2

First off I am new to android Programming, though I am not new to programming itself. What I am, essentially, trying to do is to save my encryption Keys into the Android Keystore. There seems to be a phenomenal lack of such information on GOOGLE, itself. Since there is not much how-to available on the topic I am assuming that it isn't fairly standard knowledge. So can someone please give me a sample code to

  1. Initialize the KeyStore(Will be using AES-256).
  2. Save multiple keys in a KeyStore(Please tell me the max number of keys I can store in 1 KeyStore, since i plan on saving nothing short of a 100).
  3. Get Keys from KeyStore.
  4. Edit Keys
  5. Delete Keys
  6. Delete Entire KeyStore

So in essence a code for all basic functions of a keystore. Thank you in advance for your assistance.

Improve this question
1
  • Take a look at this. Commented Mar 2, 2015 at 8:52

2 Answers 2

Reset to default
6

If you set your minSdkVersion to 23 or higher Android M makes it easy to generate and manage symmetric keys as of this month.

Check out the 4th example listed here. https://developer.android.com/reference/android/security/keystore/KeyGenParameterSpec.html

 KeyGenerator keyGenerator = KeyGenerator.getInstance(
         KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore");
 keyGenerator.init(
         new KeyGenParameterSpec.Builder("key2",
                 KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
                 .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
                 .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
                 .build());
 SecretKey key = keyGenerator.generateKey();

 Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
 cipher.init(Cipher.ENCRYPT_MODE, key);
 ...

 // The key can also be obtained from the Android Keystore any time as follows:
 KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
 keyStore.load(null);
 key = (SecretKey) keyStore.getKey("key2", null);

This example also was helpful. https://github.com/googlesamples/android-ConfirmCredential/blob/master/Application/src/main/java/com/example/android/confirmcredential/MainActivity.java

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

And what if you want to support both older (i.e. API 18) and newer (API 23+) devices using the same solution ?
I have not touched this in a long time, but as far as I remember there was no good solution.
it should be keyGenerator.init instead of keyGenerator.initialize. There is no such method for KeyGenerator as initialize(). initialize() method is in KeyPairGenerator
0

I think Android Key Store does not support symmetric keys like AES keys. Please refer to here. BTW, why does the app need so many symmetric keys? I suggest that you store one master asymmetric key in key store, and use this key to encrypt many other symmetric keys in your app. Hope you solve your problem soon.

Improve this answer

1 Comment

Symmetric key generation and storage in the Android KeyStore is supported as of Marshmallow (Android 6 / API Level 23). See here for more info.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.