void CreateSecretKey(string storeKeyName, bool isInvalidatedByBiometricEnrollment) { try { keyStore.Load(null); KeyGenParameterSpec.Builder keyParamBuilder = null; if (Build.VERSION.SdkInt >= BuildVersionCodes.M) { keyParamBuilder = new KeyGenParameterSpec.Builder(storeKeyName, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt) .SetBlockModes(KeyProperties.BlockModeCbc) // This key is authorized to be used only if the user has been authenticated. .SetUserAuthenticationRequired(isUserAuthenticationRequired) .SetEncryptionPaddings(KeyProperties.EncryptionPaddingPkcs7); } if (Build.VERSION.SdkInt >= BuildVersionCodes.N) { keyParamBuilder.SetInvalidatedByBiometricEnrollment(isInvalidatedByBiometricEnrollment); } if (Build.VERSION.SdkInt >= BuildVersionCodes.M) { keyGenerator.Init(keyParamBuilder.Build()); } keyGenerator.GenerateKey(); } catch (Java.Lang.Exception e) { if (e is NoSuchAlgorithmException || e is InvalidAlgorithmParameterException || e is CertificateException || e is IOException) { throw new RuntimeException("Failed to create secret key. " + e.Message, e); } } }
ISecretKey GetKey() { if (Build.VERSION.SdkInt < BuildVersionCodes.M) { return(null); } IKey existingKey = keyStore.GetKey(alias, null); if (existingKey != null) { ISecretKey existingSecretKey = existingKey.JavaCast <ISecretKey>(); return(existingSecretKey); } var keyGenerator = KeyGenerator.GetInstance(KeyProperties.KeyAlgorithmAes, androidKeyStore); var builder = new KeyGenParameterSpec.Builder(alias, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt) .SetBlockModes(KeyProperties.BlockModeGcm) .SetEncryptionPaddings(KeyProperties.EncryptionPaddingNone) .SetRandomizedEncryptionRequired(false); keyGenerator.Init(builder.Build()); return(keyGenerator.GenerateKey()); }
public void CreateKeyPair() { DeleteKey(); KeyPairGenerator keyGenerator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, KEYSTORE_NAME); if (Build.VERSION.SdkInt >= BuildVersionCodes.JellyBeanMr2 && Build.VERSION.SdkInt <= BuildVersionCodes.LollipopMr1) { var calendar = Calendar.GetInstance(_context.Resources.Configuration.Locale); var endDate = Calendar.GetInstance(_context.Resources.Configuration.Locale); endDate.Add(CalendarField.Year, 20); //this API is obsolete after Android M, but I am supporting Android L #pragma warning disable 618 var builder = new KeyPairGeneratorSpec.Builder(_context) #pragma warning restore 618 .SetAlias(_keyName).SetSerialNumber(BigInteger.One) .SetSubject(new X500Principal($"CN={_keyName} CA Certificate")) .SetStartDate(calendar.Time) .SetEndDate(endDate.Time).SetKeySize(KeySize); keyGenerator.Initialize(builder.Build()); } else if (Build.VERSION.SdkInt >= BuildVersionCodes.M) { var builder = new KeyGenParameterSpec.Builder(_keyName, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt) .SetBlockModes(KeyProperties.BlockModeEcb) .SetEncryptionPaddings(KeyProperties.EncryptionPaddingRsaPkcs1) .SetRandomizedEncryptionRequired(false).SetKeySize(KeySize); keyGenerator.Initialize(builder.Build()); } keyGenerator.GenerateKeyPair(); }
void CreateKey() { KeyGenerator keyGen = KeyGenerator.GetInstance(KeyProperties.KeyAlgorithmAes, KEYSTORE_NAME); KeyGenParameterSpec keyGenSpec = new KeyGenParameterSpec.Builder(KEY_NAME, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt) .SetBlockModes(BLOCK_MODE).SetEncryptionPaddings(ENCRYPTION_PADDING) .SetUserAuthenticationRequired(true) .Build(); keyGen.Init(keyGenSpec); keyGen.GenerateKey(); }
private void CreateNewKey(string alias) { KeyGenParameterSpec spec = new KeyGenParameterSpec.Builder(alias, KeyStorePurpose.Decrypt | KeyStorePurpose.Encrypt) .SetBlockModes(KeyProperties.BlockModeCbc) .SetEncryptionPaddings(KeyProperties.EncryptionPaddingRsaPkcs1) .Build(); KeyPairGenerator generator = KeyPairGenerator.GetInstance("RSA", "AndroidKeyStore"); generator.Initialize(spec); generator.GenerateKeyPair(); }
