blocks|key|193713|text|我认为KeyStore可以适合您的使用。它能够存储RSA密钥并使用AES对其进行加密，因此即使使用root访问，也无法在没有密码或暴力破解的情况下提取它们。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|193714|这里有一个关于使用KeyStore的很好的帖子：http://nelenkov.blogspot.fr/2012/05/storing-application-secrets-in-androids.html|offset|length|193715|entityMap|0|LINK|mutability|MUTABLE|url|http://nelenkov.blogspot.fr/2012/05/storing-application-secrets-in-androids.html^0|0|O|28|0|0^^$0|@$1|2|3|4|5|6|7|N|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|O|8|@]|9|@$D|P|E|Q|1|R]]|A|$]]|$1|F|3|-4|5|6|7|S|8|@]|9|@]|A|$]]]|G|$H|$5|I|J|K|A|$L|M]]]]

I think KeyStore could be suitable for your use. It is able to store RSA keys and encrypts them using AES so even with root access, they cannot be extracted without the password or bruteforcing.

There's a good post here about using KeyStore: <a href="http://nelenkov.blogspot.fr/2012/05/storing-application-secrets-in-androids.html" rel="noreferrer">http://nelenkov.blogspot.fr/2012/05/storing-application-secrets-in-androids.html</a>

blocks|key|193748|text|你可以使用android上的SharedPreference保存你的RSA公钥/私钥。为了在手机被恶意扎根时保护您的密钥安全，您可以执行以下步骤：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|193749|1:当你想要加密任何数据时，生成一个密钥对。|193750|2:提示用户输入密码。|193751|3:使用该密码生成对称密钥来加密您的私钥。|193752|4:您可以使用公钥对数据进行加密，使用私钥进行解密。|193753|5:您可以为步骤2中提示的密码保留会话，在会话期间，您可以使用对称密钥(由密码生成)对私钥进行加密/解密。|193754|下面的代码片段展示了如何存储和获取公钥|193755|public+void+setPublicKey(PublicKey+publicKey,+String+key,+Context+context)+{

++++byte[]+pubKey+=+publicKey.getEncoded();
++++String+pubKeyString+=+Base64.encodeBytes(pubKey);
++++this.setString(key,+pubKeyString,+context);
}

public+PublicKey+getPublicKey(String+key,Context+context)+{

++++PublicKey+pKey+=+null;
++++try+{

++++++++String+pubString+=+this.getString(key,+context);

++++++++if(pubString!=null)+{
++++++++++++byte[]+binCpk+=+Base64.decode(pubString);
++++++++++++KeyFactory+keyFactory+=+KeyFactory.getInstance("RSA");
++++++++++++X509EncodedKeySpec+publicKeySpec+=+new+X509EncodedKeySpec(binCpk);
++++++++++++pKey+=+keyFactory.generatePublic(publicKeySpec);
++++++++}
++++++++}catch(Exception+e){
++++}
++++return+pKey;
}|code-block|syntax|javascript|193756|下面的代码片段展示了如何存储和获取私钥。|193757|public+void+setPrivateKey(PrivateKey+privateKey,+String+key,+Context+context)+{

++++byte[]+priKey+=+privateKey.getEncoded();
++++String+priKeyString+=+Base64.encodeBytes(priKey);
++++this.setString(key,+priKeyString,+context);
}

public+PrivateKey+getPrivateKey(String+key,+Context+context)+{

++++PrivateKey+privateKey+=+null;

++++try+{
++++++++String+privateString+=+this.getString(key,+context);
++++++++if(privateString!=null){
++++++++++++byte[]+binCpk+=+Base64.decode(privateString);
++++++++++++KeyFactory+keyFactory+=+KeyFactory.getInstance("RSA");
++++++++++++PKCS8EncodedKeySpec+privateKeySpec+=+new+PKCS8EncodedKeySpec(binCpk);
++++++++++++privateKey+=+keyFactory.generatePrivate(privateKeySpec);
++++++++}
++++}+
++++catch(Exception+e){
++++}
++++return+privateKey;
}|193758|entityMap^0|0|0|0|0|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|Y|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|Z|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|10|8|@]|9|@]|A|$]]|$1|F|3|G|5|6|7|11|8|@]|9|@]|A|$]]|$1|H|3|I|5|6|7|12|8|@]|9|@]|A|$]]|$1|J|3|K|5|6|7|13|8|@]|9|@]|A|$]]|$1|L|3|M|5|6|7|14|8|@]|9|@]|A|$]]|$1|N|3|O|5|P|7|15|8|@]|9|@]|A|$Q|R]]|$1|S|3|T|5|6|7|16|8|@]|9|@]|A|$]]|$1|U|3|V|5|P|7|17|8|@]|9|@]|A|$Q|R]]|$1|W|3|-4|5|6|7|18|8|@]|9|@]|A|$]]]|X|$]]

