Java Examples for android.security.KeyPairGeneratorSpec
The following java examples will help you to understand the usage of android.security.KeyPairGeneratorSpec. These source code samples are taken from different open source projects.
Example 1
Project: rebase-android-master File: BlackBox.java View source code |
/** * Creates a public and private key and stores it using the AndroidKeyStore, * so that only this application will be able to access the keys. */ @SuppressWarnings("deprecation") public void createKeys() throws Exception { KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE); keyStore.load(null); if (keyStore.containsAlias(alias)) { Log.d(TAG, "[containsAlias]"); return; } Calendar start = Calendar.getInstance(); Calendar end = Calendar.getInstance(); end.add(Calendar.YEAR, 30); KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(context).setAlias(alias).setSubject(new X500Principal("CN=" + alias)).setSerialNumber(BigInteger.TEN).setStartDate(start.getTime()).setEndDate(end.getTime()).build(); KeyPairGenerator generator = KeyPairGenerator.getInstance(TYPE_RSA, ANDROID_KEY_STORE); generator.initialize(spec); KeyPair keyPair = generator.generateKeyPair(); Log.d(TAG, "Public Key is: " + keyPair.getPublic().toString()); }
Example 2
Project: Couchbase-master File: RSASecureTokenStore.java View source code |
@TargetApi(Build.VERSION_CODES.JELLY_BEAN_MR2) private void initializePrivateKey(Context context) { if (!hasKeyStore) return; try { KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore"); keyStore.load(null); if (keyStore.containsAlias(alias)) return; } catch (Exception ex) { Log.e(TAG, "Unable to open KeyStore", ex); return; } // Create the keys if necessary try { // https://developer.android.com/reference/android/security/KeyPairGeneratorSpec.Builder.html Calendar start = Calendar.getInstance(); Calendar end = Calendar.getInstance(); end.add(Calendar.YEAR, 1); KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(context).setAlias(alias).setSubject(new X500Principal("CN=" + alias)).setSerialNumber(BigInteger.valueOf(1337)).setStartDate(start.getTime()).setEndDate(end.getTime()).build(); KeyPairGenerator generator = KeyPairGenerator.getInstance(KEYPAIRGEN_ALGORITHM, "AndroidKeyStore"); generator.initialize(spec); KeyPair keyPair = generator.generateKeyPair(); } catch (Exception ex) { Log.e(TAG, "Unable to create new key", ex); return; } }
Example 3
Project: android-BasicAndroidKeyStore-master File: BasicAndroidKeyStoreFragment.java View source code |
/** * Creates a public and private key and stores it using the Android Key Store, so that only * this application will be able to access the keys. */ public void createKeys(Context context) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException { // BEGIN_INCLUDE(create_valid_dates) // Create a start and end time, for the validity range of the key pair that's about to be // generated. Calendar start = new GregorianCalendar(); Calendar end = new GregorianCalendar(); end.add(Calendar.YEAR, 1); //END_INCLUDE(create_valid_dates) // BEGIN_INCLUDE(create_keypair) // Initialize a KeyPair generator using the the intended algorithm (in this example, RSA // and the KeyStore. This example uses the AndroidKeyStore. KeyPairGenerator kpGenerator = KeyPairGenerator.getInstance(SecurityConstants.TYPE_RSA, SecurityConstants.KEYSTORE_PROVIDER_ANDROID_KEYSTORE); // END_INCLUDE(create_keypair) // BEGIN_INCLUDE(create_spec) // The KeyPairGeneratorSpec object is how parameters for your key pair are passed // to the KeyPairGenerator. AlgorithmParameterSpec spec; if (Build.VERSION.SDK_INT < Build.VERSION_CODES.M) { // Below Android M, use the KeyPairGeneratorSpec.Builder. spec = new KeyPairGeneratorSpec.Builder(context).setAlias(// You'll use the alias later to retrieve the key. It's a key for the key! mAlias).setSubject(// The subject used for the self-signed certificate of the generated pair new X500Principal("CN=" + mAlias)).setSerialNumber(// generated pair. BigInteger.valueOf(1337)).setStartDate(// Date range of validity for the generated pair. start.getTime()).setEndDate(end.getTime()).build(); } else { // On Android M or above, use the KeyGenparameterSpec.Builder and specify permitted // properties and restrictions of the key. spec = new KeyGenParameterSpec.Builder(mAlias, KeyProperties.PURPOSE_SIGN).setCertificateSubject(new X500Principal("CN=" + mAlias)).setDigests(KeyProperties.DIGEST_SHA256).setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1).setCertificateSerialNumber(BigInteger.valueOf(1337)).setCertificateNotBefore(start.getTime()).setCertificateNotAfter(end.getTime()).build(); } kpGenerator.initialize(spec); KeyPair kp = kpGenerator.generateKeyPair(); // END_INCLUDE(create_spec) Log.d(TAG, "Public Key is: " + kp.getPublic().toString()); }
Example 4
Project: GradleCodeLab-master File: KeyStoreUsage.java View source code |
@Override
protected Boolean doInBackground(String... params) {
final String alias = params[0];
try {
/*
* Generate a new entry in the KeyStore by using the
* KeyPairGenerator API. We have to specify the attributes for a
* self-signed X.509 certificate here so the KeyStore can attach
* the public key part to it. It can be replaced later with a
* certificate signed by a Certificate Authority (CA) if needed.
