个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
25
4
我正在开发一个需要非常安全的应用程序,因此我们希望使用 Android Keystore 来帮助使某些事情变得更安全,例如后端的 accessTokens。
我已经尝试过实现其中的一些,它似乎可以工作,但我主要是根据示例工作,主要是 Securely Storing Keys in Android Keystore
这是我的一些代码:
object AndroidKeyStore {
const val ANDROID_KEY_STORE = "AndroidKeyStore"
const val AES_MODE = "AES/GCM/NoPadding"
private var iv: ByteArray = byteArrayOf(55, 54, 53, 52, 51, 50, 49, 48, 47, 46, 45, 44)
//IS IT SAFE TO HAVE THIS HERE?
const val SECRET_ALIAS = "TEST"
private fun generateSecretKey(keyAlias: String): SecretKey {
val keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, ANDROID_KEY_STORE)
val spec = KeyGenParameterSpec.Builder(keyAlias, KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_GCM)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
.setRandomizedEncryptionRequired(false)
.build()
keyGenerator.init(spec)
return keyGenerator.generateKey()
}
private fun getSecretKey(keyAlias: String): SecretKey {
val keyStore = KeyStore.getInstance(ANDROID_KEY_STORE).apply { load(null) }
if (keyStore.getEntry(keyAlias, null) != null) {
val secretKeyEntry = keyStore.getEntry(keyAlias, null) as KeyStore.SecretKeyEntry
return secretKeyEntry.secretKey ?: generateSecretKey(keyAlias)
}
return generateSecretKey(keyAlias)
}
fun encrypt(data: String): String {
val cipher = Cipher.getInstance(AES_MODE)
cipher.init(Cipher.ENCRYPT_MODE, getSecretKey(SECRET_ALIAS), GCMParameterSpec(128, iv))
iv = cipher.iv
val encodedBytes = cipher.doFinal(data.toByteArray())
return Base64.encodeToString(encodedBytes, Base64.NO_WRAP)
}
fun decrypt(encrypted: String): String {
val cipher = Cipher.getInstance(AES_MODE)
val spec = GCMParameterSpec(128, iv)
cipher.init(Cipher.DECRYPT_MODE, getSecretKey(SECRET_ALIAS), spec)
val encodedBytes = Base64.decode(encrypted, Base64.NO_WRAP)
val decoded = cipher.doFinal(encodedBytes)
return String(decoded, Charsets.UTF_8)
}
object SecurePreferenceUtils {
enum class SecurePreferenceKeys {
AccessToken, Test
}
fun putString(key: SecurePreferenceKeys, value: String) {
SecurePrefs.securePreferences.edit().putString(key.name, value).commit()
}
fun getString(key: SecurePreferenceKeys, defaultValue: String): String {
return SecurePrefs.securePreferences.getString(key.name, defaultValue) ?: ""
}
object SecurePrefs {
lateinit var securePreferences: SecurePreferences
}
SecurePreferenceUtils.putString(SecurePreferenceUtils.SecurePreferenceKeys.AccessToken, AndroidKeyStore.encrypt(""))
val token = AndroidKeyStore.decrypt(SecurePreferenceUtils.getString(SecurePreferenceUtils.SecurePreferenceKeys.AccessToken, AndroidKeyStore.encrypt("")))
最佳答案
别名 对一个键是唯一的,如果要存储用户名和密码,则需要 2 个唯一别名
在这里,我从资源 xml 文件中获取它
它是任何唯一的字符串值
<resources>
<string name="app_name">Data_Persistent</string>
<string name="app_package">com.aprorit.keystoreexample</string>
</resources>
If SDK is less than 18, here I'm using shared preferences sinceKeystore available 18 upward. And decoding to base64 and store it
If SDK is 18 and above, use Keystore
private const val PASSWORD_KEY = "password"
private val passwordStorage: PasswordStorageHelper = PasswordStorageHelper(context)
fun savePassword(password: String) {
passwordStorage.setData(PASSWORD_KEY, password.toByteArray())
}
fun getPassword() : String {
return String((passwordStorage.getData(PASSWORD_KEY) ?: ByteArray(0)))
}
fun removePassword() {
passwordStorage.remove(PASSWORD_KEY)
}
import android.content.Context
import android.content.SharedPreferences
import android.os.Build
import android.security.KeyChain
import android.security.keystore.KeyGenParameterSpec
import android.security.keystore.KeyInfo
import android.security.keystore.KeyProperties
import android.util.Base64
import android.util.Log
import androidx.annotation.RequiresApi
import com.example.data_persistent.R
import java.io.IOException
import java.math.BigInteger
import java.security.*
import java.security.cert.CertificateException
import java.security.spec.AlgorithmParameterSpec
import java.security.spec.InvalidKeySpecException
import java.util.*
import javax.crypto.BadPaddingException
import javax.crypto.Cipher
import javax.crypto.IllegalBlockSizeException
import javax.crypto.NoSuchPaddingException
import javax.security.auth.x500.X500Principal
class PasswordStorageHelper(context: Context) {
private val tag = "PasswordStorageHelper"
private val PREFS_NAME = "SecureData"
private var passwordStorage: PasswordStorageInterface?
