Storing Ed25519 Private key on Android

Question

I am working on a java sdk which will be used for encryption/decryption of different data/messages and much more. It uses BouncyCastle v1.68 library, as well as Ed25519 algorithm for signing.

One of the requirements is to store Ed25519 private key. Since the sdk will be used for Android development as well, I need to expose api for storing of this type of the key on the Android platform.

Based on Android keystore system documentation https://developer.android.com/training/articles/keystore, it looks like it cannot be used for storing of Ed25519 Private Key.

I do not have a lot of experience with Android development, therefore I would really appreciate proposals on how to solve this problem ?

Answer 1

I know this is an old question, but there is a popular "work around" how you can overcome the limitations of Android keystore.

If you need to generate and store any key (e.g. Ed25519, secp256k1), which is not supported by keystore, the usual strategy is to make use of a symmetric wrapper key.

Example: Ed25519 key

1. Generate Ed25519 key pair with BouncyCastle
2. Generate master AES key using Keystore
3. Encrypt Ed25519 private key with master AES key
4. Save encrypted Ed25519 private key in local storage (ideally should be encrypted too) or encrypted file

Now, whenever you need to access Ed25519 private key, you need to unwrap it first using AES master key, which is held in keystore.

This is the best you can do right now, alternative would be to use 3rd party key management services (AWS KMS, Hashicorp Vault, Azure Key Vault).