*/
Calendar cal = Calendar.getInstance();
Date now = cal.getTime();
cal.add(Calendar.YEAR, 1);
Date end = cal.getTime();
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
kpg.initialize(new KeyPairGeneratorSpec.Builder(getApplicationContext()).setAlias(alias).setStartDate(now).setEndDate(end).setSerialNumber(BigInteger.valueOf(1)).setSubject(new X500Principal("CN=test1")).build());
KeyPair kp = kpg.generateKeyPair();
return true;
} catch (NoSuchAlgorithmException e) {
Log.w(TAG, "Could not generate key", e);
return false;
} catch (InvalidAlgorithmParameterException e) {
Log.w(TAG, "Could not generate key", e);
return false;
} catch (NoSuchProviderException e) {
Log.w(TAG, "Could not generate key", e);
return false;
}
}
Example 5
Project: android_frameworks_base-master File: AndroidKeyStoreKeyPairGeneratorSpi.java View source code |
@SuppressWarnings("deprecation") @Override public void initialize(AlgorithmParameterSpec params, SecureRandom random) throws InvalidAlgorithmParameterException { resetAll(); boolean success = false; try { if (params == null) { throw new InvalidAlgorithmParameterException("Must supply params of type " + KeyGenParameterSpec.class.getName() + " or " + KeyPairGeneratorSpec.class.getName()); } KeyGenParameterSpec spec; boolean encryptionAtRestRequired = false; int keymasterAlgorithm = mOriginalKeymasterAlgorithm; if (params instanceof KeyGenParameterSpec) { spec = (KeyGenParameterSpec) params; } else if (params instanceof KeyPairGeneratorSpec) { // Legacy/deprecated spec KeyPairGeneratorSpec legacySpec = (KeyPairGeneratorSpec) params; try { KeyGenParameterSpec.Builder specBuilder; String specKeyAlgorithm = legacySpec.getKeyType(); if (specKeyAlgorithm != null) { // Spec overrides the generator's default key algorithm try { keymasterAlgorithm = KeyProperties.KeyAlgorithm.toKeymasterAsymmetricKeyAlgorithm(specKeyAlgorithm); } catch (IllegalArgumentException e) { throw new InvalidAlgorithmParameterException("Invalid key type in parameters", e); } } switch(keymasterAlgorithm) { case KeymasterDefs.KM_ALGORITHM_EC: specBuilder = new KeyGenParameterSpec.Builder(legacySpec.getKeystoreAlias(), KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY); // Authorized to be used with any digest (including no digest). // MD5 was never offered for Android Keystore for ECDSA. specBuilder.setDigests(KeyProperties.DIGEST_NONE, KeyProperties.DIGEST_SHA1, KeyProperties.DIGEST_SHA224, KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA384, KeyProperties.DIGEST_SHA512); break; case KeymasterDefs.KM_ALGORITHM_RSA: specBuilder = new KeyGenParameterSpec.Builder(legacySpec.getKeystoreAlias(), KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT | KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY); // Authorized to be used with any digest (including no digest). specBuilder.setDigests(KeyProperties.DIGEST_NONE, KeyProperties.DIGEST_MD5, KeyProperties.DIGEST_SHA1, KeyProperties.DIGEST_SHA224, KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA384, KeyProperties.DIGEST_SHA512); // Authorized to be used with any encryption and signature padding // schemes (including no padding). specBuilder.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE, KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1, KeyProperties.ENCRYPTION_PADDING_RSA_OAEP); specBuilder.setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1, KeyProperties.SIGNATURE_PADDING_RSA_PSS); // Disable randomized encryption requirement to support encryption // padding NONE above. specBuilder.setRandomizedEncryptionRequired(false); break; default: throw new ProviderException("Unsupported algorithm: " + mKeymasterAlgorithm); } if (legacySpec.getKeySize() != -1) { specBuilder.setKeySize(legacySpec.getKeySize()); } if (legacySpec.getAlgorithmParameterSpec() != null) { specBuilder.setAlgorithmParameterSpec(legacySpec.getAlgorithmParameterSpec()); } specBuilder.setCertificateSubject(legacySpec.getSubjectDN()); specBuilder.setCertificateSerialNumber(legacySpec.getSerialNumber()); specBuilder.setCertificateNotBefore(legacySpec.getStartDate()); specBuilder.setCertificateNotAfter(legacySpec.getEndDate()); encryptionAtRestRequired = legacySpec.isEncryptionRequired(); specBuilder.setUserAuthenticationRequired(false); spec = specBuilder.build(); } catch (NullPointerExceptionIllegalArgumentException | e) { throw new InvalidAlgorithmParameterException(e); } } else { throw new InvalidAlgorithmParameterException("Unsupported params class: " + params.getClass().getName() + ". Supported: " + KeyGenParameterSpec.class.getName() + ", " + KeyPairGeneratorSpec.class.getName()); } mEntryAlias = spec.getKeystoreAlias(); mEntryUid = spec.getUid(); mSpec = spec; mKeymasterAlgorithm = keymasterAlgorithm; mEncryptionAtRestRequired = encryptionAtRestRequired; mKeySizeBits = spec.getKeySize(); initAlgorithmSpecificParameters(); if (mKeySizeBits == -1) { mKeySizeBits = getDefaultKeySize(keymasterAlgorithm); } checkValidKeySize(keymasterAlgorithm, mKeySizeBits); if (spec.getKeystoreAlias() == null) { throw new InvalidAlgorithmParameterException("KeyStore entry alias not provided"); } String jcaKeyAlgorithm; try { jcaKeyAlgorithm = KeyProperties.KeyAlgorithm.fromKeymasterAsymmetricKeyAlgorithm(keymasterAlgorithm); mKeymasterPurposes = KeyProperties.Purpose.allToKeymaster(spec.getPurposes()); mKeymasterBlockModes = KeyProperties.BlockMode.allToKeymaster(spec.getBlockModes()); mKeymasterEncryptionPaddings = KeyProperties.EncryptionPadding.allToKeymaster(spec.getEncryptionPaddings()); if (((spec.getPurposes() & KeyProperties.PURPOSE_ENCRYPT) != 0) && (spec.isRandomizedEncryptionRequired())) { for (int keymasterPadding : mKeymasterEncryptionPaddings) { if (!KeymasterUtils.isKeymasterPaddingSchemeIndCpaCompatibleWithAsymmetricCrypto(keymasterPadding)) { throw new InvalidAlgorithmParameterException("Randomized encryption (IND-CPA) required but may be violated" + " by padding scheme: " + KeyProperties.EncryptionPadding.fromKeymaster(keymasterPadding) + ". See " + KeyGenParameterSpec.class.getName() + " documentation."); } } } mKeymasterSignaturePaddings = KeyProperties.SignaturePadding.allToKeymaster(spec.getSignaturePaddings()); if (spec.isDigestsSpecified()) { mKeymasterDigests = KeyProperties.Digest.allToKeymaster(spec.getDigests()); } else { mKeymasterDigests = EmptyArray.INT; } // Check that user authentication related parameters are acceptable. This method // will throw an IllegalStateException if there are issues (e.g., secure lock screen // not set up). KeymasterUtils.addUserAuthArgs(new KeymasterArguments(), mSpec.isUserAuthenticationRequired(), mSpec.getUserAuthenticationValidityDurationSeconds(), mSpec.isUserAuthenticationValidWhileOnBody(), mSpec.isInvalidatedByBiometricEnrollment()); } catch (IllegalArgumentExceptionIllegalStateException | e) { throw new InvalidAlgorithmParameterException(e); } mJcaKeyAlgorithm = jcaKeyAlgorithm; mRng = random; mKeyStore = KeyStore.getInstance(); success = true; } finally { if (!success) { resetAll(); } } }
Example 6
Project: wigle-wifi-wardriving-master File: TokenAccess.java View source code |
/** * Initialization method - only intended for run at app onCreate * @param prefs preferences from root context * @param context root context * @return true if successful encryption takes place, else false. */ public static boolean checkMigrateKeystoreVersion(SharedPreferences prefs, Context context) { boolean initOnly = false; if (prefs.getString(ListFragment.PREF_TOKEN, "").isEmpty()) { MainActivity.info("[TOKEN] No auth token stored - no preference migration possible."); initOnly = true; } if (android.os.Build.VERSION.SDK_INT < android.os.Build.VERSION_CODES.JELLY_BEAN_MR2) { // no reliable keystore here MainActivity.info("[TOKEN] No KeyStore support - no preference migration possible."); return false; } else { try { MainActivity.info("[TOKEN] Using Android Keystore; check need for new key..."); KeyStore keyStore = KeyStore.getInstance(ANDROID_KEYSTORE); keyStore.load(null); KeyPairGenerator kpg = KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_RSA, ANDROID_KEYSTORE); if (android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.M) { if (keyStore.containsAlias(KEYSTORE_WIGLE_CREDS_KEY_V1)) { MainActivity.info("[TOKEN] Key present and up-to-date M - no change."); return false; } MainActivity.info("[TOKEN] Initializing SDKv23 Key..."); String token = ""; if (keyStore.containsAlias(KEYSTORE_WIGLE_CREDS_KEY_V0)) { //ALIBI: fetch token with V0 key if it's stored that way token = TokenAccess.getApiToken(prefs); } KeyGenParameterSpec spec = new KeyGenParameterSpec.Builder(KEYSTORE_WIGLE_CREDS_KEY_V1, KeyProperties.PURPOSE_DECRYPT | KeyProperties.PURPOSE_ENCRYPT).setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512).setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_OAEP).build(); kpg.initialize(spec); kpg.generateKeyPair(); if (keyStore.containsAlias(KEYSTORE_WIGLE_CREDS_KEY_V0)) { MainActivity.info("[TOKEN] Upgrading from v0->v1 token..."); if ((null == token) || token.isEmpty()) return false; keyStore.deleteEntry(KEYSTORE_WIGLE_CREDS_KEY_V0); } else { token = prefs.getString(ListFragment.PREF_TOKEN, ""); //DEBUG: MainActivity.info("[TOKEN] +"+token+"+"); MainActivity.info("[TOKEN] Encrypting token at v1..."); if (token.isEmpty()) { MainActivity.info("[TOKEN] ...no token, returning after init."); return false; } } if (!initOnly) { if (TokenAccess.setApiToken(prefs, token)) { MainActivity.info("[TOKEN] ...token set at v1."); return true; } else { /** * ALIBI: if you can't migrate it, clear it to force re-authentication. * this isn't optimal, but it beats the alternative. * This is vital here, since Marshmallow and up can backup/restore * SharedPreferences, but NOT keystore entries */ MainActivity.error("[TOKEN] ...Failed token encryption; clearing."); clearApiToken(prefs); } } else { MainActivity.error("[TOKEN] v1 Keystore initialized, but no token present."); } } else if (android.os.Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR2) { if (keyStore.containsAlias(KEYSTORE_WIGLE_CREDS_KEY_V0)) { MainActivity.info("[TOKEN] Key present and up-to-date JB-MR2 - no action required."); return false; } MainActivity.info("[TOKEN] Initializing SDKv18 Key..."); Calendar notBefore = Calendar.getInstance(); Calendar notAfter = Calendar.getInstance(); notAfter.add(Calendar.YEAR, 3); KeyPairGeneratorSpec spec = null; spec = new KeyPairGeneratorSpec.Builder(context).setAlias(KEYSTORE_WIGLE_CREDS_KEY_V0).setSubject(//.setKeySize(4096) new X500Principal("CN=wigle")).setSerialNumber(BigInteger.ONE).setStartDate(notBefore.getTime()).setEndDate(//TODO: does endDate for the generation cert => key expiration? notAfter.getTime()).build(); kpg.initialize(spec); kpg.generateKeyPair(); String token = prefs.getString(ListFragment.PREF_TOKEN, ""); if (token.isEmpty()) { MainActivity.info("[TOKEN] ...no token, returning after init."); return false; } MainActivity.info("[TOKEN] Encrypting token at v0..."); if (!initOnly) { if (TokenAccess.setApiToken(prefs, token)) { MainActivity.info("[TOKEN] ...token set at v0."); return true; } else { /** * ALIBI: if you can't migrate it, clear it to force re-authentication. * this isn't optimal, but it beats the alternative. * This may not be necessary in the pre-Marshmallow world. */ MainActivity.error("[TOKEN] ...Failed token encryption; clearing."); clearApiToken(prefs); } } else { MainActivity.error("[TOKEN] v0 Keystore initialized, but no token present."); } } } catch (KeyStoreExceptionCertificateException | NoSuchAlgorithmException | IOException | NoSuchProviderException | InvalidAlgorithmParameterException | ProviderException | ex) { MainActivity.error("Upgrade/init of token storage failed: ", ex); ex.printStackTrace(); return false; } catch (Exception e) { MainActivity.error("Unexpected error in upgrade/init of token storage failed: ", e); e.printStackTrace(); return false; } } return false; }
Example 7
Project: scytale-master File: Store.java View source code |
@TargetApi(Build.VERSION_CODES.JELLY_BEAN_MR2)
private KeyPair generateAndroidJellyAsymmetricKey(KeyProps keyProps) {
try {
KeyPairGeneratorSpec keySpec = keyPropsToKeyPairGeneratorSpec(keyProps);
return generateAndroidAsymmetricKey(keyProps, keySpec);
} catch (NoSuchAlgorithmExceptionNoSuchProviderException | InvalidAlgorithmParameterException | e) {
onException(e);
}
return null;
}
Example 8
Project: Secured-Preference-Store-master File: EncryptionManager.java View source code |
@SuppressWarnings("WrongConstant") void generateRSAKeys(Context context) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyStoreException { if (!mStore.containsAlias(RSA_KEY_ALIAS)) { Calendar start = Calendar.getInstance(); Calendar end = Calendar.getInstance(); end.add(Calendar.YEAR, 25); KeyPairGenerator keyGen = KeyPairGenerator.getInstance(KEY_ALGORITHM_RSA, KEYSTORE_PROVIDER); KeyPairGeneratorSpec spec; if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) { spec = new KeyPairGeneratorSpec.Builder(context).setAlias(RSA_KEY_ALIAS).setKeySize(RSA_BIT_LENGTH).setKeyType(KEY_ALGORITHM_RSA).setEndDate(end.getTime()).setStartDate(start.getTime()).setSerialNumber(BigInteger.ONE).setSubject(new X500Principal("CN = Secured Preference Store, O = Devliving Online")).build(); } else { spec = new KeyPairGeneratorSpec.Builder(context).setAlias(RSA_KEY_ALIAS).setEndDate(end.getTime()).setStartDate(start.getTime()).setSerialNumber(BigInteger.ONE).setSubject(new X500Principal("CN = Secured Preference Store, O = Devliving Online")).build(); } keyGen.initialize(spec); keyGen.generateKeyPair(); } }
Example 9
Project: platform_frameworks_base-master File: AndroidKeyStoreKeyPairGeneratorSpi.java View source code |
@SuppressWarnings("deprecation") @Override public void initialize(AlgorithmParameterSpec params, SecureRandom random) throws InvalidAlgorithmParameterException { resetAll(); boolean success = false; try { if (params == null) { throw new InvalidAlgorithmParameterException("Must supply params of type " + KeyGenParameterSpec.class.getName() + " or " + KeyPairGeneratorSpec.class.getName()); } KeyGenParameterSpec spec; boolean encryptionAtRestRequired = false; int keymasterAlgorithm = mOriginalKeymasterAlgorithm; if (params instanceof KeyGenParameterSpec) { spec = (KeyGenParameterSpec) params; } else if (params instanceof KeyPairGeneratorSpec) { // Legacy/deprecated spec KeyPairGeneratorSpec legacySpec = (KeyPairGeneratorSpec) params; try { KeyGenParameterSpec.Builder specBuilder; String specKeyAlgorithm = legacySpec.getKeyType(); if (specKeyAlgorithm != null) { // Spec overrides the generator's default key algorithm try { keymasterAlgorithm = KeyProperties.KeyAlgorithm.toKeymasterAsymmetricKeyAlgorithm(specKeyAlgorithm); } catch (IllegalArgumentException e) { throw new InvalidAlgorithmParameterException("Invalid key type in parameters", e); } } switch(keymasterAlgorithm) { case KeymasterDefs.KM_ALGORITHM_EC: specBuilder = new