init {
passwordStorage = if (Build.VERSION.SDK_INT < 18) {
PasswordStorageHelperSDK16();
} else {
PasswordStorageHelperSDK18();
}
var isInitialized: Boolean? = false;
try {
isInitialized = passwordStorage?.init(context);
} catch (ex: Exception) {
Log.e(tag, "PasswordStorage initialisation error:" + ex.message, ex);
}
if (isInitialized != true && passwordStorage is PasswordStorageHelperSDK18) {
passwordStorage = PasswordStorageHelperSDK16();
passwordStorage?.init(context);
}
}
fun setData(key: String?, data: ByteArray?) {
passwordStorage?.setData(key!!, data ?: ByteArray(0))
}
fun getData(key: String?): ByteArray? {
return passwordStorage?.getData(key ?: "")
}
fun remove(key: String?) {
passwordStorage?.remove(key ?: "")
}
private interface PasswordStorageInterface {
fun init(context: Context?): Boolean
fun setData(key: String?, data: ByteArray?)
fun getData(key: String?): ByteArray?
fun remove(key: String?)
}
private inner class PasswordStorageHelperSDK16 : PasswordStorageInterface {
private var preferences: SharedPreferences? = null
override fun init(context: Context?): Boolean {
preferences = context?.getSharedPreferences(PREFS_NAME, Context.MODE_PRIVATE)
return true
}
override fun setData(key: String?, data: ByteArray?) {
if (data == null) return
val editor = preferences?.edit()
editor?.putString(key, Base64.encodeToString(data, Base64.DEFAULT))
editor?.apply()
}
override fun getData(key: String?): ByteArray? {
val res = preferences?.getString(key, null) ?: return null
return Base64.decode(res, Base64.DEFAULT)
}
override fun remove(key: String?) {
val editor = preferences?.edit()
editor?.remove(key)
editor?.apply()
}
}
private inner class PasswordStorageHelperSDK18 : PasswordStorageInterface {
private val KEY_ALGORITHM_RSA: String = "RSA";
private val KEYSTORE_PROVIDER_ANDROID_KEYSTORE: String = "AndroidKeyStore";
private val RSA_ECB_PKCS1_PADDING: String = "RSA/ECB/PKCS1Padding";
private var preferences: SharedPreferences? = null;
private var alias: String? = null;
@RequiresApi(Build.VERSION_CODES.JELLY_BEAN_MR2)
override fun init(context: Context?): Boolean {
preferences = context?.getSharedPreferences(PREFS_NAME, Context.MODE_PRIVATE);
alias = context?.getString(R.string.app_package);
val ks: KeyStore?
try {
ks = KeyStore.getInstance(KEYSTORE_PROVIDER_ANDROID_KEYSTORE);
//Use null to load Keystore with default parameters.
ks?.load(null);
// Check if Private and Public already keys exists. If so we don't need to generate them again
val privateKey: Key? = ks?.getKey(alias, null);
if (privateKey != null && ks.getCertificate(alias) != null) {
val publicKey: PublicKey? = ks.getCertificate(alias).publicKey;
if (publicKey != null) {
// All keys are available.
return true;
}
}
} catch (ex: Exception) {
return false;
}
// Create a start and end time, for the validity range of the key pair that's about to be
// generated.
val start = GregorianCalendar();
val end = GregorianCalendar();
end.add(Calendar.YEAR, 10);
// Specify the parameters object which will be passed to KeyPairGenerator
val spec: AlgorithmParameterSpec?
if (Build.VERSION.SDK_INT < 23) {
spec = context?.let {
android.security.KeyPairGeneratorSpec.Builder(it)
// Alias - is a key for your KeyPair, to obtain it from Keystore in future.
