android.security.keystore.KeyProperties Java Examples
The following examples show how to use
android.security.keystore.KeyProperties.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: FingerprintUiHelper.java From LolliPin with MIT License | 6 votes |
|
/**
* Creates a symmetric key in the Android Key Store which can only be used after the user has
* authenticated with fingerprint.
*/
public void createKey() {
// The enrolling flow for fingerprint. This is where you ask the user to set up fingerprint
// for your flow. Use of keys is necessary if you need to know if the set of
// enrolled fingerprints has changed.
try {
// Set the alias of the entry in Android KeyStore where the key will appear
// and the constrains (purposes) in the constructor of the Builder
mKeyGenerator = KeyGenerator.getInstance(
KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore");
mKeyGenerator.init(new KeyGenParameterSpec.Builder(KEY_NAME,
KeyProperties.PURPOSE_ENCRYPT |
KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_CBC)
// Require the user to authenticate with a fingerprint to authorize every use
// of the key
.setUserAuthenticationRequired(true)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_PKCS7)
.build());
mKeyGenerator.generateKey();
} catch (NoSuchProviderException | NoSuchAlgorithmException | InvalidAlgorithmParameterException e) {
throw new RuntimeException(e);
}
}
Example #2
| Source File: PFSecurityUtils.java From PFLockScreen-Android with Apache License 2.0 | 6 votes |
|
@TargetApi(Build.VERSION_CODES.M)
private boolean generateKey(String keystoreAlias, boolean isAuthenticationRequired) {
try {
final KeyPairGenerator keyGenerator = KeyPairGenerator.getInstance(
KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore");
keyGenerator.initialize(
new KeyGenParameterSpec.Builder(keystoreAlias,
KeyProperties.PURPOSE_ENCRYPT |
KeyProperties.PURPOSE_DECRYPT)
.setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_OAEP)
.setUserAuthenticationRequired(isAuthenticationRequired)
.build());
keyGenerator.generateKeyPair();
return true;
} catch ( NoSuchAlgorithmException
| NoSuchProviderException
| InvalidAlgorithmParameterException exc) {
exc.printStackTrace();
return false;
}
}
Example #3
| Source File: KeyStoreHelper.java From Hauk with Apache License 2.0 | 6 votes |
|
/**
* Retrieves a key store helper for the given key store alias.
*
* @param alias The alias to retrieve a helper for.
*/
public KeyStoreHelper(KeyStoreAlias alias) {
try {
// Load the key store if not already loaded.
if (store == null) loadKeyStore();
// Check if the alias exists. If not, create it.
if (!store.containsAlias(alias.getAlias())) {
Log.i("Generating new key for alias %s", alias); //NON-NLS
KeyGenerator keygen = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, ANDROID_KEY_STORE);
KeyGenParameterSpec spec = new KeyGenParameterSpec.Builder(alias.getAlias(), KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_GCM)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
.build();
keygen.init(spec);
this.key = keygen.generateKey();
} else {
Log.i("Loading existing key for alias %s", alias); //NON-NLS
KeyStore.SecretKeyEntry keyEntry = (KeyStore.SecretKeyEntry) store.getEntry(alias.getAlias(), null);
this.key = keyEntry.getSecretKey();
}
} catch (Exception e) {
Log.e("Unable to load key store or generate keys", e); //NON-NLS
}
}
Example #4
| Source File: SyntheticPasswordCrypto.java From android_9.0.0_r45 with Apache License 2.0 | 6 votes |
|
private static byte[] encrypt(SecretKey key, byte[] blob)
throws IOException, NoSuchAlgorithmException, NoSuchPaddingException,
InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
if (blob == null) {
return null;
}
Cipher cipher = Cipher.getInstance(
KeyProperties.KEY_ALGORITHM_AES + "/" + KeyProperties.BLOCK_MODE_GCM + "/"
+ KeyProperties.ENCRYPTION_PADDING_NONE);
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] ciphertext = cipher.doFinal(blob);
byte[] iv = cipher.getIV();
if (iv.length != PROFILE_KEY_IV_SIZE) {
throw new RuntimeException("Invalid iv length: " + iv.length);
}
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
outputStream.write(iv);
outputStream.write(ciphertext);
return outputStream.toByteArray();
}
Example #5
| Source File: KeyGenHelper.java From privacy-friendly-food-tracker with GNU General Public License v3.0 | 6 votes |
|
/**
* Generates a rsa key pair if it not exists.