KeyGenParameterSpec.Builder(legacySpec.getKeystoreAlias(), KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY); // Authorized to be used with any digest (including no digest). // MD5 was never offered for Android Keystore for ECDSA. specBuilder.setDigests(KeyProperties.DIGEST_NONE, KeyProperties.DIGEST_SHA1, KeyProperties.DIGEST_SHA224, KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA384, KeyProperties.DIGEST_SHA512); break; case KeymasterDefs.KM_ALGORITHM_RSA: specBuilder = new KeyGenParameterSpec.Builder(legacySpec.getKeystoreAlias(), KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT | KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY); // Authorized to be used with any digest (including no digest). specBuilder.setDigests(KeyProperties.DIGEST_NONE, KeyProperties.DIGEST_MD5, KeyProperties.DIGEST_SHA1, KeyProperties.DIGEST_SHA224, KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA384, KeyProperties.DIGEST_SHA512); // Authorized to be used with any encryption and signature padding // schemes (including no padding). specBuilder.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE, KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1, KeyProperties.ENCRYPTION_PADDING_RSA_OAEP); specBuilder.setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1, KeyProperties.SIGNATURE_PADDING_RSA_PSS); // Disable randomized encryption requirement to support encryption // padding NONE above. specBuilder.setRandomizedEncryptionRequired(false); break; default: throw new ProviderException("Unsupported algorithm: " + mKeymasterAlgorithm); } if (legacySpec.getKeySize() != -1) { specBuilder.setKeySize(legacySpec.getKeySize()); } if (legacySpec.getAlgorithmParameterSpec() != null) { specBuilder.setAlgorithmParameterSpec(legacySpec.getAlgorithmParameterSpec()); } specBuilder.setCertificateSubject(legacySpec.getSubjectDN()); specBuilder.setCertificateSerialNumber(legacySpec.getSerialNumber()); specBuilder.setCertificateNotBefore(legacySpec.getStartDate()); specBuilder.setCertificateNotAfter(legacySpec.getEndDate()); encryptionAtRestRequired = legacySpec.isEncryptionRequired(); specBuilder.setUserAuthenticationRequired(false); spec = specBuilder.build(); } catch (NullPointerExceptionIllegalArgumentException | e) { throw new InvalidAlgorithmParameterException(e); } } else { throw new InvalidAlgorithmParameterException("Unsupported params class: " + params.getClass().getName() + ". Supported: " + KeyGenParameterSpec.class.getName() + ", " + KeyPairGeneratorSpec.class.getName()); } mEntryAlias = spec.getKeystoreAlias(); mEntryUid = spec.getUid(); mSpec = spec; mKeymasterAlgorithm = keymasterAlgorithm; mEncryptionAtRestRequired = encryptionAtRestRequired; mKeySizeBits = spec.getKeySize(); initAlgorithmSpecificParameters(); if (mKeySizeBits == -1) { mKeySizeBits = getDefaultKeySize(keymasterAlgorithm); } checkValidKeySize(keymasterAlgorithm, mKeySizeBits); if (spec.getKeystoreAlias() == null) { throw new InvalidAlgorithmParameterException("KeyStore entry alias not provided"); } String jcaKeyAlgorithm; try { jcaKeyAlgorithm = KeyProperties.KeyAlgorithm.fromKeymasterAsymmetricKeyAlgorithm(keymasterAlgorithm); mKeymasterPurposes = KeyProperties.Purpose.allToKeymaster(spec.getPurposes()); mKeymasterBlockModes = KeyProperties.BlockMode.allToKeymaster(spec.getBlockModes()); mKeymasterEncryptionPaddings = KeyProperties.EncryptionPadding.allToKeymaster(spec.getEncryptionPaddings()); if (((spec.getPurposes() & KeyProperties.PURPOSE_ENCRYPT) != 0) && (spec.isRandomizedEncryptionRequired())) { for (int keymasterPadding : mKeymasterEncryptionPaddings) { if (!KeymasterUtils.isKeymasterPaddingSchemeIndCpaCompatibleWithAsymmetricCrypto(keymasterPadding)) { throw new InvalidAlgorithmParameterException("Randomized encryption (IND-CPA) required but may be violated" + " by padding scheme: " + KeyProperties.EncryptionPadding.fromKeymaster(keymasterPadding) + ". See " + KeyGenParameterSpec.class.getName() + " documentation."); } } } mKeymasterSignaturePaddings = KeyProperties.SignaturePadding.allToKeymaster(spec.getSignaturePaddings()); if (spec.isDigestsSpecified()) { mKeymasterDigests = KeyProperties.Digest.allToKeymaster(spec.getDigests()); } else { mKeymasterDigests = EmptyArray.INT; } // Check that user authentication related parameters are acceptable. This method // will throw an IllegalStateException if there are issues (e.g., secure lock screen // not set up). KeymasterUtils.addUserAuthArgs(new KeymasterArguments(), mSpec.isUserAuthenticationRequired(), mSpec.getUserAuthenticationValidityDurationSeconds(), mSpec.isUserAuthenticationValidWhileOnBody(), mSpec.isInvalidatedByBiometricEnrollment()); } catch (IllegalArgumentExceptionIllegalStateException | e) { throw new InvalidAlgorithmParameterException(e); } mJcaKeyAlgorithm = jcaKeyAlgorithm; mRng = random; mKeyStore = KeyStore.getInstance(); success = true; } finally { if (!success) { resetAll(); } } }
Example 10
Project: AmazeFileManager-master File: CryptUtil.java View source code |