.setAlias(alias ?: "")
// The subject used for the self-signed certificate of the generated pair
.setSubject(X500Principal("CN=$alias"))
// The serial number used for the self-signed certificate of the generated pair.
.setSerialNumber(BigInteger.valueOf(1337))
// Date range of validity for the generated pair.
.setStartDate(start.time).setEndDate(end.time)
.build()
};
} else {
spec = KeyGenParameterSpec.Builder(alias ?: "", KeyProperties.PURPOSE_DECRYPT)
.setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1)
.build();
}
// Initialize a KeyPair generator using the the intended algorithm (in this example, RSA
// and the KeyStore. This example uses the AndroidKeyStore.
val kpGenerator: KeyPairGenerator
try {
kpGenerator = KeyPairGenerator.getInstance(KEY_ALGORITHM_RSA, KEYSTORE_PROVIDER_ANDROID_KEYSTORE);
kpGenerator.initialize(spec);
// Generate private/public keys
kpGenerator.generateKeyPair();
} catch (e: Exception) {
when (e) {
is NoSuchAlgorithmException, is InvalidAlgorithmParameterException, is NoSuchProviderException -> {
try {
ks?.deleteEntry(alias)
} catch (e1: Exception) {
// Just ignore any errors here
}
}
}
}
// Check if device support Hardware-backed keystore
try {
var isHardwareBackedKeystoreSupported: Boolean? = null
isHardwareBackedKeystoreSupported = if (Build.VERSION.SDK_INT < 23) {
KeyChain.isBoundKeyAlgorithm(KeyProperties.KEY_ALGORITHM_RSA)
} else {
val privateKey: Key = ks.getKey(alias, null)
//KeyChain.isBoundKeyAlgorithm(KeyProperties.KEY_ALGORITHM_RSA)
val keyFactory: KeyFactory = KeyFactory.getInstance(privateKey.algorithm, "AndroidKeyStore")
val keyInfo: KeyInfo = keyFactory.getKeySpec(privateKey, KeyInfo::class.java)
keyInfo.isInsideSecureHardware
}
Log.d(tag, "Hardware-Backed Keystore Supported: $isHardwareBackedKeystoreSupported");
} catch (e: Exception) {
//KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | InvalidKeySpecException | NoSuchProviderException e
}
return true;
}
override fun setData(key: String?, data: ByteArray?) {
var ks: KeyStore? = null;
try {
ks = KeyStore.getInstance(KEYSTORE_PROVIDER_ANDROID_KEYSTORE);
ks.load(null);
if (ks.getCertificate(alias) == null) return;
val publicKey: PublicKey? = ks.getCertificate(alias).publicKey;
if (publicKey == null) {
Log.d(tag, "Error: Public key was not found in Keystore");
return;
}
val value: String = encrypt(publicKey, data);
val editor: SharedPreferences.Editor? = preferences?.edit();
editor?.putString(key, value);
editor?.apply();
} catch (e: Exception) {
when (e) {
is NoSuchAlgorithmException, is InvalidKeyException, is NoSuchPaddingException,
is IllegalBlockSizeException, is BadPaddingException, is NoSuchProviderException,
is InvalidKeySpecException, is KeyStoreException, is CertificateException, is IOException -> {
try {
ks?.deleteEntry(alias)
} catch (e1: Exception) {
// Just ignore any errors here
}
}
}
}
}
override fun getData(key: String?): ByteArray? {
var ks: KeyStore? = null;
try {
ks = KeyStore.getInstance(KEYSTORE_PROVIDER_ANDROID_KEYSTORE);
ks.load(null);
val privateKey: Key = ks.getKey(alias, null);
return decrypt(privateKey, preferences?.getString(key, null));
} catch (e: Exception) {
//KeyStoreException | NoSuchAlgorithmException | CertificateException | IOException