*
* @param context the application context
*/
public static void generateKey(Context context) throws Exception {
KeyStore keyStore;
keyStore = KeyStore.getInstance(AndroidKeyStore);
keyStore.load(null, null);
// Generate the RSA key pairs for encryption
if (!keyStore.containsAlias(KEY_ALIAS)) {
Calendar start = Calendar.getInstance();
Calendar end = Calendar.getInstance();
end.add(Calendar.YEAR, 30);
KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(context)
.setAlias(KEY_ALIAS)
.setSubject(new X500Principal("CN=" + KEY_ALIAS))
.setSerialNumber(BigInteger.TEN)
.setStartDate(start.getTime())
.setEndDate(end.getTime())
.build();
KeyPairGenerator kpg = KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_RSA, AndroidKeyStore);
kpg.initialize(spec);
kpg.generateKeyPair();
}
}
Example #6
| Source File: CredentialSafe.java From android-webauthn-authenticator with BSD 3-Clause "New" or "Revised" License | 6 votes |
|
/**
* Generate a new ES256 keypair (COSE algorithm -7, ECDSA + SHA-256 over the NIST P-256 curve).
*
* @param alias The alias used to identify this keypair in the keystore. Needed to use key
* in the future.
* @return The KeyPair object representing the newly generated keypair.
* @throws VirgilException
*/
private KeyPair generateNewES256KeyPair(String alias) throws VirgilException {
KeyGenParameterSpec spec = new KeyGenParameterSpec.Builder(alias, KeyProperties.PURPOSE_SIGN)
.setAlgorithmParameterSpec(new ECGenParameterSpec(CURVE_NAME))
.setDigests(KeyProperties.DIGEST_SHA256)
.setUserAuthenticationRequired(this.authenticationRequired) // fingerprint or similar
.setUserConfirmationRequired(false) // TODO: Decide if we support Android Trusted Confirmations
.setInvalidatedByBiometricEnrollment(false)
.setIsStrongBoxBacked(this.strongboxRequired)
.build();
try {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_EC, KEYSTORE_TYPE);
keyPairGenerator.initialize(spec);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
return keyPair;
} catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidAlgorithmParameterException e) {
throw new VirgilException("couldn't generate key pair: " + e.toString());
}
}
Example #7
| Source File: ApplicationKeyStorage.java From android_9.0.0_r45 with Apache License 2.0 | 6 votes |
|
public void setSymmetricKeyEntry(int userId, int uid, String alias, byte[] secretKey)
throws KeyStoreException {
Log.i(TAG, String.format(Locale.US, "Set %d/%d/%s: %d bytes of key material",
userId, uid, alias, secretKey.length));
try {
mKeyStore.setEntry(
getInternalAlias(userId, uid, alias),
new SecretKeyEntry(
new SecretKeySpec(secretKey, KeyProperties.KEY_ALGORITHM_AES)),
new KeyProtection.Builder(
KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_GCM)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
.build());
} catch (KeyStoreException e) {
throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage());
}
}
Example #8
| Source File: CryptUtil.java From PowerFileExplorer with GNU General Public License v3.0 | 6 votes |
|
/**
* Gets a secret key from Android key store.