/** * Generates a RSA public/private key pair to encrypt AES key * @param context * @throws KeyStoreException * @throws CertificateException * @throws NoSuchAlgorithmException * @throws IOException * @throws NoSuchProviderException * @throws InvalidAlgorithmParameterException */ @RequiresApi(api = Build.VERSION_CODES.KITKAT) private void generateKeyPair(Context context) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, NoSuchProviderException, InvalidAlgorithmParameterException { KeyStore keyStore = KeyStore.getInstance(KEY_STORE_ANDROID); keyStore.load(null); if (!keyStore.containsAlias(KEY_ALIAS_AMAZE)) { // generate a RSA key pair to encrypt/decrypt AES key from preferences Calendar start = Calendar.getInstance(); Calendar end = Calendar.getInstance(); end.add(Calendar.YEAR, 30); KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", KEY_STORE_ANDROID); KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(context).setAlias(KEY_ALIAS_AMAZE).setSubject(new X500Principal("CN=" + KEY_ALIAS_AMAZE)).setSerialNumber(BigInteger.TEN).setStartDate(start.getTime()).setEndDate(end.getTime()).build(); keyPairGenerator.initialize(spec); keyPairGenerator.generateKeyPair(); } }
Example 11
Project: Inspeckage-master File: WebServer.java View source code |
public KeyPair generateKeys(String alias) { KeyPair keyPair = null; try { KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore"); Calendar start = Calendar.getInstance(); Calendar end = Calendar.getInstance(); end.add(Calendar.YEAR, 1); if (android.os.Build.VERSION.SDK_INT > android.os.Build.VERSION_CODES.M) { KeyGenParameterSpec spec = new KeyGenParameterSpec.Builder(alias, KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY).setCertificateSubject(new X500Principal("CN=Inspeckage, OU=ACPM, O=ACPM, C=BR")).setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512).setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1).setCertificateNotBefore(start.getTime()).setCertificateNotAfter(end.getTime()).setKeyValidityStart(start.getTime()).setKeyValidityEnd(end.getTime()).setKeySize(2048).setCertificateSerialNumber(BigInteger.valueOf(1)).build(); keyGen.initialize(spec); } else { KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(mContext).setAlias(alias).setSubject(new X500Principal("CN=Inspeckage, OU=ACPM, O=ACPM, C=BR")).setSerialNumber(BigInteger.valueOf(12345)).setStartDate(start.getTime()).setEndDate(end.getTime()).build(); keyGen.initialize(spec); } keyPair = keyGen.generateKeyPair(); } catch (GeneralSecurityException e) { Log.d("Inspeckage_Exception: ", e.getMessage()); } return keyPair; }
Example 12
Project: ZeroKit-Android-SDK-master File: Zerokit.java View source code |
private void generateNewKey(@NonNull Context context, @NonNull String alias) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException { Calendar notBefore = Calendar.getInstance(); Calendar notAfter = Calendar.getInstance(); notAfter.add(Calendar.YEAR, 1); KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(context).setAlias(alias).setSubject(new X500Principal("CN=zerokit")).setSerialNumber(BigInteger.ONE).setStartDate(notBefore.getTime()).setEndDate(notAfter.getTime()).build(); KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA", ANDROID_KEYSTORE); generator.initialize(spec); generator.generateKeyPair(); }
Example 13
Project: couchbase-lite-android-master File: RSASecureTokenStore.java View source code |
@TargetApi(Build.VERSION_CODES.JELLY_BEAN_MR2) private void initializePrivateKey(Context context) { if (!hasKeyStore) return; try { KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore"); keyStore.load(null); if (keyStore.containsAlias(alias)) return; } catch (Exception ex) { Log.e(TAG, "Unable to open KeyStore", ex); return; } // Create the keys if necessary try { // https://developer.android.com/reference/android/security/KeyPairGeneratorSpec.Builder.html Calendar start = Calendar.getInstance(); Calendar end = Calendar.getInstance(); end.add(Calendar.YEAR, 1); KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(context).setAlias(alias).setSubject(new X500Principal("CN=" + alias)).setSerialNumber(BigInteger.valueOf(1337)).setStartDate(start.getTime()).setEndDate(end.getTime()).build(); KeyPairGenerator generator = KeyPairGenerator.getInstance(KEYPAIRGEN_ALGORITHM, "AndroidKeyStore"); generator.initialize(spec); KeyPair keyPair = generator.generateKeyPair(); } catch (Exception ex) { Log.e(TAG, "Unable to create new key", ex); return; } }
Example 14
Project: ApkLauncher-master File: KeyStoreUsage.java View source code |
@Override
protected Boolean doInBackground(String... params) {
final String alias = params[0];
try {
/*
* Generate a new entry in the KeyStore by using the
* KeyPairGenerator API. We have to specify the attributes for a
* self-signed X.509 certificate here so the KeyStore can attach
* the public key part to it. It can be replaced later with a
* certificate signed by a Certificate Authority (CA) if needed.
