There is a problem in 4.1 with apps that need to create a signature using a
private key in the keychain. In particular, apps that establish SSL client
sessions (such as OpenVPN) would use code such as this to allow an SSL
negotiation to use a client cert/key from the keychain:
import java.security.PrivateKey;
import javax.crypto.Cipher;
. . .
PrivateKey privateKey = KeyChain.getPrivateKey(context, alias);
if (privateKey) {
byte[] data;
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1PADDING");
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
byte[] signed_bytes = cipher.doFinal(data);
}
This code now fails badly on 4.1 (testing on Nexus 7) even
though KeyChain.getPrivateKey returns a non-null value for privateKey. It
not only fails to work, but causes a segfault later when privateKey is
garbage collected.
I understand that on 4.1, private keys might be offloaded to hardware, but
still the code above should work because it's not accessing the key
directly -- it is only performing an encrypt operation using the key.
What is the proper way to do this on 4.1?
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
