Until now I have used to store my application secrets into the KeyStore with the following code:
// creating a instance
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
// generating a secret key
SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();
// store the secret key
KeyStore.Entry keyStoreEntry = new KeyStore.SecretKeyEntry(secretKey);
ProtectionParameter keyPassword = new PasswordProtection("myPassword".toCharArray());
keyStore.setEntry("mySecretKey", keyStoreEntry, keyPassword);
According to this Stackoverflow post in API 14+ the KeyStore credential storage is protected by the device unlock password, so there is no need for a ProtectionParameter.
But How to set a KeyStore entry without providing the 3rd parameter?