*/
Calendar cal = Calendar.getInstance();
Date now = cal.getTime();
cal.add(Calendar.YEAR, 1);
Date end = cal.getTime();
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
kpg.initialize(new KeyPairGeneratorSpec.Builder(getApplicationContext()).setAlias(alias).setStartDate(now).setEndDate(end).setSerialNumber(BigInteger.valueOf(1)).setSubject(new X500Principal("CN=test1")).build());
KeyPair kp = kpg.generateKeyPair();
return true;
} catch (NoSuchAlgorithmException e) {
Log.w(TAG, "Could not generate key", e);
return false;
} catch (InvalidAlgorithmParameterException e) {
Log.w(TAG, "Could not generate key", e);
return false;
} catch (NoSuchProviderException e) {
Log.w(TAG, "Could not generate key", e);
return false;
}
}
Example 15
Project: android-sdk-sources-for-api-level-23-master File: AndroidKeyStoreKeyPairGeneratorSpi.java View source code |
@Override public void initialize(AlgorithmParameterSpec params, SecureRandom random) throws InvalidAlgorithmParameterException { resetAll(); boolean success = false; try { if (params == null) { throw new InvalidAlgorithmParameterException("Must supply params of type " + KeyGenParameterSpec.class.getName() + " or " + KeyPairGeneratorSpec.class.getName()); } KeyGenParameterSpec spec; boolean encryptionAtRestRequired = false; int keymasterAlgorithm = mOriginalKeymasterAlgorithm; if (params instanceof KeyGenParameterSpec) { spec = (KeyGenParameterSpec) params; } else if (params instanceof KeyPairGeneratorSpec) { // Legacy/deprecated spec KeyPairGeneratorSpec legacySpec = (KeyPairGeneratorSpec) params; try { KeyGenParameterSpec.Builder specBuilder; String specKeyAlgorithm = legacySpec.getKeyType(); if (specKeyAlgorithm != null) { // Spec overrides the generator's default key algorithm try { keymasterAlgorithm = KeyProperties.KeyAlgorithm.toKeymasterAsymmetricKeyAlgorithm(specKeyAlgorithm); } catch (IllegalArgumentException e) { throw new InvalidAlgorithmParameterException("Invalid key type in parameters", e); } } switch(keymasterAlgorithm) { case KeymasterDefs.KM_ALGORITHM_EC: specBuilder = new KeyGenParameterSpec.Builder(legacySpec.getKeystoreAlias(), KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY); // Authorized to be used with any digest (including no digest). // MD5 was never offered for Android Keystore for ECDSA. specBuilder.setDigests(KeyProperties.DIGEST_NONE, KeyProperties.DIGEST_SHA1, KeyProperties.DIGEST_SHA224, KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA384, KeyProperties.DIGEST_SHA512); break; case KeymasterDefs.KM_ALGORITHM_RSA: specBuilder = new KeyGenParameterSpec.Builder(legacySpec.getKeystoreAlias(), KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT | KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY); // Authorized to be used with any digest (including no digest). specBuilder.setDigests(KeyProperties.DIGEST_NONE, KeyProperties.DIGEST_MD5, KeyProperties.DIGEST_SHA1, KeyProperties.DIGEST_SHA224, KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA384, KeyProperties.DIGEST_SHA512); // Authorized to be used with any encryption and signature padding // schemes (including no padding). specBuilder.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE, KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1, KeyProperties.ENCRYPTION_PADDING_RSA_OAEP); specBuilder.setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1, KeyProperties.SIGNATURE_PADDING_RSA_PSS); // Disable randomized encryption requirement to support encryption // padding NONE above. specBuilder.setRandomizedEncryptionRequired(false); break; default: throw new ProviderException("Unsupported algorithm: " + mKeymasterAlgorithm); } if (legacySpec.getKeySize() != -1) { specBuilder.setKeySize(legacySpec.getKeySize()); } if (legacySpec.getAlgorithmParameterSpec() != null) { specBuilder.setAlgorithmParameterSpec(legacySpec.getAlgorithmParameterSpec()); } specBuilder.setCertificateSubject(legacySpec.getSubjectDN()); specBuilder.setCertificateSerialNumber(legacySpec.getSerialNumber()); specBuilder.setCertificateNotBefore(legacySpec.getStartDate()); specBuilder.setCertificateNotAfter(legacySpec.getEndDate()); encryptionAtRestRequired = legacySpec.isEncryptionRequired(); specBuilder.setUserAuthenticationRequired(false); spec = specBuilder.build(); } catch (NullPointerExceptionIllegalArgumentException | e) { throw new InvalidAlgorithmParameterException(e); } } else { throw new InvalidAlgorithmParameterException("Unsupported params class: " + params.getClass().getName() + ". Supported: " + KeyGenParameterSpec.class.getName() + ", " + KeyPairGeneratorSpec.class.getName()); } mEntryAlias = spec.getKeystoreAlias(); mSpec = spec; mKeymasterAlgorithm = keymasterAlgorithm; mEncryptionAtRestRequired = encryptionAtRestRequired; mKeySizeBits = spec.getKeySize(); initAlgorithmSpecificParameters(); if (mKeySizeBits == -1) { mKeySizeBits = getDefaultKeySize(keymasterAlgorithm); } checkValidKeySize(keymasterAlgorithm, mKeySizeBits); if (spec.getKeystoreAlias() == null) { throw new InvalidAlgorithmParameterException("KeyStore entry alias not provided"); } String jcaKeyAlgorithm; try { jcaKeyAlgorithm = KeyProperties.KeyAlgorithm.fromKeymasterAsymmetricKeyAlgorithm(keymasterAlgorithm); mKeymasterPurposes = KeyProperties.Purpose.allToKeymaster(spec.getPurposes()); mKeymasterBlockModes = KeyProperties.BlockMode.allToKeymaster(spec.getBlockModes()); mKeymasterEncryptionPaddings = KeyProperties.EncryptionPadding.allToKeymaster(spec.getEncryptionPaddings()); if (((spec.getPurposes() & KeyProperties.PURPOSE_ENCRYPT) != 0) && (spec.isRandomizedEncryptionRequired())) { for (int keymasterPadding : mKeymasterEncryptionPaddings) { if (!KeymasterUtils.isKeymasterPaddingSchemeIndCpaCompatibleWithAsymmetricCrypto(keymasterPadding)) { throw new InvalidAlgorithmParameterException("Randomized encryption (IND-CPA) required but may be violated" + " by padding scheme: " + KeyProperties.EncryptionPadding.fromKeymaster(keymasterPadding) + ". See " + KeyGenParameterSpec.class.getName() + " documentation."); } } } mKeymasterSignaturePaddings = KeyProperties.SignaturePadding.allToKeymaster(spec.getSignaturePaddings()); if (spec.isDigestsSpecified()) { mKeymasterDigests = KeyProperties.Digest.allToKeymaster(spec.getDigests()); } else { mKeymasterDigests = EmptyArray.INT; } // Check that user authentication related parameters are acceptable. This method // will throw an IllegalStateException if there are issues (e.g., secure lock screen // not set up). KeymasterUtils.addUserAuthArgs(new KeymasterArguments(), mSpec.isUserAuthenticationRequired(), mSpec.getUserAuthenticationValidityDurationSeconds()); } catch (IllegalArgumentExceptionIllegalStateException | e) { throw new InvalidAlgorithmParameterException(e); } mJcaKeyAlgorithm = jcaKeyAlgorithm; mRng = random; mKeyStore = KeyStore.getInstance(); success = true; } finally { if (!success) { resetAll(); } } }
Example 16
Project: andevcon-2014-jl-master File: KeyStoreUsage.java View source code |
@Override
protected Boolean doInBackground(String... params) {
final String alias = params[0];
try {
/*
* Generate a new entry in the KeyStore by using the
* KeyPairGenerator API. We have to specify the attributes for a
* self-signed X.509 certificate here so the KeyStore can attach
* the public key part to it. It can be replaced later with a
* certificate signed by a Certificate Authority (CA) if needed.
