Wrong RSA PrivateKey KeyStore


Wrong RSA PrivateKey KeyStore



My app generates a KeyPair when it's opened. I can encrypt text with the PublicKey but when I try to decrypt it with the PrivateKey it throws InvalidKeyException.


KeyPair


PublicKey


PrivateKey


InvalidKeyException



Some Log.v debug:


Log.v


(...) V/Aliases: The public key created is [android.security.keystore.AndroidKeyStoreRSAPublicKey@1840131a]
(...) V/Aliases: The private key created is [android.security.keystore.AndroidKeyStoreRSAPrivateKey@37ad0430]
(...) V/Aliases: The public key used is [android.security.keystore.AndroidKeyStoreRSAPublicKey@1840131a]
(...) V/Aliases: The private key used is [android.security.keystore.AndroidKeyStoreRSAPrivateKey@37ad0430]
(...) V/Aliases: The private key [android.security.keystore.AndroidKeyStoreRSAPrivateKey@37ad0430] is incorrect



KeyPair generation:


KeyPair


try {
//Load KeyStore
keystore = KeyStore.getInstance("AndroidKeyStore");
keystore.load(null);

} catch (KeyStoreException | IOException | NoSuchAlgorithmException | CertificateException e) {
e.printStackTrace();
}

//KeyPair generation
KeyPairGenerator kpg = null;
try {
kpg = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
kpg.initialize(new KeyGenParameterSpec.Builder("Test",KeyProperties.PURPOSE_DECRYPT | KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_SIGN)
.setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512)
.build());
kp = kpg.generateKeyPair();
Log.v("Aliases", "The public key created is [" + kp.getPublic() + "]");
Log.v("Aliases", "The private key created is [" + kp.getPrivate()+ "]");

} catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidAlgorithmParameterException e) {
e.printStackTrace();
}



Encryption function:


Encryption


//Removed try/catch
KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keystore.getEntry("Test", null);
PublicKey publicKey = privateKeyEntry.getCertificate().getPublicKey();

Log.v("Aliases", "The public key used is [" + publicKey + "]");

Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
bytes = cipher.doFinal(edittext.getText().toString().getBytes());
edittext.setText(Base64.encodeToString(bytes, Base64.DEFAULT));



Decryption function:


Decryption


//Removed try/catch
KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keystore.getEntry("Test", null);
PrivateKey privateKey = privateKeyEntry.getPrivateKey();

Log.v("Aliases", "The private key used is [" + privateKey + "]");

Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, privateKey);
String decrypted = new String(cipher.doFinal(Base64.decode(edittext.getText().toString(), Base64.DEFAULT)));
edittext.setText(decrypted);

//Removed the "try" part. This gets executed when cipher.init returns InvalidKeyException
catch (InvalidKeyException e) {
KeyStore.PrivateKeyEntry privateKeyEntry = null;
privateKeyEntry = (KeyStore.PrivateKeyEntry) keystore.getEntry("Test", null);
PrivateKey privateKey = privateKeyEntry.getPrivateKey();
Log.v("Aliases", "The private key [" + privateKey + "] is incorrect");
e.printStackTrace();
}




1 Answer
1



Don't do this:


Cipher cipher = Cipher.getInstance("RSA");



Always specify the full "algorithm/mode/padding" specification. For example,


Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPwithSHA-256andMGF1Padding");



Now you also need to tell AndroidKeyStore what encryption paddings you are permitting for your key. So add a setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_OAEP) call in your call chain for KeyGenParameterSpec.Builder(...), i.e.


setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_OAEP)


KeyGenParameterSpec.Builder(...)


kpg.initialize(new KeyGenParameterSpec.Builder("Test",
KeyProperties.PURPOSE_DECRYPT | KeyProperties.PURPOSE_ENCRYPT |
KeyProperties.PURPOSE_SIGN)
.setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_OAEP)
.build());






By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

-

Popular posts from this blog

Moria Casán

Image
Moria Casán Casán in 2016 Born Ana María Casanova ( 1946-08-16 ) August 16, 1946 (age 71) Buenos Aires, Argentina Residence Parque Leloir, Ituzaingó, Buenos Aires Province, Argentina [1] Occupation Actress, presenter, theatre producer, TV personality, talent manager Years active 1970–present Spouse(s) Mario Castiglione ( m.  1986; div.  1990) Children Sofía Gala Castiglione Signature Ana María Casanova (born August 16, 1946), known by her stage name Moria Casán , is an Argentine actress and TV personality. Casán made her theatre debut in 1970, and quickly became one of the country's leading vedettes during Argentina's Golden Age of revue. Her sex symbol status was further cemented during the late 1970s and 1980s, as she starred in various sexual comedy films alongside Alberto Olmedo, Jorge Porcel and Susana Giménez. Since the mid-1980s, Casán has also established herself as an important TV personality, hostin...
Read more

How to make file upload 'Required' in Contact Form 7?

How to make file upload 'Required' in Contact Form 7? I have a Contact Form 7 form on my Wordpress website and I have specified that the file upload is mandatory by putting a * , however the users are able to submit the form without file upload. * Relevant Contact Form 7 form is given below: <div class="filelink">[file* AddanImage filetypes:gif|png|jpg|jpeg]</div> How do I write the Contact Form 7 code or add a validation perhaps so that the users are not able to submit the form without uploading an image? Any hints/help/guidance is highly appreciated. Have you check doc - contactform7.com/file-uploading-and-attachment – Mukesh Panchal Jun 30 at 8:38 @MukeshPanchal I have and the code complies with the documentation – Hamza Ahmad Jul 1 at 10:44 ...
Read more

Quinn's Post Commonwealth War Graves Commission Cemetery

Image
Quinn's Post Commonwealth War Graves Commission Used for those deceased April–December 1915 Established Early 1920s Location near  Gallipoli, Turkey Total burials 473 Burials by nation Allied Powers: Australian: 295 Unknown: 294 New Zealand: 13 United Kingdom: 1 Burials by war World War I: 473 Statistics source: Old Front Line Battlefields of WW1 A 1915 photograph that is thought to show Quinn's post. An Australian sniper uses a periscope rifle, assisted by a spotter with a periscope Quinn's Post Cemetery is a Commonwealth War Graves Commission cemetery from World War I in the former Anzac sector of the Gallipoli Peninsula, Turkey. The battles at Gallipoli, some of whose participating soldiers are buried at this cemetery, were an eight-month campaign fought by Commonwealth and French forces against Turkish forces in an attempt to force Turkey out of the war, to relieve the deadlock of the Western Front (France/Belgium) and to open a supply route to Russia through t...
Read more