CODEWITHSUNDEEP
javaandroidencryptionkotlinandroid-keystore
Genaro Alberto Cancino Herrera
Genaro Alberto Cancino Herrera

Reputation: 243

Android KeyStore Encrypt and Decrypt Data

My problem is this: I am trying to encrypt some user's sensitive data before save it into my Database. Encryption was not a problem, the problem begins in the decryption part.

I got this:

07-22 16:25:38.941 18035-18035/io.nourish.strongerasfukk E/AndroidRuntime: FATAL EXCEPTION: main
Process: io.nourish.strongerasfukk, PID: 18035
java.lang.RuntimeException: Unable to start activity ComponentInfo{io.nourish.strongerasfukk/io.nourish.strongerasfukk.Register}: java.security.InvalidKeyException: Keystore operation failed
    at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2450)
    at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2520)
    at android.app.ActivityThread.-wrap11(ActivityThread.java)
    at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1363)
    at android.os.Handler.dispatchMessage(Handler.java:102)
    at android.os.Looper.loop(Looper.java:148)
    at android.app.ActivityThread.main(ActivityThread.java:5466)
    at java.lang.reflect.Method.invoke(Native Method)
    at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726)
    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616)
 Caused by: java.security.InvalidKeyException: Keystore operation failed
    at android.security.KeyStore.getInvalidKeyException(KeyStore.java:692)
    at android.security.KeyStore.getInvalidKeyException(KeyStore.java:712)
    at android.security.keystore.KeyStoreCryptoOperationUtils.getInvalidKeyExceptionForInit(KeyStoreCryptoOperationUtils.java:54)
    at android.security.keystore.KeyStoreCryptoOperationUtils.getExceptionForCipherInit(KeyStoreCryptoOperationUtils.java:89)
    at android.security.keystore.AndroidKeyStoreCipherSpiBase.ensureKeystoreOperationInitialized(AndroidKeyStoreCipherSpiBase.java:263)
    at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineInit(AndroidKeyStoreCipherSpiBase.java:108)
    at javax.crypto.Cipher.tryTransformWithProvider(Cipher.java:612)
    at javax.crypto.Cipher.tryCombinations(Cipher.java:532)
    at javax.crypto.Cipher.getSpi(Cipher.java:437)
    at javax.crypto.Cipher.init(Cipher.java:815)
    at javax.crypto.Cipher.init(Cipher.java:774)
    at **io.nourish.strongerasfukk.utilities.Encryption.decrypt(Encryption.kt:28)
    at io.nourish.strongerasfukk.Register.onCreate(Register.kt:54)**
    at android.app.Activity.performCreate(Activity.java:6251)
    at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1108)
    at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2403)
    at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2520) 
    at android.app.ActivityThread.-wrap11(ActivityThread.java) 
    at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1363) 
    at android.os.Handler.dispatchMessage(Handler.java:102) 
    at android.os.Looper.loop(Looper.java:148) 
    at android.app.ActivityThread.main(ActivityThread.java:5466) 
    at java.lang.reflect.Method.invoke(Native Method) 
    at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726) 
    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616) 
 Caused by: android.security.KeyStoreException: Incompatible padding mode
    at android.security.KeyStore.getKeyStoreException(KeyStore.java:632)
    at android.security.KeyStore.getInvalidKeyException(KeyStore.java:712) 
    at android.security.keystore.KeyStoreCryptoOperationUtils.getInvalidKeyExceptionForInit(KeyStoreCryptoOperationUtils.java:54) 
    at android.security.keystore.KeyStoreCryptoOperationUtils.getExceptionForCipherInit(KeyStoreCryptoOperationUtils.java:89) 
    at android.security.keystore.AndroidKeyStoreCipherSpiBase.ensureKeystoreOperationInitialized(AndroidKeyStoreCipherSpiBase.java:263) 
    at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineInit(AndroidKeyStoreCipherSpiBase.java:108) 
    at javax.crypto.Cipher.tryTransformWithProvider(Cipher.java:612) 
    at javax.crypto.Cipher.tryCombinations(Cipher.java:532) 
    at javax.crypto.Cipher.getSpi(Cipher.java:437) 
    at javax.crypto.Cipher.init(Cipher.java:815) 
    at javax.crypto.Cipher.init(Cipher.java:774) 
    at io.nourish.strongerasfukk.utilities.Encryption.decrypt(Encryption.kt:28) 
    at io.nourish.strongerasfukk.Register.onCreate(Register.kt:54) 
    at android.app.Activity.performCreate(Activity.java:6251) 
    at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1108) 
    at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2403) 
    at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2520) 
    at android.app.ActivityThread.-wrap11(ActivityThread.java) 
    at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1363) 
    at android.os.Handler.dispatchMessage(Handler.java:102) 
    at android.os.Looper.loop(Looper.java:148) 
    at android.app.ActivityThread.main(ActivityThread.java:5466) 
    at java.lang.reflect.Method.invoke(Native Method) 
    at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726) 
    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616) 

