I have given modulus, public exponent and private exponent and I need to store those values securely on Android. How can I achieve that?
我已经给出了模量,公共指数和私有指数我需要在Android上安全地存储这些值。我怎么才能做到呢?
Most examples are creating public and private keys without getting n,d,e parameters. I have given those n,e,d values and want to store them securely and then use those values to create my ICC Public Key Certificate and also to sign my dynamic data.
大多数示例是创建公共和私有密钥,而不获取n、d和e参数。我已经给出了这些n,e,d值,并希望将它们安全地存储起来,然后使用这些值来创建我的ICC公钥证书,以及签名我的动态数据。
How can I achieve that?
我怎么才能做到呢?
2 个解决方案
#1
6
Use the Keystore System.
使用密钥存储库系统。
setEntry() allows you to store any object implementing KeyStore.Entry. You can simply implement your own subtype if you need to store data that doesn't fit the defaults. (There's RSAPrivateCrtKey though, which you can store in a PrivateKeyEntry.)
setEntry()允许存储实现KeyStore.Entry的任何对象。如果需要存储不符合默认值的数据,可以实现自己的子类型。(不过还有RSAPrivateCrtKey,您可以将它存储在PrivateKeyEntry中。)
#2
2
Probably, the only secure storage on an Android device would be Android Keystore System.
Android设备上唯一的安全存储可能是Android密钥存储系统。
Key material never enters the application process.
关键材料永远不会进入应用程序。
and
和
Key material may be bound to the secure hardware.
关键材料可以绑定到安全硬件上。
(see http://developer.android.com/training/articles/keystore.html)
(参见http://developer.android.com/training/articles/keystore.html)
The problem with it is that you are restricted in what you can store in it. The KeyChain class allows you to store private keys and certificate chains. While, the Keystore Provider supports the following types of entries: PrivateKeyEntry, SecretKeyEntry, TrustedCertificateEntry according to docs. In practice, trying to put an instance of SecretKeyEntry causes an exception.
它的问题是你被限制在你可以储存的东西里面。KeyChain类允许您存储私钥和证书链。同时,Keystore提供程序支持以下类型的条目:PrivateKeyEntry、SecretKeyEntry、TrustedCertificateEntry(根据文档)。在实践中,尝试放置一个SecretKeyEntry实例会导致一个异常。
I suggest putting two entries in the keystore.
我建议在密钥存储库中放置两个条目。
- KeyStore.PrivateKeyEntry that you can instantiate given a PrivateKey (generated from the modulus and the private exponent using RSAPrivateKeySpec in conjunction with KeyFactory)
- 密钥存储库。PrivateKeyEntry,您可以实例化给定的PrivateKey(使用RSAPrivateKeySpec和KeyFactory结合使用RSAPrivateKeySpec从模数和私有指数生成)
- KeyStore.TrustedCertificateEntry with your self signed certificate, which you would have to pre-generate using java keytool and load at runtime from assets. It is not supposed to be secret by definition.
- 密钥存储库。使用自签名证书的TrustedCertificateEntry,您必须使用java keytool预生成证书,并在运行时从assets加载证书。从定义上讲,它不应该是秘密。
#1
6
Use the Keystore System.
使用密钥存储库系统。
setEntry() allows you to store any object implementing KeyStore.Entry. You can simply implement your own subtype if you need to store data that doesn't fit the defaults. (There's RSAPrivateCrtKey though, which you can store in a PrivateKeyEntry.)
setEntry()允许存储实现KeyStore.Entry的任何对象。如果需要存储不符合默认值的数据,可以实现自己的子类型。(不过还有RSAPrivateCrtKey,您可以将它存储在PrivateKeyEntry中。)
#2
2
Probably, the only secure storage on an Android device would be Android Keystore System.
Android设备上唯一的安全存储可能是Android密钥存储系统。
Key material never enters the application process.
关键材料永远不会进入应用程序。
and
和
Key material may be bound to the secure hardware.
关键材料可以绑定到安全硬件上。
(see http://developer.android.com/training/articles/keystore.html)
(参见http://developer.android.com/training/articles/keystore.html)
The problem with it is that you are restricted in what you can store in it. The KeyChain class allows you to store private keys and certificate chains. While, the Keystore Provider supports the following types of entries: PrivateKeyEntry, SecretKeyEntry, TrustedCertificateEntry according to docs. In practice, trying to put an instance of SecretKeyEntry causes an exception.
它的问题是你被限制在你可以储存的东西里面。KeyChain类允许您存储私钥和证书链。同时,Keystore提供程序支持以下类型的条目:PrivateKeyEntry、SecretKeyEntry、TrustedCertificateEntry(根据文档)。在实践中,尝试放置一个SecretKeyEntry实例会导致一个异常。
I suggest putting two entries in the keystore.
我建议在密钥存储库中放置两个条目。
- KeyStore.PrivateKeyEntry that you can instantiate given a PrivateKey (generated from the modulus and the private exponent using RSAPrivateKeySpec in conjunction with KeyFactory)
- 密钥存储库。PrivateKeyEntry,您可以实例化给定的PrivateKey(使用RSAPrivateKeySpec和KeyFactory结合使用RSAPrivateKeySpec从模数和私有指数生成)
- KeyStore.TrustedCertificateEntry with your self signed certificate, which you would have to pre-generate using java keytool and load at runtime from assets. It is not supposed to be secret by definition.
- 密钥存储库。使用自签名证书的TrustedCertificateEntry,您必须使用java keytool预生成证书,并在运行时从assets加载证书。从定义上讲,它不应该是秘密。