void CreateKey() { var keyGen = KeyGenerator.GetInstance(KeyProperties.KeyAlgorithmAes, KeyStoreName); var keyGenSpec = new KeyGenParameterSpec.Builder(KeyName, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt) .SetBlockModes(BlockMode) .SetEncryptionPaddings(EncryptionPadding) .SetUserAuthenticationRequired(true) .Build(); keyGen.Init(keyGenSpec); keyGen.GenerateKey(); }
private static void GenerateKey() { var spec = new KeyGenParameterSpec.Builder(KeyAlias, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt) .SetBlockModes(BlockMode) .SetEncryptionPaddings(Padding) .SetUserAuthenticationRequired(true) .Build(); var generator = KeyGenerator.GetInstance(Algorithm, KeyStoreName); generator.Init(spec); generator.GenerateKey(); }
private void CreateKey() { KeyGenerator keyGen = KeyGenerator.GetInstance(KeyProperties.KeyAlgorithmAes, KeyStoreName); KeyGenParameterSpec keyGenSpec = new KeyGenParameterSpec.Builder(KeyAlias, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt) .SetKeySize(256) .SetBlockModes(KeyProperties.BlockModeCbc) .SetEncryptionPaddings(KeyProperties.EncryptionPaddingPkcs7) .SetUserAuthenticationRequired(true) .Build(); keyGen.Init(keyGenSpec); keyGen.GenerateKey(); }
/// <summary> /// Creates the Key for fingerprint authentication. /// </summary> void CreateKey() { KeyGenerator keyGen = KeyGenerator.GetInstance(KeyProperties.KeyAlgorithmAes, _keystoreName); KeyGenParameterSpec keyGenSpec = new KeyGenParameterSpec.Builder(_keyName, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt) .SetBlockModes(_blockMode) .SetEncryptionPaddings(_encryptionPadding) .SetUserAuthenticationRequired(true) .Build(); keyGen.Init(keyGenSpec); keyGen.GenerateKey(); Logger.Debug("[CryptoHelper] New key created for fingerprint authentication."); }
public void SetBytes(string key, byte[] bytes) { var keyStore = KeyStore.GetInstance(KeyStoreType); keyStore.Load(null); var storeKey = keyStore.GetKey(Alias, null); if (storeKey == null) { var generator = KeyGenerator.GetInstance(KeyProperties.KeyAlgorithmAes, KeyStoreType); var spec = new KeyGenParameterSpec.Builder(Alias, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt) .SetBlockModes(KeyProperties.BlockModeGcm) .SetEncryptionPaddings(KeyProperties.EncryptionPaddingNone) .SetRandomizedEncryptionRequired(false) .Build(); generator.Init(spec); generator.GenerateKey(); storeKey = keyStore.GetKey(Alias, null); if (storeKey == null) { throw new InvalidOperationException("Failed KeyStore key generation."); } } var iv = new byte[IvLength]; var randam = new SecureRandom(); randam.NextBytes(iv); var cipher = Cipher.GetInstance(CipherTransformation); cipher.Init(CipherMode.EncryptMode, storeKey, new GCMParameterSpec(GcmTagLength, iv)); var encryptedBytes = cipher.DoFinal(bytes); var saveBytes = new byte[iv.Length + encryptedBytes.Length]; Array.Copy(iv, 0, saveBytes, 0, iv.Length); Array.Copy(encryptedBytes, 0, saveBytes, iv.Length, encryptedBytes.Length); var saveText = Convert.ToBase64String(saveBytes); var edit = sharedPreferences.Edit(); edit.PutString(key, saveText); edit.Commit(); }
private void GenerateStoreKey(bool withDate) { if (_keyStore.ContainsAlias(KeyAlias)) { return; } ClearSettings(); var end = Calendar.Instance; end.Add(CalendarField.Year, 99); if (_oldAndroid) { var subject = new X500Principal($"CN={KeyAlias}"); var builder = new KeyPairGeneratorSpec.Builder(Application.Context) .SetAlias(KeyAlias) .SetSubject(subject) .SetSerialNumber(BigInteger.Ten); if (withDate) { builder.SetStartDate(new Date(0)).SetEndDate(end.Time); } var spec = builder.Build(); var gen = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, AndroidKeyStore); gen.Initialize(spec); gen.GenerateKeyPair(); } else { var builder = new KeyGenParameterSpec.Builder(KeyAlias, KeyStorePurpose.Decrypt | KeyStorePurpose.Encrypt) .SetBlockModes(KeyProperties.BlockModeGcm) .SetEncryptionPaddings(KeyProperties.EncryptionPaddingNone); if (withDate) { builder.SetKeyValidityStart(new Date(0)).SetKeyValidityEnd(end.Time); } var spec = builder.Build(); var gen = KeyGenerator.GetInstance(KeyProperties.KeyAlgorithmAes, AndroidKeyStore); gen.Init(spec); gen.GenerateKey(); } }
