Where does android keystore store keypairs object?

Question

I'm using keyStore to save some important information in my android device (consider that information as a public key and private key). I want to know that where does that keyPair stored? In trusted execution environment? This environment is hardware or software?

Answer 1

Keys are never made available to the application process, which makes them more difficult to extract for an attacker.

Keys may be stored in hardware, depending on the device and key type. Your code can check whether a key is in hardware or not.

See Android keystore system:

• Key material never enters the application process. When an application performs cryptographic operations using an Android Keystore key, behind the scenes plaintext, ciphertext, and messages to be signed or verified are fed to a system process which carries out the cryptographic operations. If the app's process is compromised, the attacker may be able to use the app's keys but cannot extract their key material (for example, to be used outside of the Android device).
• Key material may be bound to the secure hardware (e.g., Trusted Execution Environment (TEE), Secure Element (SE)) of the Android device. When this feature is enabled for a key, its key material is never exposed outside of secure hardware. If the Android OS is compromised or an attacker can read the device's internal storage, the attacker may be able to use any app's Android Keystore keys on the Android device, but not extract them from the device. This feature is enabled only if the device's secure hardware supports the particular combination of key algorithm, block modes, padding schemes, and digests with which the key is authorized to be used. To check whether the feature is enabled for a key, obtain a KeyInfo for the key and inspect the return value of KeyInfo.isInsideSecurityHardware().