android.security.KeyStoreException-62
我有一个Android应用程序,它使用Android安全密钥库来加密/解密帐户信息 min SDK设置为23,因此有效的密钥库应该始终可用,但是,我收到了少量关于密钥库失败的崩溃报告,其中一个来自运行Android 10的基本PH1手机 报告的错误如下android.security.KeyStoreException-62,android,encryption,android-keystore,Android,Encryption,Android Keystore,我有一个Android应用程序,它使用Android安全密钥库来加密/解密帐户信息 min SDK设置为23,因此有效的密钥库应该始终可用,但是,我收到了少量关于密钥库失败的崩溃报告,其中一个来自运行Android 10的基本PH1手机 报告的错误如下 Non-fatal Exception: java.security.InvalidKeyException Keystore operation failed android.security.KeyStore.getInvalidKeyExc
Non-fatal Exception: java.security.InvalidKeyException
Keystore operation failed
android.security.KeyStore.getInvalidKeyException (KeyStore.java:1362)
android.security.KeyStore.getInvalidKeyException (KeyStore.java:1402)
android.security.keystore.KeyStoreCryptoOperationUtils.getInvalidKeyExceptionForInit (KeyStoreCryptoOperationUtils.java:54)
android.security.keystore.KeyStoreCryptoOperationUtils.getExceptionForCipherInit (KeyStoreCryptoOperationUtils.java:89)
android.security.keystore.AndroidKeyStoreCipherSpiBase.ensureKeystoreOperationInitialized (AndroidKeyStoreCipherSpiBase.java:265)
android.security.keystore.AndroidKeyStoreCipherSpiBase.engineInit (AndroidKeyStoreCipherSpiBase.java:148)
javax.crypto.Cipher.tryTransformWithProvider (Cipher.java:2980)
javax.crypto.Cipher.tryCombinations (Cipher.java:2891)
javax.crypto.Cipher$SpiAndProviderUpdater.updateAndGetSpiAndProvider (Cipher.java:2796)
javax.crypto.Cipher.chooseProvider (Cipher.java:773)
javax.crypto.Cipher.init (Cipher.java:1288)
javax.crypto.Cipher.init (Cipher.java:1223)
Caused by android.security.KeyStoreException
-62
android.security.KeyStore.getKeyStoreException (KeyStore.java:1292)
android.security.KeyStore.getInvalidKeyException (KeyStore.java:1402)
android.security.keystore.KeyStoreCryptoOperationUtils.getInvalidKeyExceptionForInit (KeyStoreCryptoOperationUtils.java:54)
android.security.keystore.KeyStoreCryptoOperationUtils.getExceptionForCipherInit (KeyStoreCryptoOperationUtils.java:89)
android.security.keystore.AndroidKeyStoreCipherSpiBase.ensureKeystoreOperationInitialized (AndroidKeyStoreCipherSpiBase.java:265)
android.security.keystore.AndroidKeyStoreCipherSpiBase.engineInit (AndroidKeyStoreCipherSpiBase.java:148)
javax.crypto.Cipher.tryTransformWithProvider (Cipher.java:2980)
javax.crypto.Cipher.tryCombinations (Cipher.java:2891)
javax.crypto.Cipher$SpiAndProviderUpdater.updateAndGetSpiAndProvider (Cipher.java:2796)
javax.crypto.Cipher.chooseProvider (Cipher.java:773)
javax.crypto.Cipher.init (Cipher.java:1288)
javax.crypto.Cipher.init (Cipher.java:1223)
在不同的场合,它似乎也会失败
Caused by android.security.KeyStoreException
-62
android.security.KeyStore.getKeyStoreException (KeyStore.java:839)
android.security.keystore.AndroidKeyStoreProvider.getKeyCharacteristics (AndroidKeyStoreProvider.java:236)
android.security.keystore.AndroidKeyStoreProvider.loadAndroidKeyStoreKeyFromKeystore (AndroidKeyStoreProvider.java:356)
android.security.keystore.AndroidKeyStoreSpi.engineGetKey (AndroidKeyStoreSpi.java:101)
java.security.KeyStore.getKey (KeyStore.java:1062)
我在互联网和安卓源代码中搜寻了一些关于错误-62的信息,除了一份包含“信号”相同错误的报告外,什么也没有找到,而这个错误似乎从未解决过
我不知道这是什么原因,也不知道为什么它能在其他设备上正常工作
如果有人能对这个问题提出一些看法,我们将不胜感激
如果有区别的话,我使用AES 128加密和GCMParameterSpec以及固定的IV
该键是使用以下参数创建的
setBlockModes(KeyProperties.BLOCK_MODE_GCM)
setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
setKeySize(128)
setRandomizedEncryptionRequired(false)
编辑
我终于在这里找到了错误定义和描述
KM_错误_密钥_需要升级=-62
keymaster_error_t (* upgrade_key)(const struct keymaster2_device *dev, const keymaster_key_blob_t *key_to_upgrade, const keymaster_key_param_set_t *upgrade_params, keymaster_key_blob_t *upgraded_key)
Upgrades an old key. Keys can become "old" in two ways: Keymaster can be upgraded to a new version, or the system can be updated to invalidate the OS version and/or patch level. In either case, attempts to use an old key will result in keymaster returning KM_ERROR_KEY_REQUIRES_UPGRADE. This method should then be called to upgrade the key.
Parameters
[in] dev The keymaster device structure.
[in] key_to_upgrade The keymaster key to upgrade.
[in] upgrade_params Parameters needed to complete the upgrade. In particular, KM_TAG_APPLICATION_ID and KM_TAG_APPLICATION_DATA will be required if they were defined for the key.
[out] upgraded_key The upgraded key blob.
这意味着安全补丁或更新操作系统需要升级密钥。但这没有意义,因为每次启动应用程序时都会发生这种情况,而且操作系统肯定不会经常更新
“升级密钥”功能似乎是Android系统的一部分,甚至无法从java端访问。你究竟打算如何处理这个错误 作为应用程序开发人员,您不应该处理此错误。这将由keystore守护进程透明地处理。如果它一直流到应用程序,则说明出现了严重问题。keystore守护进程或底层keymaster实现中可能存在错误 如果您可以很容易地复制它,那么您可以提交一份bug报告,这将很有帮助: