9

I need to use NIST P-256 elliptic curves to encrypt and decrypt data. Now that I have generated the key pair, but how do I use them to encrypt and decrypt?

The official website only says how to use this ec key pair to sign/verify, but I want to know how to use this ec key pair to encrypt/decrypt.

website: https://developer.android.com/reference/android/security/keystore/KeyGenParameterSpec#example:-nist-p-256-ec-key-pair-for-signingverification-using-ecdsa

generate NIST P-256 key pair code:

        val kpg: KeyPairGenerator = KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_EC, "AndroidKeyStore")
        val parameterSpec =
            KeyGenParameterSpec.Builder("container", KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT)
                .setAlgorithmParameterSpec(ECGenParameterSpec("secp256r1"))
                .setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA384, KeyProperties.DIGEST_SHA512)
                .build()
        kpg.initialize(parameterSpec)
        val keyPair = kpg.generateKeyPair()

        val ecPublicKey = keyPair.public as ECPublicKey
        val ecPrivateKey = keyPair.private as ECPrivateKey
gopher
  • 89
  • 1
  • 6
  • Follow the recommendation. Use ECC key exchange, see ECHKE then encrypt with a block cipher like AES. – kelalaka Jul 18 '19 at 06:52
  • @kelalaka,Excuse me, do you have a recommended document link or code example? Sorry, I am new in android, so I have to ask for more information. – gopher Jul 18 '19 at 08:00
  • This is nothing to do with android. It is the general practice in Cryptography. See an implementation [here](https://gist.github.com/zcdziura/7652286) – kelalaka Jul 18 '19 at 08:31
  • Could you accept and close this question if satisfies you? – kelalaka Aug 21 '19 at 20:41

2 Answers2

15

AndroidKeyStore does not currently support encryption or decryption with EC keys, only with RSA keys.

To use EC keys for encryption, you need to either use ECDH plus a key derivation function (KDF) to compute a shared symmetric key which you can use for your data, or to use ECIES which does that internally. But AndroidKeyStore doesn't support either mode of operation as of Android 10. Maybe in Android 11.

For now, you can either use RSA with an appropriate padding mode (OAEP recommended) to encrypt your symmetric key, or you can use the native Java cryto provider. This, unfortunately, will not use secure hardware to generate, store or use the key, and will instead do all of these things in your app's process space. There's an example here.

(For what it's worth, I'm the Google engineer who owns AndroidKeyStore. I've been planning to add ECDH support for a few years now, but it's always been pre-empted by other features that were considered higher priority. I will get to it, though.)

divegeek
  • 4,795
  • 2
  • 23
  • 28
  • I need your help with this [question](https://stackoverflow.com/q/61901095/5050924) – Facundo Larrosa May 19 '20 at 21:42
  • Thanks @divegeek for this, I am also looking for similar stuff to be used. I need to use ECIES, I searched it a lot but not able to locate any helpful pages for it. Any references for it, to get myself how to implement it would be of great help. Cheers! – SS06Dec86 Jul 15 '20 at 10:59
  • @divegeek EC seems to be supported now? https://developer.android.com/training/articles/keystore – User Aug 21 '20 at 08:35
  • @Ixx nope, still not supported. Is there something in that article that implies it is? If so, please point it out so I can fix the article. ECDH support is planned for Android 12, and I think it will land this time. No guarantees, though :-) – divegeek Nov 18 '20 at 13:12
  • @divegeek It says EC is supported on 23+ here https://developer.android.com/training/articles/keystore#SupportedKeyPairGenerators also there is this example https://developer.android.com/reference/android/security/keystore/KeyGenParameterSpec#example:-nist-p-256-ec-key-pair-for-signingverification-using-ecdsa If it is not supported could you elaborate which algorithm to use and provide resources where people can learn more about this process. So far it seems there are lots of dependencies one must understand to generate a key. – nkhar Apr 16 '21 at 09:34
  • @nkhar I think you can use EC for signatures (https://developer.android.com/training/articles/keystore#SupportedSignatures) but not encryption. – b4da Apr 18 '21 at 19:08
  • 1
    Is ECDH supported yet in 2022? – ArcadeRenegade Jan 31 '22 at 01:06
  • 2023 and the answer is No, its still not supported... Hard to believe. – Kaan Mar 20 '23 at 08:26
0

Public key encryption is not recommended to use for encryption. The general practice is hybrid-encryption where a block cipher key is exchanged then symmetric encryption is performed.

After the key exchange the most common issues Authentication and Integrity. The modern practice is using an authenticated encryption mode as AES-GCM. GCM mode gives you authentication and integrity. You can see an implementation here

kelalaka
  • 5,064
  • 5
  • 27
  • 44
  • 1
    Thanks, it really solved my problem. I originally wanted to use the public key to encrypt the aes key to exchange the symmetric key, because I cannot find the ecdh algorithm!! – gopher Jul 18 '19 at 10:01