public IKey GetPublicKey()
{
if (!_androidKeyStore.ContainsAlias(_keyName))
{
return(null);
}
return(_androidKeyStore.GetCertificate(_keyName)?.PublicKey);
}
public bool DeleteKey()
{
if (!_androidKeyStore.ContainsAlias(_keyAlias))
{
return(false);
}
_androidKeyStore.DeleteEntry(_keyAlias);
return(true);
}
/// <summary>
/// Load RSA key pair from KeyStore
/// </summary>
private static void AccessKeyStore()
{
if (_keyStore.ContainsAlias(ALIAS))
{
IPrivateKey privateKey = (_keyStore.GetEntry(ALIAS, null) as KeyStore.PrivateKeyEntry).PrivateKey;
IPublicKey publicKey = _keyStore.GetCertificate(ALIAS).PublicKey;
_keyPair = new KeyPair(publicKey, privateKey);
}
}
public KeyStoreCryptoService()
{
_keyStore = KeyStore.GetInstance("AndroidKeyStore");
_keyStore.Load(null);
if (!_keyStore.ContainsAlias(_alias))
{
CreateNewKey(_alias);
}
}
/// <exception cref="System.IO.IOException"/>
public override CredentialProvider.CredentialEntry GetCredentialEntry(string alias
)
{
readLock.Lock();
try
{
SecretKeySpec key = null;
try
{
if (cache.Contains(alias))
{
return(cache[alias]);
}
if (!keyStore.ContainsAlias(alias))
{
return(null);
}
key = (SecretKeySpec)keyStore.GetKey(alias, password);
}
catch (KeyStoreException e)
{
throw new IOException("Can't get credential " + alias + " from " + GetPathAsString
(), e);
}
catch (NoSuchAlgorithmException e)
{
throw new IOException("Can't get algorithm for credential " + alias + " from " +
GetPathAsString(), e);
}
catch (UnrecoverableKeyException e)
{
throw new IOException("Can't recover credential " + alias + " from " + GetPathAsString
(), e);
}
return(new CredentialProvider.CredentialEntry(alias, BytesToChars(key.GetEncoded(
))));
}
finally
{
readLock.Unlock();
}
}
private void GenerateStoreKey(bool withDate)
{
if (_keyStore.ContainsAlias(KeyAlias))
{
return;
}
ClearSettings();
var end = Calendar.Instance;
end.Add(CalendarField.Year, 99);
if (_oldAndroid)
{
var subject = new X500Principal($"CN={KeyAlias}");
var builder = new KeyPairGeneratorSpec.Builder(Application.Context)
.SetAlias(KeyAlias)
.SetSubject(subject)
.SetSerialNumber(BigInteger.Ten);
if (withDate)
{
builder.SetStartDate(new Date(0)).SetEndDate(end.Time);
}
var spec = builder.Build();
var gen = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, AndroidKeyStore);
gen.Initialize(spec);
gen.GenerateKeyPair();
}
else
{
var builder = new KeyGenParameterSpec.Builder(KeyAlias, KeyStorePurpose.Decrypt | KeyStorePurpose.Encrypt)
.SetBlockModes(KeyProperties.BlockModeGcm)
.SetEncryptionPaddings(KeyProperties.EncryptionPaddingNone);
if (withDate)
{
builder.SetKeyValidityStart(new Date(0)).SetKeyValidityEnd(end.Time);
}
var spec = builder.Build();
var gen = KeyGenerator.GetInstance(KeyProperties.KeyAlgorithmAes, AndroidKeyStore);
gen.Init(spec);
gen.GenerateKey();
}
}
private void PrepareKeyStore()
{
_keyStore = KeyStore.GetInstance(AndroidKeyStoreKey);
_keyStore.Load(null);
if (_keyStore.ContainsAlias(ProtectedDataKey))
{
_keyStore.GetKey(ProtectedDataKey, null);
}
else
{
var context = global::Android.App.Application.Context;
// thanks to https://dzone.com/articles/xamarin-android-asymmetric-encryption-without-any
var keyGenerator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, AndroidKeyStoreKey);
if (_sdkLessThan23)
{
var calendar = Calendar.GetInstance(context.Resources.Configuration.Locale);
var endDate = Calendar.GetInstance(context.Resources.Configuration.Locale);
endDate.Add(CalendarField.Year, 20);
#pragma warning disable 618
var builder = new KeyPairGeneratorSpec.Builder(context)
#pragma warning restore 618
.SetAlias(ProtectedDataKey)
.SetSerialNumber(BigInteger.One)
.SetSubject(new X500Principal($"CN={ProtectedDataKey} CA Certificate"))
.SetStartDate(calendar.Time)
.SetEndDate(endDate.Time)
.SetKeySize(2048);
keyGenerator.Initialize(builder.Build());
}
else
{
var builder = new KeyGenParameterSpec.Builder(ProtectedDataKey, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt)
.SetBlockModes(KeyProperties.BlockModeEcb)
.SetEncryptionPaddings(KeyProperties.EncryptionPaddingRsaPkcs1)
.SetRandomizedEncryptionRequired(false)
.SetKeySize(2048);
keyGenerator.Initialize(builder.Build());
}
keyGenerator.GenerateKeyPair();
}
}
//###############################################################################
public SecureEncryptor(Context context)
{
_context = context;
storeObject = KeyStore.GetInstance(AndroidKeyStore);
storeObject.Load(null);
if (!storeObject.ContainsAlias(KEYALIAS_CREDENTIALS))
{
CreateKey_Credentials();
}
Key_private = storeObject.GetKey(KEYALIAS_CREDENTIALS, null);
Key_public = storeObject.GetCertificate(KEYALIAS_CREDENTIALS)?.PublicKey;
}
private void GenerateRSAKeyPairs(string alias)
{
// Generate the RSA key pairs
if (!_keyStore.ContainsAlias(alias))
{
// Generate a key pair for encryption
var start = Calendar.GetInstance(Locale.English);
var end = Calendar.GetInstance(Locale.English);
end.Add(CalendarField.Year, 30);
var spec = new KeyPairGeneratorSpec.Builder(_context)
.SetAlias(alias)
.SetSubject(new X500Principal("CN=" + alias))
.SetSerialNumber(BigInteger.Ten)
.SetStartDate(start.Time)
.SetEndDate(end.Time)
.Build();
var kpg = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, AndroidKeyStore);
kpg.Initialize(spec);
kpg.GenerateKeyPair();
}
}
public SecureStorage_Droid()
{
_keyStore = KeyStore.GetInstance(_droidKeyStore);
_keyStore.Load(null);
// Check if the RSA Key for encryptiong the stored credentials already exists
// Typically, this needs to be created when the database and its corresponding keys is generated on first App launch
if (!_keyStore.ContainsAlias(_secureStoredKeyAlias))
{
// We have to check the API level to avoid using deprecated methods when not needed
if ((int)Build.VERSION.SdkInt > 22)
{
GenerateAESKey_New();
}
else
{
GenerateRSAKey();
GenerateAESKey_Depr();
}
}
}
public bool Contains(string key)
{
return(keyStore.ContainsAlias(key));
}