The Android Keystore system lets you store private keys in a container to make it more difficult to extract from the device. Once keys are in the keystore, they can be used for cryptographic operations with the private key material remaining non-exportable.
The Keystore system is used by the
KeyChain
API as well as the Android
Keystore provider feature that was introduced in Android 4.3
(API level 18). This document goes over when and how to use the
Android Keystore provider.
Choosing Between a Keychain or the Android Keystore Provider
Use the
KeyChain
API when you want
system-wide credentials. When an app requests the use of any credential
through the
KeyChain
API, users get to
choose, through a system-provided UI, which of the installed credentials
an app can access. This allows several apps to use the
same set of credentials with user consent.
Use the Android Keystore provider to let an individual app store its own
credentials that only the app itself can access.
This provides a way for apps to manage credentials that are usable
only by itself while providing the same security benefits that the
KeyChain
API provides for system-wide
credentials. This method requires no user interaction to select the credentials.
Using Android Keystore Provider
To use this feature, you use the standard
KeyStore
and
KeyPairGenerator
classes along with the
AndroidKeyStore
provider introduced in Android 4.3 (API level 18).
AndroidKeyStore
is registered as a
KeyStore
type for use with the
KeyStore.getInstance(type)
method and as a provider for use with the
KeyPairGenerator.getInstance(algorithm, provider)
method.
Generating a New Private Key
Generating a new
PrivateKey
requires that
you also specify the initial X.509 attributes that the self-signed
certificate will have. You can replace the certificate at a later
time with a certificate signed by a Certificate Authority.
To generate the key, use a
KeyPairGenerator
with
KeyPairGeneratorSpec
:
/* * Generate a new entry in the KeyStore by using the * KeyPairGenerator API. We have to specify the attributes for a * self-signed X.509 certificate here so the KeyStore can attach * the public key part to it. It can be replaced later with a * certificate signed by a Certificate Authority (CA) if needed. */ Calendar cal = Calendar.getInstance(); Date now = cal.getTime(); cal.add(Calendar.YEAR, 1); Date end = cal.getTime(); KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore"); kpg.initialize(new KeyPairGeneratorSpec.Builder(getApplicationContext()) .setAlias(alias) .setStartDate(now) .setEndDate(end) .setSerialNumber(BigInteger.valueOf(1)) .setSubject(new X500Principal("CN=test1")) .build()); KeyPair kp = kpg.generateKeyPair();
Working with Keystore Entries
Using the
AndroidKeyStore
provider takes place through
all the standard
KeyStore
APIs.
Listing Entries
List entries in the keystore by calling the
aliases()
method:
/* * Load the Android KeyStore instance using the the * "AndroidKeyStore" provider to list out what entries are * currently stored. */ KeyStore ks = KeyStore.getInstance("AndroidKeyStore"); ks.load(null); Enumeration<String> aliases = ks.aliases();
Signing and Verifying Data
Sign data by fetching the
KeyStore.Entry
from the keystore and using the
Signature
APIs, such as
sign()
:
/* * Use a PrivateKey in the KeyStore to create a signature over * some data. */ KeyStore ks = KeyStore.getInstance("AndroidKeyStore"); ks.load(null); KeyStore.Entry entry = ks.getEntry(alias, null); if (!(entry instanceof PrivateKeyEntry)) { Log.w(TAG, "Not an instance of a PrivateKeyEntry"); return null; } Signature s = Signature.getInstance("SHA256withRSA"); s.initSign(((PrivateKeyEntry) entry).getPrivateKey()); s.update(data); byte[] signature = s.sign();
Similarly, verify data with the
verify(byte[])
method:
/* * Verify a signature previously made by a PrivateKey in our * KeyStore. This uses the X.509 certificate attached to our * private key in the KeyStore to validate a previously * generated signature. */ KeyStore ks = KeyStore.getInstance("AndroidKeyStore"); ks.load(null); KeyStore.Entry entry = ks.getEntry(alias, null); if (!(entry instanceof PrivateKeyEntry)) { Log.w(TAG, "Not an instance of a PrivateKeyEntry"); return false; } Signature s = Signature.getInstance("SHA256withRSA"); s.initVerify(((PrivateKeyEntry) entry).getCertificate()); s.update(data); boolean valid = s.verify(signature);