Android Keystore解密加密数据给出错误结果

时间:2018-12-14 15:51:22

标签: android encryption kotlin android-keystore

我正在尝试使用java.security.KeyPairGenerator实例生成的KeyPair对任意字符串进行加密。不幸的是,在使用生成的KeyPair对String进行加密和解密之后,结果不正确。

这是我要做的事情:

val ks: KeyStore = KeyStore.getInstance("AndroidKeyStore").apply {
    load(null)
}

fun encryptUsingKey(publicKey: PublicKey, bytes: ByteArray): ByteArray {
    val inCipher = Cipher.getInstance("RSA/NONE/NoPadding")
    inCipher.init(Cipher.ENCRYPT_MODE, publicKey)
    return inCipher.doFinal(bytes)
}

fun decryptUsingKey(privateKey: PrivateKey, bytes: ByteArray): ByteArray {
    val inCipher = Cipher.getInstance("RSA/NONE/NoPadding")
    inCipher.init(Cipher.DECRYPT_MODE, privateKey)
    return inCipher.doFinal(bytes)
}

fun getKey(): KeyStore.Entry {
    val containsAlias = ks.containsAlias(alias)
    if (!containsAlias) {
        val kpg: KeyPairGenerator = KeyPairGenerator.getInstance(
            KeyProperties.KEY_ALGORITHM_RSA,
            "AndroidKeyStore"
        )
        val parameterSpec: KeyGenParameterSpec =
            KeyGenParameterSpec.Builder(
                alias,
                KeyProperties.PURPOSE_DECRYPT or KeyProperties.PURPOSE_ENCRYPT
            )
                .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
                .setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512)
                .setRandomizedEncryptionRequired(false)
                .build()

        kpg.initialize(parameterSpec)

        val kp = kpg.generateKeyPair()
    }
    return ks.getEntry(alias, null)
}

我的加密/解密测试如下:

fun testEncryptionDecryption() {
    val entry = getKey()

    if (entry is KeyStore.PrivateKeyEntry) {
        val privateKey = entry.privateKey
        val certificate = entry.certificate
        val publicKey = certificate.publicKey

        val testKey = "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF"

        val encrypted = service.encryptUsingKey(publicKey, Base64.decodeFromString(testKey))
        val decrypted = service.decryptUsingKey(privateKey, encrypted)

        assertEquals(testKey, Base64.encodeToString(decrypted))

    }
}

不幸的是,结果看起来像这样:

org.junit.ComparisonFailure: expected:<[0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF]> but was:<[AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANNdt-Oeu_PQAQgxBdNdt-Oeu_PQAQgxBdNdt-Oeu_PQAQgxBdNdt-Oeu_PQAQgxBQ]>

有人可以启发我了解这里发生的事情吗?这些A都来自哪里?我使用的键不正确吗?

1 个答案:

答案 0 :(得分:3)

怀疑是错误的配置。以下作品:

val inCipher = Cipher.getInstance("RSA/ECB/OAEPPadding") 

val kpg: KeyPairGenerator = KeyPairGenerator.getInstance(
            KeyProperties.KEY_ALGORITHM_RSA,
            "AndroidKeyStore"
        )
        val parameterSpec: KeyGenParameterSpec =
            KeyGenParameterSpec.Builder(
                alias,
                KeyProperties.PURPOSE_DECRYPT or KeyProperties.PURPOSE_ENCRYPT
            )
                .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_OAEP)
                .setBlockModes(KeyProperties.BLOCK_MODE_ECB)
                .setDigests(KeyProperties.DIGEST_SHA1)
                .build()

        kpg.initialize(parameterSpec)
相关问题
最新问题