* If no key has been generated with a given alias then generate a new one
* @return
* @throws KeyStoreException
* @throws CertificateException
* @throws NoSuchAlgorithmException
* @throws IOException
* @throws NoSuchProviderException
* @throws InvalidAlgorithmParameterException
* @throws UnrecoverableKeyException
*/
@RequiresApi(api = Build.VERSION_CODES.M)
private static Key getSecretKey() throws KeyStoreException, CertificateException,
NoSuchAlgorithmException, IOException, NoSuchProviderException,
InvalidAlgorithmParameterException,
UnrecoverableKeyException {
KeyStore keyStore = KeyStore.getInstance(KEY_STORE_ANDROID);
keyStore.load(null);
if (!keyStore.containsAlias(KEY_ALIAS_AMAZE)) {
KeyGenerator keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, KEY_STORE_ANDROID);
KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(KEY_ALIAS_AMAZE,
KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT);
builder.setBlockModes(KeyProperties.BLOCK_MODE_GCM);
builder.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE);
builder.setRandomizedEncryptionRequired(false);
keyGenerator.init(builder.build());
return keyGenerator.generateKey();
} else {
return keyStore.getKey(KEY_ALIAS_AMAZE, null);
}
}
Example #9
| Source File: Cryptography.java From zap-android with MIT License | 6 votes |
|
@RequiresApi(api = Build.VERSION_CODES.M)
protected void generateKeysForAPIMOrGreater(String keyAlias) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
KeyGenerator keyGenerator;
keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, ANDROID_KEY_STORE_NAME);
keyGenerator.init(
new KeyGenParameterSpec.Builder(keyAlias,
KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_GCM)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
// NOTE no Random IV. According to above this is less secure but acceptably so.
.setRandomizedEncryptionRequired(false)
.build());
// Note according to [docs](https://developer.android.com/reference/android/security/keystore/KeyGenParameterSpec.html)
// this generation will also add it to the keystore.
keyGenerator.generateKey();
}
Example #10
| Source File: TestActivity.java From Telegram-FOSS with GNU General Public License v2.0 | 6 votes |
|
public boolean createKeyPair() {
try {
KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(KEY_NAME, KeyProperties.PURPOSE_DECRYPT | KeyProperties.PURPOSE_ENCRYPT)
.setDigests(KeyProperties.DIGEST_SHA1, KeyProperties.DIGEST_SHA256)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_OAEP)
.setKeySize(2048);
builder.setIsStrongBoxBacked(true);
builder.setInvalidatedByBiometricEnrollment(true);
builder.setUserAuthenticationRequired(true);
keyPairGenerator.initialize(builder.build());
keyPairGenerator.generateKeyPair();
return true;
} catch (InvalidAlgorithmParameterException e) {
return false;
}
}
Example #11
| Source File: CryptoObjectCreator.java From LockDemo with Apache License 2.0 | 6 votes |
|
/**
* Creates a symmetric key in the Android Key Store which can only be used after the user has
* authenticated with fingerprint.
*/
private void createKey() {
// The enrolling flow for fingerprint. This is where you ask the user to set up fingerprint
// for your flow. Use of keys is necessary if you need to know if the set of
// enrolled fingerprints has changed.
try {
mKeyStore.load(null);
// Set the alias of the entry in Android KeyStore where the key will appear
// and the constrains (purposes) in the constructor of the Builder
mKeyGenerator.init(new KeyGenParameterSpec.Builder(KEY_NAME,
KeyProperties.PURPOSE_ENCRYPT |
KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_CBC)
// Require the user to authenticate with a fingerprint to authorize every use
// of the key
.setUserAuthenticationRequired(true)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_PKCS7)
.build());
mKeyGenerator.generateKey();
} catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException
| CertificateException | IOException e) {
Log.e(""," Failed to createKey, e:");
throw new RuntimeException(e);
}
}
Example #12
| Source File: FingerprintUtil.java From masterpassword with GNU General Public License v3.0 | 6 votes |
|
@RequiresApi(api = Build.VERSION_CODES.M)
private static SecretKey createKey() throws FingerprintException {
try {
KeyGenerator keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore");
// Set the alias of the entry in Android KeyStore where the key will appear
// and the constrains (purposes) in the constructor of the Builder
keyGenerator.init(new KeyGenParameterSpec.Builder(KEY_NAME,
KeyProperties.PURPOSE_DECRYPT | KeyProperties.PURPOSE_ENCRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_CBC)
// Require the user to authenticate with a fingerprint to authorize every use
// of the key
.setUserAuthenticationRequired(true)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_PKCS7)
.build());
return keyGenerator.generateKey();