*/
Calendar cal = Calendar.getInstance();
Date now = cal.getTime();
cal.add(Calendar.YEAR, 1);
Date end = cal.getTime();
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
kpg.initialize(new KeyPairGeneratorSpec.Builder(getApplicationContext()).setAlias(alias).setStartDate(now).setEndDate(end).setSerialNumber(BigInteger.valueOf(1)).setSubject(new X500Principal("CN=test1")).build());
KeyPair kp = kpg.generateKeyPair();
return true;
} catch (NoSuchAlgorithmException e) {
Log.w(TAG, "Could not generate key", e);
return false;
} catch (InvalidAlgorithmParameterException e) {
Log.w(TAG, "Could not generate key", e);
return false;
} catch (NoSuchProviderException e) {
Log.w(TAG, "Could not generate key", e);
return false;
}
}
Example 17
Project: felix-on-android-master File: KeyStoreUsage.java View source code |
@Override
protected Boolean doInBackground(String... params) {
final String alias = params[0];
try {
/*
* Generate a new entry in the KeyStore by using the
* KeyPairGenerator API. We have to specify the attributes for a
* self-signed X.509 certificate here so the KeyStore can attach
* the public key part to it. It can be replaced later with a
* certificate signed by a Certificate Authority (CA) if needed.
*/
Calendar cal = Calendar.getInstance();
Date now = cal.getTime();
cal.add(Calendar.YEAR, 1);
Date end = cal.getTime();
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
kpg.initialize(new KeyPairGeneratorSpec.Builder(getApplicationContext()).setAlias(alias).setStartDate(now).setEndDate(end).setSerialNumber(BigInteger.valueOf(1)).setSubject(new X500Principal("CN=test1")).build());
KeyPair kp = kpg.generateKeyPair();
return true;
} catch (NoSuchAlgorithmException e) {
Log.w(TAG, "Could not generate key", e);
return false;
} catch (InvalidAlgorithmParameterException e) {
Log.w(TAG, "Could not generate key", e);
return false;
} catch (NoSuchProviderException e) {
Log.w(TAG, "Could not generate key", e);
return false;
}
}
Example 18
Project: ApkLauncher_legacy-master File: KeyStoreUsage.java View source code |
@Override
protected Boolean doInBackground(String... params) {
final String alias = params[0];
try {
/*
* Generate a new entry in the KeyStore by using the
* KeyPairGenerator API. We have to specify the attributes for a
* self-signed X.509 certificate here so the KeyStore can attach
* the public key part to it. It can be replaced later with a
* certificate signed by a Certificate Authority (CA) if needed.
*/
Calendar cal = Calendar.getInstance();
Date now = cal.getTime();
cal.add(Calendar.YEAR, 1);
Date end = cal.getTime();
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
kpg.initialize(new KeyPairGeneratorSpec.Builder(getApplicationContext()).setAlias(alias).setStartDate(now).setEndDate(end).setSerialNumber(BigInteger.valueOf(1)).setSubject(new X500Principal("CN=test1")).build());
KeyPair kp = kpg.generateKeyPair();
return true;
} catch (NoSuchAlgorithmException e) {
Log.w(TAG, "Could not generate key", e);
return false;
} catch (InvalidAlgorithmParameterException e) {
Log.w(TAG, "Could not generate key", e);
return false;
} catch (NoSuchProviderException e) {
Log.w(TAG, "Could not generate key", e);
return false;
}
}
Example 19
Project: android-keystore-master File: Crypto.java View source code |
@SuppressLint("NewApi") public static KeyPair generateRsaPairWithGenerator(Context ctx, String alais) throws Exception { Calendar notBefore = Calendar.getInstance(); Calendar notAfter = Calendar.getInstance(); notAfter.add(1, Calendar.YEAR); KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(ctx).setAlias(alais).setSubject(new X500Principal(String.format("CN=%s, OU=%s", alais, ctx.getPackageName()))).setSerialNumber(BigInteger.ONE).setStartDate(notBefore.getTime()).setEndDate(notAfter.getTime()).build(); KeyPairGenerator kpGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore"); kpGenerator.initialize(spec); KeyPair kp = kpGenerator.generateKeyPair(); return kp; }