You can persist your RSA public/private key using SharedPreference on android. 
In order to keep your keys safe when the phone is maliciously rooted, you can do the following steps:

1: When you want to ecrypt any data generate a key pair. 
2: Prompt the user for a password. 
3: Use that password to generate a symmetric key to encrypt your private key. 
4: You can encrypt your data using the public key and decrypt using private key. 
5: You can keep a session for the password prompted in step 2. During that session, you can use the symmetric key(generated from password) to encrypt/decrypt the private key.

The following code snippet shows to how to store &amp; fetch the public key

<pre><code>public void setPublicKey(PublicKey publicKey, String key, Context context) {

 byte[] pubKey = publicKey.getEncoded();
 String pubKeyString = Base64.encodeBytes(pubKey);
 this.setString(key, pubKeyString, context);
}

public PublicKey getPublicKey(String key,Context context) {

 PublicKey pKey = null;
 try {

 String pubString = this.getString(key, context);

 if(pubString!=null) {
 byte[] binCpk = Base64.decode(pubString);
 KeyFactory keyFactory = KeyFactory.getInstance("RSA");
 X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(binCpk);
 pKey = keyFactory.generatePublic(publicKeySpec);
 }
 }catch(Exception e){
 }
 return pKey;
}
</code></pre>

The following code snippet shows how to store&amp; fetch the private key.

<pre><code>public void setPrivateKey(PrivateKey privateKey, String key, Context context) {

 byte[] priKey = privateKey.getEncoded();
 String priKeyString = Base64.encodeBytes(priKey);
 this.setString(key, priKeyString, context);
}

public PrivateKey getPrivateKey(String key, Context context) {

 PrivateKey privateKey = null;

 try {
 String privateString = this.getString(key, context);
 if(privateString!=null){
 byte[] binCpk = Base64.decode(privateString);
 KeyFactory keyFactory = KeyFactory.getInstance("RSA");
 PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(binCpk);
 privateKey = keyFactory.generatePrivate(privateKeySpec);
 }
 } 
 catch(Exception e){
 }
 return privateKey;
}
</code></pre>

blocks|key|193796|text|文件系统中的密钥存储库(P12、JKS、AKS)都不能足够安全，无法保存RSA私钥。只有SmartCard或安全令牌可以提供高级别安全性。阅读这本书："Android安全内部原理“。在这本书中，你会找到很好的Android安全和JCA提供商的描述。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|193797|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|D|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|E|8|@]|9|@]|A|$]]]|C|$]]

None of the keystores (P12, JKS, AKS) in the file system can be secure enough to hold RSA private keys. Only SmartCard or secure tokens can provide high-level security. Read this book: &quot;Android Security Internals&quot;. In this book you will find good description of Android Security and JCA providers.

During the creation of simple messaging android application that is to encrypt/decrypt messages and send them through internet, I decided to use RSA public/private key encryption. Question is how to store private key, so that even if phone is maliciously rooted, the key would stay safe? As far as I understood, KeyStore is used for certificates, and cannot be used for this? Should I encrypt private key as text file with AES? I have very little experience with security, so please feel free to correct my ideas, and give your opinion!

Kind Regards.

Storing RSA Private Key Android

安全令牌

文件系统

Android

在创建简单消息传递android应用程序的过程中，我决定使用RSA公钥/私钥加密。问题是如何存储私钥，以便即使手机被恶意扎根，密钥也会保持安全？据我所知，KeyStore是用来认证的，不能用来做这个吗？我应该用AES将私钥加密为文本文件吗？我在安全方面的经验很少，所以请随时纠正我的想法，并给出你的意见！致以亲切的问候。

问存储RSA私钥Android
EN

社区

活动

资源

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问存储RSA私钥AndroidEN

社区

活动

资源

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问存储RSA私钥Android
EN