As you can see, the problem reference this two lines of code, which are:

Encryption.kt (line 28)

cipher.init(Cipher.DECRYPT_MODE, key)

&

Register.kt (line 54)

var decryptedData = encryption.decrypt(encryptedData,masterKey?.private)

I've tried to put in the Cipher.init the provider or without the provider and got the same error; I've sought on the web or over here for some solutions but got nothing. What I am missing or doing wrong? Also, I tried the example over here (Link) without any result as well.

I got the code example from this link (link) but had to modify some things to my own purporses.

Here is my code, for better understanding.

KeyStoreAdapter.kt

class KeyStoreAdapter {

private val kS = createAndroidKeyStore()

fun checkIfKeyExists(key: String) {
    val keyStore = KeyStore.getInstance("AndroidKeyStore").apply { load(null) }
    val alias = keyStore.aliases().toList()

    if(!alias.contains(key)) {
        val kpg: KeyPairGenerator = KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore")
        val parameterSpec: KeyGenParameterSpec = KeyGenParameterSpec.Builder("MasterKeys", KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT)
                .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
                .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1)
                .build()
        kpg.initialize(parameterSpec)
        kpg.generateKeyPair()
    }
}

fun getKeys(alias: String): KeyPair? {
    val privateKey = kS.getKey(alias, null) as PrivateKey?
    val publicKey = kS.getCertificate(alias)?.publicKey

    return if(privateKey != null && publicKey != null) {
        KeyPair(publicKey, privateKey)
    } else {
        null
    }
}

private fun createAndroidKeyStore(): KeyStore {
    val keyStore = KeyStore.getInstance("AndroidKeyStore")
    keyStore.load(null)
    return keyStore
}

}

Encryption.kt class Encryption {

val cipher = Cipher.getInstance(Config.TRANSFORMATION)

fun encrypt(data: String, key: Key?): String {
    cipher.init(Cipher.ENCRYPT_MODE, key)
    val bytes = cipher.doFinal(data.toByteArray())
    return Base64.encodeToString(bytes, Base64.DEFAULT)
}

fun decrypt(data: String, key: Key?): String {
    cipher.init(Cipher.DECRYPT_MODE, key)
    val encryptedData = Base64.decode(data, Base64.DEFAULT)
    val decodedData = cipher.doFinal(encryptedData)
    return String(decodedData)
}

}

const val TRANSFORMATION = "RSA/ECB/PKCS1Padding"

Thanks in advance to everyone!

Upvotes: 4

Views: 6381

Answers (1)

Kislingk
Kislingk

Reputation: 1457

Try use padding as "OAEPwithSHA-1andMGF1Padding". It is supported from SDK 10+. Code:

const val TRANSFORMATION = "RSA/ECB/OAEPwithSHA-1andMGF1Padding"

Generate key 

val keyPairGenerator = KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore")
keyPairGenerator.initialize(KeyGenParameterSpec.Builder(KEY_ALIAS, KeyProperties.PURPOSE_ENCRYPT
                    or KeyProperties.PURPOSE_DECRYPT)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_OAEP)
.setDigests(KeyProperties.DIGEST_SHA1) 
.build())

Upvotes: 4

Related Questions