我正在考虑这个问题:
是否可以将自己的密钥放在AndroidKeyStore上并用于其他操作(签署一些文本/文档)?
我已经为包含PostQuantum库的签名算法SPHINCS生成了一个BouncyCastle密钥(专用/发布)。
有什么方法可以初始化我的计划吗?
谢谢您的提示:)
有一个示例代码,我如何通过 BouncyCastle SPHINCS 生成priv / pub密钥:
SPHINCS256KeyPairGenerator generator = new SPHINCS256KeyPairGenerator();
generator.init(new SPHINCS256KeyGenerationParameters(new RiggedRandom(), new SHA3Digest(256)));
AsymmetricCipherKeyPair kp = generator.generateKeyPair();
SPHINCSPrivateKeyParameters priv = (SPHINCSPrivateKeyParameters)kp.getPrivate();
SPHINCSPublicKeyParameters pub = (SPHINCSPublicKeyParameters)kp.getPublic();
答案 0 :(得分:0)
尝试类似的方法(Andorid M(6.0)+的示例)
@TargetApi(Build.VERSION_CODES.M)
private void initGeneratorWithKeyGenParameterSpec() {
try {
KeyPairGenerator generator = KeyPairGenerator.getInstance("ALGORITHM", "AndroidKeyStore");
String alias = "myAlias";
Calendar startDate = Calendar.getInstance();
Calendar endDate = Calendar.getInstance();
endDate.add(Calendar.YEAR, 20);
KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(
alias, KeyProperties.PURPOSE_ENCRYPT|KeyProperties.PURPOSE_DECRYPT)
.setCertificateSubject(new X500Principal("CN=" + alias))
.setCertificateSerialNumber(BigInteger.valueOf(1337))
.setCertificateNotBefore(startDate.getTime())
.setCertificateNotAfter(endDate.getTime())
.setBlockModes(KeyProperties.BLOCK_MODE_ECB)
.setDigests(KeyProperties.DIGEST_SHA256)
.setKeySize(2048)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1);
generator.initialize(builder.build());
generator.generateKeyPair();
} catch (Exception e) {
mLogger.logException(Logger.Level.ERROR, Logger.Category.ENCRYPTION, "KeyStoreWrapper", "initGeneratorWithKeyGenParameterSpec()", e);
}