Till
Till

Reputation: 692

Android Keystore Type which one should I choose?

I want to store secure data in a keystore. Therefore I use

KeyStore store = KeyStore.getInstance("JCEKS");

But Android seems to not know "JCEKS".

04-18 10:52:17.236: WARN/System.err(474): java.security.KeyStoreException: KeyStore JCEKS implementation not found

Trying JKS gives the same error. What algorithm is good to use it on android?

Upvotes: 7

Views: 16773

Answers (6)

JDOaktown
JDOaktown

Reputation: 4474

This might help:

see https://github.com/nelenkov/ecdh-kx/blob/master/src/org/nick/ecdhkx/Crypto.java

static public void listAlgorithms( String algFilter ){
    java.security.Provider[] providers = java.security.Security.getProviders();
    for ( java.security.Provider p : providers ){
        String providerStr = String.format( "%s/%s/%f\n", p.getName(), p.getInfo(),
                                            p.getVersion() );
        mLog.debug( providerStr );
        Set< Service > services = p.getServices();
        List< String > algs = new ArrayList<>();
        for ( Service s : services ){
            boolean match = true;
            if ( algFilter != null ){
                match = s.getAlgorithm().toLowerCase().contains( algFilter.toLowerCase() );
            }

            if ( match ){
                String algStr = String.format( "\t%s/%s/%s", s.getType(),
                                               s.getAlgorithm(), s.getClassName() );
                algs.add( algStr );
            }
        }

        Collections.sort( algs );
        for ( String alg : algs ) mLog.debug( "\t" + alg );
        mLog.debug( "" );
    }
}//listAlgorithms

Upvotes: 0

Adil Hussain
Adil Hussain

Reputation: 32221

This worked for me:

KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");

Remember to call KeyStore.load(KeyStore.LoadStoreParameter param) before calling KeyStore.getEntry (String alias, KeyStore.ProtectionParameter param), i.e.

keyStore.load(null);
KeyStore.Entry keyStoreEntry = keyStore.getEntry(alias, null);

Upvotes: 2

Android seems to be using bouncycastle provider. This is the default provider that, the api returns. To be sure which one is available as default on the device use KeyStore.getDefaultType().

In my case this returned 'BKS'. Also there seems to be an exception when there is a '.' character in the keystore file path.

when I stored the store to a folder with the name of my package (as recommended in the Android documentation), it resulted in an exception.

you may like to check this also.

Upvotes: 11

clseto
clseto

Reputation: 21

You need bouncy castle key store (BKS). Take a look here

Upvotes: 2

Jo&#227;o Gavazzi
Jo&#227;o Gavazzi

Reputation: 31

Use it's KeyStore keyStore = KeyStore.getInstance("PKCS12");

Create keystore with tool "KeyTools Explorer" !

Upvotes: 3

Daisetsu
Daisetsu

Reputation: 4976

Did you load the keystore before you tried to access it? Did the error message happen right at the getInstance instruction?

Some googling has said that "PKCS12" worked for a few people, give that a go.

Upvotes: 4

Related Questions