CODEWITHSUNDEEP
androidtink
MikeOscarEcho
MikeOscarEcho

Reputation: 546

Google Tink Crypto library - KeyGenerator AES implementation not found

I'm running into this issue on a tablet device running Android KitKat as well as on a Samsung Tab-A on Lollipop. It has worked fine on an Acer tablet running Android M.

Here's the failure point:

private KeysetHandle getOrGenerateNewKeysetHandle() throws IOException, GeneralSecurityException {
        return new AndroidKeysetManager.Builder()
                .withSharedPref(getApplicationContext(), TINK_KEYSET_NAME, TINK_PREF_FILE_NAME)
                .withKeyTemplate(AeadKeyTemplates.AES256_GCM) // Failure point
                .withMasterKeyUri(ANDROID_KEYSTORE_TINK_MASTER_KEY_URI)
                .build()
                .getKeysetHandle();
    }

And then I initialize my AEAD when initializing Tink:

// google\Tink crypto
try {
    TinkConfig.register();
    aead = AeadFactory.getPrimitive(getOrGenerateNewKeysetHandle());
    Log.i(LOG_TAG, "Tink registered.");
} catch (GeneralSecurityException | IOException e) {
    e.printStackTrace();
    Log.e(LOG_TAG, "Tink failed to register or could not generate a keyset handle.");
    Log.e(LOG_TAG, "Tink failed to register: " + e.getMessage());
}

Either way, Tink fails to initialize with the below caught message:

10-03 16:10:58.319 com.mycompany.myapp.debug E/MainActivity: Tink failed to register: KeyGenerator AES implementation not found

Is there a specific KeyTemplate I can replace the below with?

AeadKeyTemplates.AES256_GCM

Full Stacktrace:

10-03 17:25:45.235 com.mycompany.myapp.debug W/System.err: java.security.NoSuchAlgorithmException: KeyGenerator AES implementation not found
10-03 17:25:45.245 com.mycompany.myapp.debug W/System.err:     at org.apache.harmony.security.fortress.Engine.notFound(Engine.java:177)
10-03 17:25:45.255 com.mycompany.myapp.debug W/System.err:     at org.apache.harmony.security.fortress.Engine.getInstance(Engine.java:170)
10-03 17:25:45.255 com.mycompany.myapp.debug W/System.err:     at javax.crypto.KeyGenerator.getInstance(KeyGenerator.java:163)
10-03 17:25:45.255 com.mycompany.myapp.debug W/System.err:     at javax.crypto.KeyGenerator.getInstance(KeyGenerator.java:135)
10-03 17:25:45.255 com.mycompany.myapp.debug W/System.err:     at com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient.generateNewAeadKey(AndroidKeystoreKmsClient.java:141)
10-03 17:25:45.265 com.mycompany.myapp.debug W/System.err:     at com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient.getOrGenerateNewAeadKey(AndroidKeystoreKmsClient.java:128)
10-03 17:25:45.265 com.mycompany.myapp.debug W/System.err:     at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.withMasterKeyUri(AndroidKeysetManager.java:157)
10-03 17:25:45.265 com.mycompany.myapp.debug W/System.err:     at com.mycompany.myapp.MainActivity.getOrGenerateNewKeysetHandle(MainActivity.java:2520)
10-03 17:25:45.265 com.mycompany.myapp.debug W/System.err:     at com.mycompany.myapp.MainActivity.initializeRequiredAppComponents(MainActivity.java:2554)
10-03 17:25:45.265 com.mycompany.myapp.debug W/System.err:     at com.mycompany.myapp.MainActivity.onCreate(MainActivity.java:230)
10-03 17:25:45.275 com.mycompany.myapp.debug W/System.err:     at android.app.Activity.performCreate(Activity.java:5231)
10-03 17:25:45.275 com.mycompany.myapp.debug W/System.err:     at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1087)
10-03 17:25:45.275 com.mycompany.myapp.debug W/System.err:     at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2159)
10-03 17:25:45.275 com.mycompany.myapp.debug W/System.err:     at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2245)
10-03 17:25:45.275 com.mycompany.myapp.debug W/System.err:     at android.app.ActivityThread.access$800(ActivityThread.java:135)
10-03 17:25:45.285 com.mycompany.myapp.debug W/System.err:     at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1196)
10-03 17:25:45.285 com.mycompany.myapp.debug W/System.err:     at android.os.Handler.dispatchMessage(Handler.java:102)
10-03 17:25:45.285 com.mycompany.myapp.debug W/System.err:     at android.os.Looper.loop(Looper.java:136)
10-03 17:25:45.285 com.mycompany.myapp.debug W/System.err:     at android.app.ActivityThread.main(ActivityThread.java:5017)
10-03 17:25:45.285 com.mycompany.myapp.debug W/System.err:     at java.lang.reflect.Method.invokeNative(Native Method)
10-03 17:25:45.295 com.mycompany.myapp.debug W/System.err:     at java.lang.reflect.Method.invoke(Method.java:515)
10-03 17:25:45.295 com.mycompany.myapp.debug W/System.err:     at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:779)
10-03 17:25:45.295 com.mycompany.myapp.debug W/System.err:     at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:595)
10-03 17:25:45.295 com.mycompany.myapp.debug W/System.err:     at dalvik.system.NativeStart.main(Native Method)
10-03 17:25:45.295 com.mycompany.myapp.debug E/MainActivity: GeneralSecurityException - Tink failed to register or could not generate a keyset handle: KeyGenerator AES implementation not found
10-03 17:25:45.295 com.mycompany.myapp.debug E/MainActivity: isMDMAPISupported: Exception ignored

Upvotes: 0

Views: 1957

Answers (1)

MikeOscarEcho
MikeOscarEcho

Reputation: 546

The below worked as a temporary workaround when running into the issue on Tink v1.2.0. For Android SDK below 23, we skip using the Keystore when building the keysetManager.

However, this should no longer be an issue on Tink v1.2.1 (when it is released) as I've tested the latest HEAD-SNAPSHOT and did not experience a crash.

    private KeysetHandle getOrGenerateNewKeysetHandle() throws IOException, GeneralSecurityException {
        AndroidKeysetManager.Builder keysetManagerBuilder = new AndroidKeysetManager.Builder()
                .withSharedPref(getApplicationContext(), TINK_KEYSET_NAME, TINK_PREF_FILE_NAME)
                .withKeyTemplate(AeadKeyTemplates.AES256_GCM);

        if (Build.VERSION.SDK_INT >= 23) {
            keysetManagerBuilder.withMasterKeyUri(ANDROID_KEYSTORE_TINK_MASTER_KEY_URI);
        } else {
            keysetManagerBuilder.doNotUseKeystore();
        }

        return keysetManagerBuilder.build().getKeysetHandle();
    }

Upvotes: 1

Related Questions