The Android Keystore system allows you to store encryption keys in a container, making it more difficult to extract the keys from the device. After the keys are in the keystore, they can be used in cryptographic operations, but the key material remains unexportable. In addition, it provides restrictions on when and how the key can be used, such as requiring user authentication to use the key, or limiting its use to only certain encryption modes.
The keystore system does not allow programs to directly store private information of the program, such as user account passwords. It provides a key security container to protect key materials from unauthorized use. , an application can store multiple keys in the keystore and only allow the application itself to access it. The application can generate, store, and obtain the public key or private key stored in the keystore system, so it can use the key The key in the library system is used to encrypt the data.
The keystore system is used by the KeyChain API and the Android Keystore Provider feature introduced in Android 4.3 (API level 18).
The Android system provides the following KeyStore types:
For detailed descriptions of various types, please refer to: /openjdk-redirect.html?v=8&path=/technotes/guides/security /StandardNames.html#KeyStore
First create an Activity and customize the layout to implement several functions from the page
Rendering:
Description:
1. Enter the name of the key to be added in the input box, click the Add button to add a new key;
2. Enter the name of the key to be deleted in the input box, and click the Delete button Delete an existing key;
3. The data plaintext is specified here. Click the item in the key list to select the specified key, which is used to use the key for encryption and decryption. Select the encryption key. After entering the key, you can click the encryption button to encrypt. After encryption, you can click the decryption button to decrypt;
4. The key list displays the keys generated by the current application in the key database system, and long press can delete them. Key;
MainActivity
Keystore system tool class
When generating the key, X500Principal is used to specify the self-signed certificate, and the parameters represent respectively
CN: Common Name
O: Organization
OU: Organizational Unit
C: Country
And specify the key Validity time, and specifies the serial number of the self-signed certificate used to generate the key pair.
This specifies the generation of RSA keys through the keystore system.
First retrieve the key from the keystore and use the public key to encrypt
First retrieve the key from the keystore and use the private key to decrypt
Use the key to sign the data, and the signature algorithm must be consistent with the secret key algorithm.
Use a key to sign and authenticate data, and the signature algorithm must be consistent with the secret key algorithm.
For the algorithms supported by the keystore, please refer to: /training/articles/keystore
Demo link: /samlss/KeyStore