问题描述
如何在加密共享首选项中使用密钥别名? 下面是我的加密共享首选项
KeyGenParameterSpec spec = new KeyGenParameterSpec.Builder(
DEFAULT_MASTER_KEY_ALIAS,KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_GCM)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
.setKeySize(DEFAULT_AES_GCM_MASTER_KEY_SIZE)
.build();
MasterKey masterKey = new MasterKey.Builder(this)
.setKeyGenParameterSpec(spec)
.build();
SharedPreferences sharedPreferences = EncryptedSharedPreferences.create(this,this.getResources().getString(R.string.app_preferences),masterKey,EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
);
我在实现这个时遇到了以下异常,
W/AndroidKeysetManager: keyset not found,will generate a new one
java.io.FileNotFoundException: can't read keyset; the pref value __androidx_security_crypto_encrypted_prefs_key_keyset__ does not exist
at com.google.crypto.tink.integration.android.SharedPrefKeysetReader.readPref(SharedPrefKeysetReader.java:71)
at com.google.crypto.tink.integration.android.SharedPrefKeysetReader.readEncrypted(SharedPrefKeysetReader.java:89)
at com.google.crypto.tink.KeysetHandle.read(KeysetHandle.java:105)
at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.read(AndroidKeysetManager.java:311)
at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.readOrGenerateNewKeyset(AndroidKeysetManager.java:287)
at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.build(AndroidKeysetManager.java:238)
at androidx.security.crypto.EncryptedSharedPreferences.create(EncryptedSharedPreferences.java:155)
at androidx.security.crypto.EncryptedSharedPreferences.create(EncryptedSharedPreferences.java:120)
我需要用该框中提到的密钥别名替换 DEFAULT_MASTER_KEY_ALIAS
吗?
如果是,那么没有硬编码我怎么能做到这一点?
我已将 DEFAULT_MASTER_KEY_ALIAS
替换为模块下的项目结构中提到的密钥别名。得到以下异常。
java.lang.IllegalArgumentException: KeyGenParamSpec's key alias does not match provided alias (_androidx_security_master_key_ vs mykeyalias
解决方法
在这种情况下,您不一定需要使用 keyalias。但是我不能使用 KeyGenParameterSpec 所以我使用了 KeyScheme 并且它对我有用。尝试使用它:
MasterKey masterKey = new MasterKey.Builder(this)
.setKeyScheme(MasterKey.KeyScheme.AES256_GCM)
.build();
代替:
MasterKey masterKey = new MasterKey.Builder(this)
.setKeyGenParameterSpec(spec)
.build();