// | UnrecoverableEntryException | InvalidKeyException | NoSuchPaddingException
// | IllegalBlockSizeException | BadPaddingException | NoSuchProviderException
try {
ks?.deleteEntry(alias);
} catch (e1: Exception) {
// Just ignore any errors here
}
}
return null;
}
override fun remove(key: String?) {
val editor: SharedPreferences.Editor? = preferences?.edit();
editor?.remove(key);
editor?.apply();
}
private fun encrypt(encryptionKey: PublicKey, data: ByteArray?): String {
val cipher: Cipher = Cipher.getInstance(RSA_ECB_PKCS1_PADDING);
cipher.init(Cipher.ENCRYPT_MODE, encryptionKey);
val encrypted: ByteArray = cipher.doFinal(data);
return Base64.encodeToString(encrypted, Base64.DEFAULT);
}
private fun decrypt(decryptionKey: Key, encryptedData: String?): ByteArray? {
if (encryptedData == null) return null;
val encryptedBuffer: ByteArray = Base64.decode(encryptedData, Base64.DEFAULT);
val cipher: Cipher = Cipher.getInstance(RSA_ECB_PKCS1_PADDING);
cipher.init(Cipher.DECRYPT_MODE, decryptionKey);
return cipher.doFinal(encryptedBuffer);
}
}
}
关于kotlin 中的 Android keystore ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56132679/
25
4
0
我最近在/ drawable中添加了一些.gifs,以便可以将它们与按钮一起使用。这个工作正常(没有错误)。现在,当我重建/运行我的应用程序时,出现以下错误: Error: Gradle: Execu
Android 中有返回内部存储数据路径的方法吗? 我有 2 部 Android 智能手机(Samsung s2 和 s7 edge),我在其中安装了一个应用程序。我想使用位于这条路径中的 sqlit
这个问题在这里已经有了答案: What's the difference between "?android:" and "@android:" in an android layout xml f
我只想知道 android 开发手机、android 普通手机和 android root 手机之间的实际区别。 我们不能从实体店或除 android marketplace 以外的其他地方购买开发手
自Gradle更新以来,我正在努力使这个项目达到标准。这是一个团队项目,它使用的是android-apt插件。我已经进行了必要的语法更改(编译->实现和apt->注释处理器),但是编译器仍在告诉我存在
我是android和kotlin的新手,所以请原谅要解决的一个非常简单的问题! 我已经使用导航体系结构组件创建了一个基本应用程序,使用了底部的导航栏和三个导航选项。每个导航选项都指向一个专用片段,该片
我目前正在使用 Facebook official SDK for Android . 我现在正在使用高级示例应用程序,但我不知道如何让它获取应用程序墙/流/状态而不是登录的用户。 这可能吗?在那种情
我在下载文件时遇到问题, 我可以在模拟器中下载文件,但无法在手机上使用。我已经定义了上网和写入 SD 卡的权限。 我在服务器上有一个 doc 文件,如果用户单击下载。它下载文件。这在模拟器中工作正常但
这个问题在这里已经有了答案: What is the difference between gravity and layout_gravity in Android? (22 个答案) 关闭 9
任何人都可以告诉我什么是 android 缓存和应用程序缓存,因为当我们谈论缓存清理应用程序时,它的作用是,缓存清理概念是清理应用程序缓存还是像内存管理一样主存储、RAM、缓存是不同的并且据我所知,缓
假设应用程序 Foo 和 Eggs 在同一台 Android 设备上。任一应用程序都可以获取设备上所有应用程序的列表。一个应用程序是否有可能知道另一个应用程序是否已经运行以及运行了多长时间? 最佳答案
我有点困惑,我只看到了从 android 到 pc 或者从 android 到 pc 的例子。我需要制作一个从两部手机 (android) 连接的 android 应用程序进行视频聊天。我在想,我知道
用于使用 Android 以编程方式锁定屏幕。我从 Stackoverflow 之前关于此的问题中得到了一些好主意,并且我做得很好,但是当我运行该代码时,没有异常和错误。而且,屏幕没有锁定。请在这段代
文档说: android:layout_alignParentStart If true, makes the start edge of this view match the start edge
我不知道这两个属性和高度之间的区别。 以一个TextView为例,如果我将它的layout_width设置为wrap_content,并将它的width设置为50 dip,会发生什么情况? 最佳答案
这两个属性有什么关系?如果我有 android:noHistory="true",那么有 android:finishOnTaskLaunch="true" 有什么意义吗? 最佳答案 假设您的应用中有
我是新手,正在尝试理解以下 XML 代码: 查看 developer.android.com 上的文档,它说“starStyle”是 R.attr 中的常量, public static final
在下面的代码中,为什么当我设置时单选按钮的外观会发生变化 android:layout_width="fill_parent" 和 android:width="fill_parent" 我说的是
很难说出这里要问什么。这个问题模棱两可、含糊不清、不完整、过于宽泛或夸夸其谈,无法以目前的形式得到合理的回答。如需帮助澄清此问题以便重新打开,visit the help center . 关闭 9
假设我有一个函数 fun myFunction(name:String, email:String){},当我调用这个函数时 myFunction('Ali', 'ali@test.com ') 如何
我是一名优秀的程序员,十分优秀!