How to use Android KeyStore API with API 18?
11,952
Solution 1
Symmetric key generation and storage in the Android KeyStore is supported from Android 6.0 (API Level 23) onwards.
Asymmetric key generation and storage in the Android KeyStore is supported from Android 4.3 (API Level 18) onwards.
See this document for more info: Android Keystore System
Though there are some problems you can use Asymmetric key generation. Follow the reference bellow..
Solution 2
private final String ENCRYPTION_ALIAS = "anEncryptionAlias"
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
KeyPairGenerator generator = KeyPairGenerator.getInstance(KEY_ALGORITHM_RSA, AndroidKeyStore);
generator.initialize(new KeyGenParameterSpec.Builder(
ENCRYPTION_ALIAS,
KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY)
.setDigests(
KeyProperties.DIGEST_SHA256,
KeyProperties.DIGEST_SHA512)
.build()
);
generator.generateKeyPair();
} else {
Calendar start = Calendar.getInstance();
Calendar end = Calendar.getInstance();
end.add(Calendar.YEAR, 1);
KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec
.Builder(SadadApplication.getInstance().getApplicationContext())
.setAlias(ENCRYPTION_ALIAS)
.setSubject(new X500Principal("CN=Your Company ," +
" O=Your Organization" +
" C=Your Coountry"))
.setSerialNumber(BigInteger.ONE)
.setStartDate(start.getTime())
.setEndDate(end.getTime())
.build();
KeyPairGenerator generator = KeyPairGenerator.getInstance(KEY_ALGORITHM_RSA, AndroidKeyStore);
generator.initialize(spec);
generator.generateKeyPair();
}
Related videos on Youtube
Author by
user299648
Updated on September 15, 2022Comments
-
user299648 over 1 year
How do I get the equivalent code below when I'm targeting API 18? Code below works only for API 23 and above. Also how secure would the API 18 code be, given that we can't use
KeyGenParameterSpec
and the API 18 code might use deprecated APIs?KeyGenerator keyGenerator = KeyGenerator.getInstance( KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore"); keyGenerator.init(new KeyGenParameterSpec.Builder(alias, KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT) .setBlockModes(KeyProperties.BLOCK_MODE_CBC) .setKeySize(256) .setUserAuthenticationRequired(true) .setUserAuthenticationValidityDurationSeconds(400) .setRandomizedEncryptionRequired(false) .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_PKCS7) .build()); SecretKey key = keyGenerator.generateKey();
-
Arst about 6 yearsIs there any way you can generate symmetric key prior to API level 23?
-
IgorGanapolsky almost 6 yearsKeyPairGeneratorSpec is not the same thing as KeyGenerator
-
Amir Raza about 3 years@Arst Yes, you can generate symmetric key but It will not be in the keystore, what you can do is, generate asymmetric key (will be in keystore) then generate symmetric key and encrypt it with public key of asymmetric and encodeToString it with Base64 and store it to db like SharedPreferences, then you can use it by decrypting with private key. Symmetric key can be generated as KeyGenerator.getInstance("AES").apply { init(KEY_SIZE) //256 etc... }.generateKey()
-
hornet2319 almost 3 years
KEY_ALGORITHM_RSA
Field still requires API level 23