java.security.InvalidKeyException: Keystore operation failed

Question

I am getting java.security.InvalidKeyException: Keystore operation failed. Does anyone has an idea ? Here is my code:

Code for the initDecodeCipher:

private static void initDecodeCipher(int mode) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException, InvalidKeyException, NoSuchPaddingException {

    KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) sKeyStore.getEntry(FINGERPRINT_KEY_NAME, null);
    Cipher output = Cipher.getInstance(TRANSFORMATION);
    output.init(Cipher.DECRYPT_MODE, privateKeyEntry.getPrivateKey());
}

The code for initEncodeCipher:

private static void initEncodeCipher(int mode) throws KeyStoreException, InvalidKeySpecException, NoSuchAlgorithmException, InvalidKeyException, InvalidAlgorithmParameterException {
    PublicKey key = sKeyStore.getCertificate(FINGERPRINT_KEY_NAME).getPublicKey();

    PublicKey unrestricted = KeyFactory.getInstance(key.getAlgorithm()).generatePublic(new X509EncodedKeySpec(key.getEncoded()));
    OAEPParameterSpec spec = new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT);

    sCipher.init(mode, unrestricted, spec);
}

Code for generating new key:

@TargetApi(Build.VERSION_CODES.M)
private static boolean generateNewKey() {

    if (getKeyPairGenerator()) {

        try {
            sKeyPairGenerator.initialize(
                    new KeyGenParameterSpec.Builder(FINGERPRINT_KEY_NAME, KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
                            .setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512)
                            .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_OAEP)
                            .setUserAuthenticationRequired(true)
                            .build());
            sKeyPairGenerator.generateKeyPair();
            return true;
        } catch (InvalidAlgorithmParameterException e) {
            e.printStackTrace();
        }
    }
    return false;
}

Error:

    java.security.InvalidKeyException: Keystore operation failed
at android.security.KeyStore.getInvalidKeyException(KeyStore.java:760)
at android.security.KeyStore.getInvalidKeyException(KeyStore.java:781)
at android.security.keystore.KeyStoreCryptoOperationUtils.getInvalidKeyExceptionForInit(KeyStoreCryptoOperationUtils.java:
at android.security.keystore.KeyStoreCryptoOperationUtils.getExceptionForCipherInit(KeyStoreCryptoOperationUtils.java:89)
at android.security.keystore.AndroidKeyStoreCipherSpiBase.ensureKeystoreOperationInitialized(AndroidKeyStoreCipherSpiBase.
at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineInit(AndroidKeyStoreCipherSpiBase.java:109)
at javax.crypto.Cipher.tryTransformWithProvider(Cipher.java:2668)
at javax.crypto.Cipher.tryCombinations(Cipher.java:2575)
at javax.crypto.Cipher$SpiAndProviderUpdater.updateAndGetSpiAndProvider(Cipher.java:2480)
at javax.crypto.Cipher.chooseProvider(Cipher.java:567)
at javax.crypto.Cipher.init(Cipher.java:831)
at javax.crypto.Cipher.init(Cipher.java:772)
at com.mayzusfs.android.moneypolo.app.utils.CryptoUtils.initDecodeCipher(CryptoUtils.java:229)
at com.mayzusfs.android.moneypolo.app.utils.CryptoUtils.initCipher(CryptoUtils.java:189)
at com.mayzusfs.android.moneypolo.app.utils.CryptoUtils.getCryptoObject(CryptoUtils.java:256)
at com.mayzusfs.android.moneypolo.app.fragments.FingerprintScanFragment.prepareSensor(FingerprintScanFragment.java:74)
at com.mayzusfs.android.moneypolo.app.fragments.FingerprintScanFragment.setUpForm(FingerprintScanFragment.java:61)
at com.mayzusfs.android.moneypolo.app.fragments.FingerprintScanFragment.onViewCreated(FingerprintScanFragment.java:26)
at android.support.v4.app.FragmentManagerImpl.moveToState(FragmentManager.java:971)
at android.support.v4.app.FragmentManagerImpl.moveToState(FragmentManager.java:1136)
at android.support.v4.app.BackStackRecord.run(BackStackRecord.java:739)

The used algorithms:

private static final String ALGORITHM= KeyProperties.KEY_ALGORITHM_RSA;
private static final String TRANSFORMATION = ALGORITHM+"/ECB/OAEPWithSHA-256AndMGF1Padding";

Please do not judge me strong, I am new in encryption. I have already tryed several answers from Stackoverflow but no result.

Answer 1

LINK -Android KeyStore operation failed: Unsupported Digest

i have tested in multiples devices now, and found that this issue only occurred with custom OS installed phones, like lineage, resurrection remix, on android version 9 and 10 The above link shares the same details

Hope this helps someone !!

exact log

time: 1583130945557 msg: android.security.KeyStoreException: User authentication required stacktrace: java.security.ProviderException: Keystore operation failed at android.security.keystore.AndroidKeyStoreKeyGeneratorSpi.engineGenerateKey(AndroidKeyStoreKeyGeneratorSpi.java:324) at javax.crypto.KeyGenerator.generateKey(KeyGenerator.java:612) at com.firstdata.mpl.utils.g.a(SourceFile:199) at com.firstdata.mpl.utils.g.b(SourceFile:95) at com.firstdata.mpl.utils.g.d(SourceFile:132) at com.firstdata.mpl.utils.g.(SourceFile:62) at com.firstdata.mpl.utils.g.a(SourceFile:69) at com.firstdata.mpl.utils.aa.f(SourceFile:2769) at com.firstdata.mpl.FirstFuelApplication$11.run(SourceFile:1161) at android.os.Handler.handleCallback(Handler.java:873) at android.os.Handler.dispatchMessage(Handler.java:99) at android.os.Looper.loop(Looper.java:193) at android.app.ActivityThread.main(ActivityThread.java:6724) at java.lang.reflect.Method.invoke(Native Method) at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:495) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858) Caused by: android.security.KeyStoreException: User authentication required at android.security.KeyStore.getKeyStoreException(KeyStore.java:813) ... 16 more

Answer 2

If anybody else is arrives here via Google:

In the exception that gets thrown, check the "cause" variable. This will give you give you the details that you need. In the example above, the problem will most likely be "Incompatible padding mode"