Fatal编程技术网
  • android/
  • Android 当直接使用从密钥库加载的SecretKey时,密钥用户未经过身份验证

Android 当直接使用从密钥库加载的SecretKey时,密钥用户未经过身份验证

android encryption

Android 当直接使用从密钥库加载的SecretKey时,密钥用户未经过身份验证,android,encryption,keystore,Android,Encryption,Keystore,我正在尝试使用密钥库中加载了SecretKey的Cipher加密数据,但始终出现以下错误: 原因:android.security.KeyStoreException:密钥用户未经身份验证 我试着自己创建SecretKeySpec,它成功了。我正在使用安卓Q进行测试 谁能帮我解释一下这个问题吗 我的代码 public Cipher createCipher() { Cipher cipher; try { cipher = Ciph

我正在尝试使用密钥库中加载了SecretKey的Cipher加密数据,但始终出现以下错误:

原因:android.security.KeyStoreException:密钥用户未经身份验证

我试着自己创建SecretKeySpec,它成功了。我正在使用安卓Q进行测试

谁能帮我解释一下这个问题吗

我的代码

    public Cipher createCipher() {
        Cipher cipher;
        try {
            cipher = Cipher.getInstance(
                    KeyProperties.KEY_ALGORITHM_AES + "/"
                            + KeyProperties.BLOCK_MODE_CBC + "/"
                            + KeyProperties.ENCRYPTION_PADDING_PKCS7);
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new RuntimeException("Failed to get Cipher", e);
        }
        return cipher;
    }

    public boolean initCipher() {
        try {
            cipher = createCipher();
            SecretKey key = KeyStoreTools.getSecretKey(KEY_NAME);
            cipher.init(Cipher.ENCRYPT_MODE, key);
            return true;
        } catch (KeyPermanentlyInvalidatedException e) {
            KeyStoreTools.removeAlias(KEY_NAME);
            return false;
        } catch (Throwable e) {
            throw new RuntimeException("Failed to init Cipher", e);
        }
    }
    public static SecretKey getSecretKey(String keyName) {
        Key key = getKey(keyName);
        if (!keyExists(key)) {
            key = generateKey(keyName);
        }
        return (SecretKey) key;
    }

    public static SecretKey generateKey(String keyName) {
        SecretKey secretKey = null;
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, ANDROID_KEY_STORE);
            KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(keyName,
                    KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT);
            builder.setBlockModes(KeyProperties.BLOCK_MODE_CBC)
                    .setUserAuthenticationRequired(true)
                    .setEncryptionPaddings(
                            KeyProperties.ENCRYPTION_PADDING_PKCS7);
            keyGenerator.init(builder.build());
            secretKey = keyGenerator.generateKey();
        } catch (NoSuchAlgorithmException | NoSuchProviderException exc) {
            exc.printStackTrace();
        } catch (Throwable e) {
            throw new RuntimeException("Failed to generateKey", e);
        }
        return secretKey;
    }

    public String encrypt(Cipher cipher, byte[] dataToEncrypt) {
        try {
            MessageDigest md = MessageDigest.getInstance("SHA-256");
            md.update(dataToEncrypt);
            byte[] enc = cipher.doFinal(md.digest());
            String base64 = Base64.encodeToString(enc, Base64.DEFAULT);
            return base64;
        } catch (BadPaddingException | IllegalBlockSizeException | NoSuchAlgorithmException e ) {
            e.printStackTrace();
        }
        return "";
    }
我的问题在于:

在密钥被标记为成功的用户身份验证之前,我使用密码进行加密。因此,将加密移到身份验证中成功,并且工作正常

希望我的回答能帮助别人