2

I am trying to use Bouncy/SpongyCastle's OAEP encoding to decode some wrapped data. However, the SpongyCastle API for initialising the OAEPEncoding class requires CipherParameters. In my case, I'm trying to unwrap something using an Android PrivateKey, so I assume I would need to somehow convert the key to AsymmetricKeyParam and stick that in the OAEPEncoding.init function. However, I really tried searching for something similar but most of the examples show initialising that by doing getPrivate().getEncoded(). However, Android doesn't allow you to get the raw private key so I'm not sure how to approach this...
EDIT: The reason why I'm using BC's OAEP classes is to use OAEP with SHA-256

Ivan Stanev
  • 133
  • 1
  • 11
  • "Android PrivateKey" means you are using Android Keystore to generate the keys? – pedrofb Mar 03 '17 at 09:47
  • Yes the key is in the Android Keystore. I was able to use OAEP with SHA-1 just using regular Android APIs, however, I couldn't get it to work with SHA-256 and I am now trying with BC. – Ivan Stanev Mar 03 '17 at 09:53

1 Answers1

3

The key material stored in the Android Keystore is not accessible. You can use the keys but you can not extract them. It is a security restriction. privateKey.getEncoded() will allways be null, and you will not be able to extract the parameters to create a key with SpongyCastle.

See Security Features of Android Keystore

Extraction Prevention

Key material of Android Keystore keys is protected from extraction using two security measures:

  • Key material never enters the application process. When an application performs cryptographic operations using an Android Keystore key, behind the scenes plaintext, ciphertext, and messages to be signed or verified are fed to a system process which carries out the cryptographic operations. If the app's process is compromised, the attacker may be able to use the app's keys but will not be able to extract their key material (for example, to be used outside of the Android device).

If you want to use OAEP you need to create and store the keys yourself or targe Android>=23

Community
  • 1
  • 1
pedrofb
  • 37,271
  • 5
  • 94
  • 142
  • Yes, I understand that but I think my issue is actually using the BC APIs. I know that I can't get to the raw key and am using just a reference via PrivateKey, but none of the BC APIs accept an Android PrivateKey. I did use a `Cipher` with OAEP and SHA-256 but I get `javax.crypto.IllegalBlockSizeException Caused by: android.security.KeyStoreException: Unknown error`, which was not really helpful... – Ivan Stanev Mar 03 '17 at 10:14
  • Code I'm using: `Cipher cipher = Cipher.getInstance("RSA/None/OAEPwithSHA-256andMGF1Padding"); cipher.init(keyPair.getPrivate()); return cipher.doFinal(wrapped_data);` The `IllegalBlockSizeException` is thrown on `.doFinal()`. – Ivan Stanev Mar 03 '17 at 10:18
  • 1
    This is the point. You can't use an Android private key with bouncycastle, because to perform the cryptographic operation it would need access to the key parameters and the implementation does not allow it. An Android key can only be used with AndroidKeystore cryptographic provider – pedrofb Mar 03 '17 at 10:21
  • Ah I see... Any ideas where to look at to solve the exception issue when using the Android APIs then? – Ivan Stanev Mar 03 '17 at 10:25
  • 1
    AndroidKeystore api should work. `RSA/ECB/OAEPWithSHA-1AndMGF1Padding` and `RSA/ECB/OAEPWithSHA-256AndMGF1Padding` are supported. Here is an example with SHA256 http://stackoverflow.com/a/36021145/6371459 – pedrofb Mar 03 '17 at 10:32