android - AndroidKeyStore wiped out after device password change -
i working on android application based on client-server architecture. data security, using public-private key pair data encryption , signing. using androidkeystore storing key pair. below code generate key pair:
keypairgeneratorspec spec = new keypairgeneratorspec.builder( mcontext) .setalias(mprivatekeyalias) .setsubject(new x500principal("cn=" + mprivatekeyalias)) .setserialnumber( biginteger.valueof(system.currenttimemillis())) .setstartdate(start.gettime()) .setenddate(end.gettime()).setkeysize(2048).build(); keypairgenerator kpgenerator = keypairgenerator.getinstance( "rsa", "androidkeystore"); kpgenerator.initialize(spec); // key pair saved in androidkeystore keypair pair = kpgenerator.generatekeypair(); after executing code, keystore releated files (cert , pkey files) generated @ '/data/misc/keystore/user_0/' directory. encrypting application sensitive data auth-token , saving shared pref security reasons.
but when user changes device password or pin, keystore files getting deleted masterkey used keystore encryption generated using device credentials.
now fix issue, tried keep public-private key pair in ram , when password gets changed. onpasswordchanged(context context, intent intent) method of deviceadminreceiver, executing below code :
keystore keystore = keystore .getinstance("androidkeystore"); keystore.load(null); keystore.setkeyentry(mprivatekeyalias, mprivatekey.getprivatekey(), null, new certificate[] { mprivatekey.getcertificate() }); but, after code cert file gets created @ '/data/misc/keystore/user_0/' directory , while decryption using private key, giving invalid signature error.
also, have shared public key server, encrypted data private key, creating new key pair not better solution.
so, how can retain public private key pair after device password change ? if there no work around, exact use of androidkeystore? can use ?
this issue has been fixed google in android 5.0 (lollipop) release. but, previous versions of android, have live issue. :(
Comments
Post a Comment