private void PrepareKeyStore() { _keyStore = KeyStore.GetInstance(AndroidKeyStoreKey); _keyStore.Load(null); if (_keyStore.ContainsAlias(ProtectedDataKey)) { _keyStore.GetKey(ProtectedDataKey, null); } else { var context = global::Android.App.Application.Context; // thanks to https://dzone.com/articles/xamarin-android-asymmetric-encryption-without-any var keyGenerator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, AndroidKeyStoreKey); if (_sdkLessThan23) { var calendar = Calendar.GetInstance(context.Resources.Configuration.Locale); var endDate = Calendar.GetInstance(context.Resources.Configuration.Locale); endDate.Add(CalendarField.Year, 20); #pragma warning disable 618 var builder = new KeyPairGeneratorSpec.Builder(context) #pragma warning restore 618 .SetAlias(ProtectedDataKey) .SetSerialNumber(BigInteger.One) .SetSubject(new X500Principal($"CN={ProtectedDataKey} CA Certificate")) .SetStartDate(calendar.Time) .SetEndDate(endDate.Time) .SetKeySize(2048); keyGenerator.Initialize(builder.Build()); } else { var builder = new KeyGenParameterSpec.Builder(ProtectedDataKey, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt) .SetBlockModes(KeyProperties.BlockModeEcb) .SetEncryptionPaddings(KeyProperties.EncryptionPaddingRsaPkcs1) .SetRandomizedEncryptionRequired(false) .SetKeySize(2048); keyGenerator.Initialize(builder.Build()); } keyGenerator.GenerateKeyPair(); } }
private KeyPair GenerateKeyPair(string keyName, bool invalidatedByBiometricEnrollment) { var keyPairGenerator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmEc, KEY_STORE_NAME); var builder = new KeyGenParameterSpec.Builder(keyName, KeyStorePurpose.Sign) .SetAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")) .SetDigests(KeyProperties.DigestSha256, KeyProperties.DigestSha384, KeyProperties.DigestSha512) // Require the user to authenticate with a biometric to authorize every use of the key .SetUserAuthenticationRequired(true) // Generated keys will be invalidated if the biometric templates are added more to user device .SetInvalidatedByBiometricEnrollment(invalidatedByBiometricEnrollment); keyPairGenerator.Initialize(builder.Build()); return(keyPairGenerator.GenerateKeyPair()); }
/// <summary> /// To be added. /// </summary> /// <returns></returns> public static Javax.Crypto.ISecretKey GenerateKey(string keyStoreAlias) { var keyStore = Java.Security.KeyStore.GetInstance("AndroidKeyStore"); var keyGenerator = Javax.Crypto.KeyGenerator.GetInstance(KeyProperties.KeyAlgorithmAes, "AndroidKeyStore"); keyStore.Load(null); var keyParameterSpec = new KeyGenParameterSpec.Builder(keyStoreAlias, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt) .SetBlockModes(KeyProperties.BlockModeCbc) .SetUserAuthenticationRequired(true) .SetEncryptionPaddings(KeyProperties.EncryptionPaddingPkcs7) .Build(); keyGenerator.Init(keyParameterSpec); return(keyGenerator.GenerateKey()); }
private static void InitializePrivateKey() { var keyStore = KeyStore.GetInstance("AndroidKeyStore"); keyStore.Load(null); var entry = keyStore.GetEntry(Alias, null); if (entry != null && entry is KeyStore.SecretKeyEntry) { return; } var keyBuilder = KeyGenerator.GetInstance(KeyProperties.KeyAlgorithmAes, "AndroidKeyStore"); var spec = new KeyGenParameterSpec.Builder(Alias, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt).SetBlockModes(KeyProperties.BlockModeCbc).SetEncryptionPaddings(KeyProperties.EncryptionPaddingPkcs7).Build(); keyBuilder.Init(spec); keyBuilder.GenerateKey(); }
//API 23+ Only public ISecretKey GetSymmetricKey() { var existingkey = keyStore.GetKey(alias, null); if (existingkey != null) { var existingSecretKey = existingkey.JavaCast <ISecretKey>(); return(existingSecretKey); } var keyGenerator = KeyGenerator.GetInstance(KeyProperties.KeyAlgorithmAes, CONST_ANDROIDKEY); var builder = new KeyGenParameterSpec.Builder(alias, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt) .SetBlockModes(KeyProperties.BlockModeGcm) .SetEncryptionPaddings(KeyProperties.EncryptionPaddingNone) .SetRandomizedEncryptionRequired(false); keyGenerator.Init(builder.Build()); return(keyGenerator.GenerateKey()); }