} catch (Exception e) {
throw new FingerprintException(App.get().getString(R.string.fingeprint_secretKeyGenerationFailed), e);
}
}
Example #13
| Source File: MainActivity.java From android-biometricprompt with Apache License 2.0 | 6 votes |
|
private KeyPair generateKeyPair(String keyName, boolean invalidatedByBiometricEnrollment) throws Exception {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_EC, "AndroidKeyStore");
KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(keyName,
KeyProperties.PURPOSE_SIGN)
.setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1"))
.setDigests(KeyProperties.DIGEST_SHA256,
KeyProperties.DIGEST_SHA384,
KeyProperties.DIGEST_SHA512)
// Require the user to authenticate with a biometric to authorize every use of the key
.setUserAuthenticationRequired(true);
// Generated keys will be invalidated if the biometric templates are added more to user device
if (Build.VERSION.SDK_INT >= 24) {
builder.setInvalidatedByBiometricEnrollment(invalidatedByBiometricEnrollment);
}
keyPairGenerator.initialize(builder.build());
return keyPairGenerator.generateKeyPair();
}
Example #14
| Source File: PreAndroidMSecureKeyStore.java From android-showcase-template with Apache License 2.0 | 6 votes |
|
@Override
public void generatePrivateKeyPair(String keyAlias) throws GeneralSecurityException, IOException {
//pre android-M, the keystore only support RSA key generation. So here we will generate a RSA keypair first, then generate the AES key.
//we then encrypt the AES key using the generated RSA public key, and save it using the SharedPreferences
Calendar start = Calendar.getInstance();
Calendar end = Calendar.getInstance();
end.add(Calendar.YEAR, 99);
KeyPairGeneratorSpec generatorSpec = new KeyPairGeneratorSpec
.Builder(context)
.setAlias(keyAlias)
.setSubject(new X500Principal("CN=" + keyAlias))
.setSerialNumber(BigInteger.TEN)
.setStartDate(start.getTime())
.setEndDate(end.getTime())
.build();
KeyPairGenerator generator = KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_RSA, ANDROID_KEY_STORE);
generator.initialize(generatorSpec);
generator.generateKeyPair();
}
Example #15
| Source File: TestActivity.java From Telegram with GNU General Public License v2.0 | 6 votes |
|
public boolean createKeyPair() {
try {
KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(KEY_NAME, KeyProperties.PURPOSE_DECRYPT | KeyProperties.PURPOSE_ENCRYPT)
.setDigests(KeyProperties.DIGEST_SHA1, KeyProperties.DIGEST_SHA256)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_OAEP)
.setKeySize(2048);
builder.setIsStrongBoxBacked(true);
builder.setInvalidatedByBiometricEnrollment(true);
builder.setUserAuthenticationRequired(true);
keyPairGenerator.initialize(builder.build());
keyPairGenerator.generateKeyPair();
return true;
} catch (InvalidAlgorithmParameterException e) {
return false;
}
}
Example #16
| Source File: KeyStoreHelper.java From mollyim-android with GNU General Public License v3.0 | 6 votes |
|
@RequiresApi(Build.VERSION_CODES.M)
private static SecretKey createKeyStoreEntry() {
try {
KeyGenerator keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, ANDROID_KEY_STORE);
KeyGenParameterSpec keyGenParameterSpec = new KeyGenParameterSpec.Builder(KEY_ALIAS, KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_GCM)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
.build();
keyGenerator.init(keyGenParameterSpec);
return keyGenerator.generateKey();
} catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidAlgorithmParameterException e) {
throw new AssertionError(e);
}
}
Example #17
| Source File: CipherHelper.java From Fingerprint with MIT License | 6 votes |
|
private void createCipherKeyGenerator(){
if(cipherKeyGenCreated){
return;
}
try {
cipherKeyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, provider);
cipherKeyGenerator.init(new KeyGenParameterSpec.Builder(keyName,KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_CBC)
.setUserAuthenticationRequired(true)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_PKCS7)
.build());
cipherKeyGenCreated = true;
} catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidAlgorithmParameterException e) {
throw new RuntimeException("Failed to create key generator", e);
}
}
Example #18
| Source File: CipherHelper.java From Fingerprint with MIT License | 6 votes |
|
private void createCipher(){
if(cipherCreated){
return;
}
try {
cipher = Cipher.getInstance(
KeyProperties.KEY_ALGORITHM_AES + "/"
+ KeyProperties.BLOCK_MODE_CBC + "/"
+ KeyProperties.ENCRYPTION_PADDING_PKCS7);
cipherCreated = true;
} catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
throw new RuntimeException("Failed to get an instance of Cipher", e);
}
}
Example #19
| Source File: AuthKeyGenerator.java From sensorhub-cloud-iot with Apache License 2.0 | 6 votes |
|
/**
* Generate a new key pair entry in the Android Keystore by using the KeyPairGenerator API.
