security.InvalidAlgorithmParameterException: Unsupported MGF1 digest: SHA-256. Only SHA-1 supported时,我的应用会抛出AndroidKeyStoreRSAPrivateKey:
KeyPairGenerator kpg = KeyPairGenerator.getInstance(RSA, "AndroidKeyStore");
if (android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.KITKAT) {
Calendar start = Calendar.getInstance();
Calendar end = Calendar.getInstance();
end.add(Calendar.YEAR, 1);
KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(context)
.setAlias(ALIAS)
.setKeyType(KeyProperties.KEY_ALGORITHM_RSA)
.setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(2048, F4))
.setSubject(new X500Principal("CN=" + ALIAS))
.setSerialNumber(BigInteger.valueOf(Math.abs(ALIAS.hashCode())))
.setStartDate(start.getTime())
.setEndDate(end.getTime())
.build();
try {
kpg.initialize(spec);
} catch (InvalidAlgorithmParameterException e) {
e.printStackTrace();
}
}
KeyPair kp = kpg.generateKeyPair();
publicKey = kp.getPublic();
privateKey = kp.getPrivate();
//......................
// creating and initalizing Cipher
final Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPPadding");
// in this place exception is thrown
cipher.init(Cipher.DECRYPT_MODE,
key,
new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256,
PSource.PSpecified.DEFAULT));
在cipher.init()中引发了异常。但是,当我的私钥是由OpenSSLRSAPrivateKey生成的KeyFactory.getInstance(RSA)的实例时,不会复制,并且一切正常,除了我确实需要AndroidKeyStoreRSAPrivateKey之外。我阅读了开发人员文档https://developer.android.com/guide/topics/security/cryptography,但其中没有关于我的问题的任何信息。
我应该如何更改代码以解决该问题?