/// <summary> /// Creates a symmetric key in the Android Key Store which can only be used after the user /// has authenticated with biometry. /// </summary> private void CreateKey() { try { _keystore.Load(null); KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(GetAlias(_keyId), KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt) .SetBlockModes(KeyProperties.BlockModeCbc) // Require the user to authenticate with biometry to authorize every use // of the key .SetEncryptionPaddings(KeyProperties.EncryptionPaddingPkcs7) .SetUserAuthenticationRequired(true); if ((int)Build.VERSION.SdkInt >= 24) { builder.SetInvalidatedByBiometricEnrollment(true); } _keyGen.Init( builder .Build()); _keyGen.GenerateKey(); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } catch (InvalidAlgorithmParameterException e) { throw new RuntimeException(e); } catch (CertificateException e) { throw new RuntimeException(e); } catch (IOException e) { throw new RuntimeException(e); } catch (System.Exception e) { Kp2aLog.LogUnexpectedError(e); } }
/// <summary> /// Creates a new public-private key pair. An already existing key will be deleted, so /// make sure to call <see cref="KeysExistInKeyStore"/> before. /// </summary> private void CreateKeyPairInKeyStore() { RemoveKeyFromKeyStore(); KeyPairGenerator keyGenerator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, KeyStoreName); if (Build.VERSION.SdkInt >= BuildVersionCodes.JellyBeanMr2 && Build.VERSION.SdkInt <= BuildVersionCodes.LollipopMr1) { Calendar startDateCalendar = Calendar.GetInstance(Locale.Default); startDateCalendar.Add(CalendarField.Year, -1); Calendar endDateCalendar = Calendar.GetInstance(Locale.Default); endDateCalendar.Add(CalendarField.Year, 100); string certificateName = string.Format("CN={0} CA Certificate", KeyAlias); // this API is obsolete after Android M, but we are supporting Android L #pragma warning disable 618 var builder = new KeyPairGeneratorSpec.Builder(_applicationContext) .SetAlias(KeyAlias) .SetSerialNumber(BigInteger.One) .SetSubject(new X500Principal(certificateName)) .SetStartDate(startDateCalendar.Time) .SetEndDate(endDateCalendar.Time) .SetKeySize(KeySize); #pragma warning restore 618 keyGenerator.Initialize(builder.Build()); } else if (Build.VERSION.SdkInt >= BuildVersionCodes.M) { Calendar endDateCalendar = Calendar.GetInstance(Locale.Default); endDateCalendar.Add(CalendarField.Year, 100); var builder = new KeyGenParameterSpec.Builder(KeyAlias, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt) .SetBlockModes(KeyProperties.BlockModeEcb) .SetEncryptionPaddings(KeyProperties.EncryptionPaddingRsaPkcs1) .SetCertificateNotAfter(endDateCalendar.Time) .SetKeySize(KeySize); keyGenerator.Initialize(builder.Build()); } // Key generator is initialized, generate the key keyGenerator.GenerateKeyPair(); }
private void CreateKey() { try { var keyGen = KeyGenerator.GetInstance(KeyAlgorithm, KeyStoreName); var keyGenSpec = new KeyGenParameterSpec.Builder(KeyName, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt) .SetBlockModes(BlockMode) .SetEncryptionPaddings(EncryptionPadding) .SetUserAuthenticationRequired(true) .Build(); keyGen.Init(keyGenSpec); keyGen.GenerateKey(); } catch { // Catch silently to allow biometrics to function on devices that are in a state where key generation // is not functioning } }
public void CreateKey() { // Removes key if it already exists, no change otherwise DeleteKey(); KeyPairGenerator keyGenerator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, KEYSTORE_NAME); // Parameters affiliated with the Transformation settings used when making Cipher var builder = new KeyGenParameterSpec.Builder(_keyAlias, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt) .SetBlockModes(KeyProperties.BlockModeEcb) .SetEncryptionPaddings(KeyProperties.EncryptionPaddingRsaPkcs1) .SetRandomizedEncryptionRequired(false).SetKeySize(KEY_SIZE); keyGenerator.Initialize(builder.Build()); builder.Dispose(); // Keys automattically added to KeyStore keyGenerator.GenerateKeyPair(); keyGenerator.Dispose(); }