* This creates both a KeyPair and a self-signed certificate, both with the same alias,
* using the {@link #keyAlgorithm} provided.
*/
private void generateAuthenticationKey() throws GeneralSecurityException {
KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyAlgorithm, keystoreName);
KeyGenParameterSpec.Builder specBuilder =
new KeyGenParameterSpec.Builder(keyAlias, KeyProperties.PURPOSE_SIGN)
.setCertificateSubject(new X500Principal("CN=unused"))
.setDigests(KeyProperties.DIGEST_SHA256);
if (keyAlgorithm.equals(KeyProperties.KEY_ALGORITHM_RSA)) {
specBuilder.setKeySize(KEY_SIZE_RSA)
.setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1);
} else if (keyAlgorithm.equals(KeyProperties.KEY_ALGORITHM_EC)) {
specBuilder.setKeySize(KEY_SIZE_EC);
}
kpg.initialize(specBuilder.build());
kpg.generateKeyPair();
}
Example #20
| Source File: FingerprintActivity.java From AndroidSamples with Apache License 2.0 | 6 votes |
|
/**
* 创建密钥
*/
@TargetApi(Build.VERSION_CODES.M)
private void initKey() {
try {
keyStore = KeyStore.getInstance("AndroidKeyStore");
keyStore.load(null);
KeyGenerator keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore");
KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(DEFAULT_KEY_NAME,
KeyProperties.PURPOSE_ENCRYPT |
KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_CBC)
.setUserAuthenticationRequired(true)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_PKCS7);
keyGenerator.init(builder.build());
keyGenerator.generateKey();
} catch (Exception e) {
throw new RuntimeException(e);
}
}
Example #21
| Source File: FingerprintActivity.java From AndroidSamples with Apache License 2.0 | 6 votes |
|
/**
* Generate NIST P-256 EC Key pair for signing and verification
*
* @param keyName
* @param invalidatedByBiometricEnrollment
* @return
* @throws Exception
*/
@TargetApi(Build.VERSION_CODES.P)
private KeyPair generateKeyPair(String keyName, boolean invalidatedByBiometricEnrollment) throws Exception {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_EC, "AndroidKeyStore");
KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(keyName,
KeyProperties.PURPOSE_SIGN)
.setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1"))
.setDigests(KeyProperties.DIGEST_SHA256,
KeyProperties.DIGEST_SHA384,
KeyProperties.DIGEST_SHA512)
// Require the user to authenticate with a biometric to authorize every use of the key
.setUserAuthenticationRequired(true)
.setInvalidatedByBiometricEnrollment(invalidatedByBiometricEnrollment);
keyPairGenerator.initialize(builder.build());
return keyPairGenerator.generateKeyPair();
}
Example #22
| Source File: FingerprintDialog.java From journaldev with MIT License | 6 votes |
|
public void createKey(String keyName) {
// The enrolling flow for fingerprint. This is where you ask the user to set up fingerprint
// for your flow. Use of keys is necessary if you need to know if the set of
// enrolled fingerprints has changed.
