Reputation: 107
How to generate,save and load a symmetric key using the Android KeyStore
I'm currently working on a project where we want encryption, but can't use servers (We're not allowed). I'm making my key with this line of code right now:
key = KeyGenerator.getInstance("AES").generateKey();
All the encryption and decryption works perfectly with it. Problem is, evertime you kill the app and run it again, nothing works because a new key is created. All the previously crypted data cannot be decrypted anymore with this new key.
I need to make a function that gets the same key everytime I open my app. That's why I want to use the keystore (I'm not allowed to store the key on the device, I can only use the Android Keystore or RAM).
Any idea how to do this exactly ? The only links I found online are for Pair Keys.
Upvotes: 2
Views: 1465
Answers (1)
Reputation: 107
Finally manage to make it work ! Using this link I made a base code that wasn't working, but with some help from other stack overflow post I made it work out.
Here is the solution for anyone else that might need it :
This should be in something like your MainActivity java class.
public KeyStore ks;
@Override protected void onCreate (Bundle savedInstanceState)
{
super.onCreate(savedInstanceState);
try{
// Get Keystore
ks = KeyStore.getInstance(KeyStore.getDefaultType());
SharedPreferences wmbPreference = PreferenceManager.getDefaultSharedPreferences(this);
boolean isFirstRun = wmbPreference.getBoolean("FIRSTRUN", true);
if (isFirstRun)
{
SharedPreferences.Editor editor = wmbPreference.edit();
editor.putBoolean("FIRSTRUN", false);
editor.commit();
ks.load(null, password);
GenerateKey();
} else {
LoadKey();
}
}
catch(Exception ex){
ex.printStackTrace();
}
myClassNeedingTheKey.secretKey = key;
}
It state that at the first run of your app, it creates the keystore and the secret key that goes with it (we also save everything). If it's not the first time you run the app, then load the key. Then before ending the onCreate we pass the key to whoever needs it.
Here is the actual code to Generate, Save and Load. This is also in a typical MainActivity class since its used by the code you put in onCreate.
public SecretKey key;
public char[] password = "1234567890".toCharArray();
void GenerateKey(){
try {
// Get and Convert the Key
key = KeyGenerator.getInstance("AES").generateKey();
SaveKey();
}
catch(Exception ex){
ex.printStackTrace();
}
}
void SaveKey(){
try{
// Save my secret key
KeyStore.SecretKeyEntry secretKeyEntry = new KeyStore.SecretKeyEntry(key);
ks.setEntry("SecretKeyAlias", secretKeyEntry,null);
// Save the keystore
FileOutputStream fos = new FileOutputStream(this.getFilesDir().getAbsolutePath() + "/OEKeyStore");
ks.store(fos, password);
}
catch(Exception ex){
ex.printStackTrace();
}
}
void LoadKey(){
try{
// Load Keystore
FileInputStream fis = new FileInputStream(this.getFilesDir().getAbsolutePath() + "/OEKeyStore");
ks.load(fis, password);
// Load the secret key
KeyStore.SecretKeyEntry secretKeyEntry = (KeyStore.SecretKeyEntry)ks.getEntry("SecretKeyAlias",null);
key = secretKeyEntry.getSecretKey();
}
catch(Exception ex){
ex.printStackTrace();
}
}
There you go ! You can then use the the secret key to do whatever you want.
Upvotes: 1
Related Questions
- how to securely store encryption keys in android?
- Generate symmetric key and store in android keystore
- Generate SecretKey from AndroidKeyStore
- How to store symmetric secret key in Java PKCS12 keystore
- Securely storing a symmetric key in using the Android KeyChain
- Android KeyStore System - Saving a KeyPair?
- Android KeyStore to store the SecretKey for encryption/decryption
- How to save keys to keystore?
- How to initialize the Keystore
- Android KeyStore - How to save an RSA PrivateKey