On Fri, Oct 5, 2012 at 2:40 PM, James Yonan <[email protected]> wrote:
> PrivateKey privateKey = KeyChain.getPrivateKey(context, alias);
> if (privateKey) {
> byte[] data;
> Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1PADDING");
> cipher.init(Cipher.ENCRYPT_MODE, privateKey);
> byte[] signed_bytes = cipher.doFinal(data);
> }
>
> This code now fails badly on 4.1 (testing on Nexus 7) even though
> KeyChain.getPrivateKey returns a non-null value for privateKey. It not only
> fails to work, but causes a segfault later when privateKey is garbage
> collected.
>
> I understand that on 4.1, private keys might be offloaded to hardware, but
> still the code above should work because it's not accessing the key directly
> -- it is only performing an encrypt operation using the key.
Not quite. You are feeding it to the Bouncy Castle provider, which knows
nothing about native keys and thus cannot use your key. I agree that it
should be better documented, but the new OpenSSL engine supports
only signing, verifying and key import. It should work if you use the
Signature class. The segfault sounds bad though, can you reproduce
it consistently? You might want to post this on android-security as well,
a lot of the Google people responsible for this seem to monitor it.
>
> What is the proper way to do this on 4.1?
>
Does using the Signature class not work for you?
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