try {
mKeyStore.load(null);
// Set the alias of the entry in Android KeyStore where the key will appear
// and the constrains (purposes) in the constructor of the Builder
KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(keyName,
KeyProperties.PURPOSE_ENCRYPT |
KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_CBC)
// Require the user to authenticate with a fingerprint to authorize every use
// of the key
.setUserAuthenticationRequired(true)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_PKCS7);
mKeyGenerator.init(builder.build());
mKeyGenerator.generateKey();
} catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException
| CertificateException | IOException e) {
throw new RuntimeException(e);
}
}
Example #23
| Source File: MainActivity.java From Study_Android_Demo with Apache License 2.0 | 6 votes |
|
@TargetApi(23)
private void initKey() {
try {
keyStore = KeyStore.getInstance("AndroidKeyStore");
keyStore.load(null);
KeyGenerator keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore");
KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(DEFAULT_KEY_NAME,
KeyProperties.PURPOSE_ENCRYPT |
KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_CBC)
.setUserAuthenticationRequired(true)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_PKCS7);
keyGenerator.init(builder.build());
keyGenerator.generateKey();
} catch (Exception e) {
throw new RuntimeException(e);
}
}
Example #24
| Source File: RsaCipherProvider.java From RxFingerprint with Apache License 2.0 | 6 votes |
|
@Override
@TargetApi(Build.VERSION_CODES.M)
Cipher cipherForEncryption() throws GeneralSecurityException, IOException {
KeyPairGenerator keyGenerator = KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_RSA, ANDROID_KEY_STORE);
keyGenerator.initialize(getKeyGenParameterSpecBuilder(keyName, KeyProperties.BLOCK_MODE_ECB, KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1, invalidatedByBiometricEnrollment)
.build());
keyGenerator.generateKeyPair();
KeyFactory keyFactory = KeyFactory.getInstance(KeyProperties.KEY_ALGORITHM_RSA);
Cipher cipher = createCipher();
cipher.init(Cipher.ENCRYPT_MODE, getPublicKey(keyFactory, keyStore));
return cipher;
}
Example #25
| Source File: CipherStorageKeystoreAesCbc.java From react-native-keychain with MIT License | 6 votes |
|
/** Get encryption algorithm specification builder instance. */
@NonNull
@Override
protected KeyGenParameterSpec.Builder getKeyGenSpecBuilder(@NonNull final String alias)
throws GeneralSecurityException {
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.M) {
throw new KeyStoreAccessException("Unsupported API" + Build.VERSION.SDK_INT + " version detected.");
}
final int purposes = KeyProperties.PURPOSE_DECRYPT | KeyProperties.PURPOSE_ENCRYPT;
return new KeyGenParameterSpec.Builder(alias, purposes)
.setBlockModes(BLOCK_MODE_CBC)
.setEncryptionPaddings(PADDING_PKCS7)
.setRandomizedEncryptionRequired(true)
.setKeySize(ENCRYPTION_KEY_SIZE);
}
Example #26
| Source File: CipherStorageKeystoreRsaEcb.java From react-native-keychain with MIT License | 6 votes |
|
/** Get builder for encryption and decryption operations with required user Authentication. */
@NonNull
@Override
@SuppressLint("NewApi")
protected KeyGenParameterSpec.Builder getKeyGenSpecBuilder(@NonNull final String alias)
throws GeneralSecurityException {
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.M) {
throw new KeyStoreAccessException("Unsupported API" + Build.VERSION.SDK_INT + " version detected.");
}
final int purposes = KeyProperties.PURPOSE_DECRYPT | KeyProperties.PURPOSE_ENCRYPT;
return new KeyGenParameterSpec.Builder(alias, purposes)
.setBlockModes(BLOCK_MODE_ECB)
.setEncryptionPaddings(PADDING_PKCS1)
.setRandomizedEncryptionRequired(true)
.setUserAuthenticationRequired(true)