// API 23+ Only ISecretKey GetSymmetricKey() { Preferences.Set(useSymmetricPreferenceKey, true, SecureStorage.Alias); var existingKey = keyStore.GetKey(alias, null); if (existingKey != null) { var existingSecretKey = existingKey.JavaCast <ISecretKey>(); return(existingSecretKey); } var keyGenerator = KeyGenerator.GetInstance(KeyProperties.KeyAlgorithmAes, androidKeyStore); var builder = new KeyGenParameterSpec.Builder(alias, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt) .SetBlockModes(KeyProperties.BlockModeGcm) .SetEncryptionPaddings(KeyProperties.EncryptionPaddingNone) .SetRandomizedEncryptionRequired(false); keyGenerator.Init(builder.Build()); return(keyGenerator.GenerateKey()); }
/// <summary> /// Creates a new public-private key pair. An already existing key will be deleted, so /// make sure to call <see cref="KeysExistInKeyStore"/> before. /// </summary> private void CreateKeyPairInKeyStore() { RemoveKeyFromKeyStore(); KeyPairGenerator keyGenerator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, KeyStoreName); // With Build.VERSION.SdkInt < BuildVersionCodes.M we would have to use an alternative // way, but Android 6 is our min version. Calendar endDateCalendar = Calendar.GetInstance(Locale.Default); endDateCalendar.Add(CalendarField.Year, 100); var builder = new KeyGenParameterSpec.Builder(KeyAlias, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt) .SetBlockModes(KeyProperties.BlockModeEcb) .SetEncryptionPaddings(KeyProperties.EncryptionPaddingRsaPkcs1) .SetCertificateNotAfter(endDateCalendar.Time) .SetKeySize(KeySize); keyGenerator.Initialize(builder.Build()); // Key generator is initialized, generate the key keyGenerator.GenerateKeyPair(); }
private void CreateKey_Credentials() { var generator = KeyPairGenerator.GetInstance("RSA", AndroidKeyStore); if (Build.VERSION.SdkInt < BuildVersionCodes.M) { Java.Util.Calendar calendar = Java.Util.Calendar.Instance; calendar.Add(Java.Util.CalendarField.Year, 20); Date startDate = Java.Util.Calendar.Instance.Time; Date endDate = calendar.Time; #pragma warning disable 0618 var builder = new KeyPairGeneratorSpec.Builder(_context); #pragma warning restore 0618 builder.SetAlias(KEYALIAS_CREDENTIALS); builder.SetSerialNumber(Java.Math.BigInteger.One); builder.SetSubject(new Javax.Security.Auth.X500.X500Principal("CN=${alias} CA Certificate")); builder.SetStartDate(startDate); builder.SetEndDate(endDate); generator.Initialize(builder.Build()); } else { var builder = new KeyGenParameterSpec.Builder(KEYALIAS_CREDENTIALS, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt); builder.SetBlockModes(KeyProperties.BlockModeEcb); builder.SetEncryptionPaddings(KeyProperties.EncryptionPaddingRsaPkcs1); generator.Initialize(builder.Build()); } generator.GenerateKeyPair(); }
private static void InitializePrivateKey() { var keyStore = KeyStore.GetInstance("AndroidKeyStore"); keyStore.Load(null); var entry = keyStore.GetEntry(Alias, null); if(entry != null && entry is KeyStore.SecretKeyEntry) { return; } var keyBuilder = KeyGenerator.GetInstance(KeyProperties.KeyAlgorithmAes, "AndroidKeyStore"); var spec = new KeyGenParameterSpec.Builder(Alias, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt).SetBlockModes(KeyProperties.BlockModeCbc).SetEncryptionPaddings(KeyProperties.EncryptionPaddingPkcs7).Build(); keyBuilder.Init(spec); keyBuilder.GenerateKey(); }
/// <summary> /// Creates the Key for fingerprint authentication. /// </summary> void CreateKey() { KeyGenerator keyGen = KeyGenerator.GetInstance(KeyProperties.KeyAlgorithmAes, KEYSTORE_NAME); KeyGenParameterSpec keyGenSpec = new KeyGenParameterSpec.Builder(KEY_NAME, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt) .SetBlockModes(BLOCK_MODE) .SetEncryptionPaddings(ENCRYPTION_PADDING) .SetUserAuthenticationRequired(true) .Build(); keyGen.Init(keyGenSpec); keyGen.GenerateKey(); Log.Debug(TAG, "New key created for fingerprint authentication."); }