私钥未在API

私钥未在API-2（Marshmallow）中生成(Private key is not getting generated in API-2 (Marshmallow))

我一直在使用密钥库生成RSA密钥/对，代码一直在用于API级别18-22。 今天当我在API-2上运行它时，我无法从密钥库中检索私钥。 以下是我一直使用的代码：

KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(context) .setAlias(utility.getConfigValue(configuration, OuterKeys.KEYSTORE_AME)) .setSubject( new X500Principal("C=Sample ame, O=Android Authority")) .setSerialumber(BigInteger.OE).setStartDate(start.getTime()) .setEndDate(end.getTime()).build(); KeyPairGenerator generator = null; generator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore"); generator.initialize(spec); KeyPair keyPair = generator.generateKeyPair(); PrivateKey privateKey = keyPair.getPrivate(); PublicKey publicKey = keyPair.getPublic(); byte[] publicKeyBytes = publicKey.getEncoded(); String pubKeyStr = (publicKeyBytes, Base64.O_PADDIG); byte[] privKeyBytes = privateKey.getEncoded(); String privKeyStr = (privKeyBytes, Base64.O_PADDIG); Log.d("^^^^^^^^^1",pubKeyStr); Log.d("^^^^^^^^^2",privKeyStr);

我调试了这个，发现生成的私钥是null。 而我可以在检索时打印公钥字符串。 请有人帮忙吗。

I have been using the keystore to generate RSA key/pair and the code has been working for API levels 18-22. Today when I ran it on API-2, I am not able to retrieve the Private key from the keystore. Below is the code that I have been using:

KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(context) .setAlias(utility.getConfigValue(configuration, OuterKeys.KEYSTORE_AME)) .setSubject( new X500Principal("C=Sample ame, O=Android Authority")) .setSerialumber(BigInteger.OE).setStartDate(start.getTime()) .setEndDate(end.getTime()).build(); KeyPairGenerator generator = null; generator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore"); generator.initialize(spec); KeyPair keyPair = generator.generateKeyPair(); PrivateKey privateKey = keyPair.getPrivate(); PublicKey publicKey = keyPair.getPublic(); byte[] publicKeyBytes = publicKey.getEncoded(); String pubKeyStr = (publicKeyBytes, Base64.O_PADDIG); byte[] privKeyBytes = privateKey.getEncoded(); String privKeyStr = (privKeyBytes, Base64.O_PADDIG); Log.d("^^^^^^^^^1",pubKeyStr); Log.d("^^^^^^^^^2",privKeyStr);

I debugged this and found that the private key generated is null. Whereas I can print the public key string as it is being retrieved. Can anyone help out please.

最满意答案

看起来你正在从Android Keystore中检索PrivateKey实例。 您应该可以将此PrivateKey实例与Cipher和Signature原语一起使用。

什么是“不工作”是PrivateKey实例的getEncoded返回null。 正如James K Polk所说，这是按预期工作的。 getEncoded应该返回私钥的密钥材料（通常采用PKCS＃8 DER编码格式），如果不支持密钥材料导出，则返回null。 Android Keystore按设计不会泄露/导出私钥的密钥材料，因此getEncoded返回null。 在较旧的Android平台版本上，它可能已经返回一个空字节数组。

It looks like you are retrieving the PrivateKey instance from Android Keystore just fine. You should be able to use this PrivateKey instance with Cipher and Signature primitives just fine too.

What's "not working" is that that PrivateKey instance's getEncoded returns null. As James K Polk mentioned, this is working as intended. getEncoded is supposed to return the private key's key material (usually in PKCS#8 DER-encoded format) or null if key material export is not supported. Android Keystore by design does not reveal/export key material of private keys and thus getEncoded returns null. On older Android platform versi it may have been returning an empty byte array instead.