.setUserAuthenticationValidityDurationSeconds(1)
.setKeySize(ENCRYPTION_KEY_SIZE);
}
Example #27
| Source File: KeystoreTool.java From secure-storage-android with Apache License 2.0 | 6 votes |
|
@RequiresApi(api = M)
private static void generateKeyPairForMarshmallow(@NonNull Context context) throws SecureStorageException {
try {
if (isRTL(context)) {
Locale.setDefault(Locale.US);
}
KeyPairGenerator generator = KeyPairGenerator.getInstance(KEY_ENCRYPTION_ALGORITHM, KEY_KEYSTORE_NAME);
KeyGenParameterSpec keyGenParameterSpec =
new KeyGenParameterSpec.Builder(KEY_ALIAS, KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1)
.build();
generator.initialize(keyGenParameterSpec);
generator.generateKeyPair();
} catch (Exception e) {
throw new SecureStorageException(e.getMessage(), e, KEYSTORE_EXCEPTION);
}
}
Example #28
| Source File: SyntheticPasswordCrypto.java From android_9.0.0_r45 with Apache License 2.0 | 5 votes |
|
public static byte[] createBlob(String keyAlias, byte[] data, byte[] applicationId, long sid) {
try {
KeyGenerator keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES);
keyGenerator.init(new SecureRandom());
SecretKey secretKey = keyGenerator.generateKey();
KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
keyStore.load(null);
KeyProtection.Builder builder = new KeyProtection.Builder(KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_GCM)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
.setCriticalToDeviceEncryption(true);
if (sid != 0) {
builder.setUserAuthenticationRequired(true)
.setBoundToSpecificSecureUserId(sid)
.setUserAuthenticationValidityDurationSeconds(USER_AUTHENTICATION_VALIDITY);
}
keyStore.setEntry(keyAlias,
new KeyStore.SecretKeyEntry(secretKey),
builder.build());
byte[] intermediate = encrypt(applicationId, APPLICATION_ID_PERSONALIZATION, data);
return encrypt(secretKey, intermediate);
} catch (CertificateException | IOException | BadPaddingException
| IllegalBlockSizeException
| KeyStoreException | NoSuchPaddingException | NoSuchAlgorithmException
| InvalidKeyException e) {
e.printStackTrace();
throw new RuntimeException("Failed to encrypt blob", e);
}
}
Example #29
| Source File: FingerprintActivity.java From AndroidSamples with Apache License 2.0 | 5 votes |
|
/**
* 初始化Cipher(加密类,指纹扫描器会使用这个对象来判断认证结果的合法性)
*/
@TargetApi(Build.VERSION_CODES.M)
private Cipher initCipher() {
try {
SecretKey key = (SecretKey) keyStore.getKey(DEFAULT_KEY_NAME, null);
Cipher cipher = Cipher.getInstance(KeyProperties.KEY_ALGORITHM_AES + "/"
+ KeyProperties.BLOCK_MODE_CBC + "/"
+ KeyProperties.ENCRYPTION_PADDING_PKCS7);
cipher.init(Cipher.ENCRYPT_MODE, key);
return cipher;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
Example #30
| Source File: RNSensitiveInfoModule.java From react-native-sensitive-info with MIT License | 5 votes |
|
private void prepareKey() throws Exception {
if (android.os.Build.VERSION.SDK_INT < android.os.Build.VERSION_CODES.M) {
return;
}
KeyGenerator keyGenerator = KeyGenerator.getInstance(
KeyProperties.KEY_ALGORITHM_AES, ANDROID_KEYSTORE_PROVIDER);
KeyGenParameterSpec.Builder builder = null;
builder = new KeyGenParameterSpec.Builder(
KEY_ALIAS_AES,
KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT);
builder.setBlockModes(KeyProperties.BLOCK_MODE_CBC)
.setKeySize(256)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_PKCS7)
// forces user authentication with fingerprint
.setUserAuthenticationRequired(true);
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) {
try {
builder.setInvalidatedByBiometricEnrollment(invalidateEnrollment);
} catch (Exception e) {
Log.d("RNSensitiveInfo", "Error setting setInvalidatedByBiometricEnrollment: " + e.getMessage());
}
}
keyGenerator.init(builder.build());
keyGenerator.generateKey();
}
