Android KeyStore私有指数无法提取

我想在Android密钥库中生成一个RSA密钥对。 由于Android 4.3应该可以在Android系统密钥库中生成RSA密钥。

我生成我的RSA密钥(工作正常)

Calendar notBefore = Calendar.getInstance(); Calendar notAfter = Calendar.getInstance(); notAfter.add(1, Calendar.YEAR); KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(ctx) .setAlias("key") .setSubject( new X500Principal(String.format("CN=%s, OU=%s", "key", ctx.getPackageName()))) .setSerialNumber(BigInteger.ONE) .setStartDate(notBefore.getTime()) .setEndDate(notAfter.getTime()).build(); KeyPairGenerator kpg; kpg = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore"); kpg.initialize(spec); KeyPair kp = kpg.genKeyPair(); publicKey = kp.getPublic(); privateKey = kp.getPrivate(); 

我的RSAencryption看起来像(也有效):

  public static byte[] RSAEncrypt(final byte[] plain) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException { Cipher cipher = Cipher.getInstance("RSA"); System.out.println("RSA Encryption key: " + publicKey.getAlgorithm()); System.out.println("RSA Encryption key: " + publicKey.getEncoded()); cipher.init(Cipher.ENCRYPT_MODE, publicKey); byte[] encryptedBytes = cipher.doFinal(plain); return encryptedBytes; } 

解密:

  public static byte[] RSADecrypt(final byte[] encryptedBytes) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException { Cipher cipher1 = Cipher.getInstance("RSA"); System.out.println("RSA Encryption key: " + privateKey.getAlgorithm()); System.out.println("RSA Encryption key: " + privateKey.getEncoded()); cipher1.init(Cipher.DECRYPT_MODE, privateKey); byte[] decryptedBytes = cipher1.doFinal(encryptedBytes); return decryptedBytes; } 

在解密函数中,我得到以下错误消息(当privateKey编码,并在cipher1.init()):

 12-12 21:49:40.338: E/AndroidRuntime(20423): FATAL EXCEPTION: main 12-12 21:49:40.338: E/AndroidRuntime(20423): java.lang.UnsupportedOperationException: private exponent cannot be extracted 12-12 21:49:40.338: E/AndroidRuntime(20423): at org.apache.harmony.xnet.provider.jsse.OpenSSLRSAPrivateKey.getPrivateExponent(OpenSSLRSAPrivateKey.java:143) 

我不明白。 是不是可以在Android KeyStore中生成一个RSA密钥? 任何人都可以提供一个在Android KeyStore中生成RSA密钥并使用私钥解密的示例。

提前谢谢了!

Solutions Collecting From Web of "Android KeyStore私有指数无法提取"

根据代码 ,我认为OpenSSL提供程序防止私钥在将密钥生成到设备中时导出。

 @Override public final BigInteger getPrivateExponent() { if (key.isEngineBased()) { throw new UnsupportedOperationException("private exponent cannot be extracted"); } ensureReadParams(); return privateExponent; } 

因此,您可能需要指定在检索密码实例时要使用相同的encryption提供程序。 这个提供者支持这些RSA密码 :

  • RSA / ECB / NoPadding
  • RSA / ECB / PKCS1Padding

你应该这样创build一个密码的实例:

 Cipher cipher1 = Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidOpenSSL");