What key alias need to use in EncryptedSharedPreferences?

Question

how can I use key alias in Encrypted sharedprefernces? below is my Encrypted shared preference

KeyGenParameterSpec spec = new KeyGenParameterSpec.Builder(
                    DEFAULT_MASTER_KEY_ALIAS,
                    KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
                    .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
                    .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
                    .setKeySize(DEFAULT_AES_GCM_MASTER_KEY_SIZE)
                    .build();

            MasterKey masterKey = new MasterKey.Builder(this)
                    .setKeyGenParameterSpec(spec)
                    .build();

            SharedPreferences sharedPreferences = EncryptedSharedPreferences.create(this,
                    this.getResources().getString(R.string.app_preferences),
                    masterKey,
                    EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
                    EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
            );

I got below exception when implemented this,

 W/AndroidKeysetManager: keyset not found, will generate a new one
    java.io.FileNotFoundException: can't read keyset; the pref value __androidx_security_crypto_encrypted_prefs_key_keyset__ does not exist
        at com.google.crypto.tink.integration.android.SharedPrefKeysetReader.readPref(SharedPrefKeysetReader.java:71)
        at com.google.crypto.tink.integration.android.SharedPrefKeysetReader.readEncrypted(SharedPrefKeysetReader.java:89)
        at com.google.crypto.tink.KeysetHandle.read(KeysetHandle.java:105)
        at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.read(AndroidKeysetManager.java:311)
        at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.readOrGenerateNewKeyset(AndroidKeysetManager.java:287)
        at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.build(AndroidKeysetManager.java:238)
        at androidx.security.crypto.EncryptedSharedPreferences.create(EncryptedSharedPreferences.java:155)
        at androidx.security.crypto.EncryptedSharedPreferences.create(EncryptedSharedPreferences.java:120)

I need to replace DEFAULT_MASTER_KEY_ALIAS with key alias mentioned in that box? If yes, then how can I do that without hardcoding?

I have replaced DEFAULT_MASTER_KEY_ALIAS with key alias mentioned in Project Structure under modules. Got below exception.

java.lang.IllegalArgumentException: KeyGenParamSpec's key alias does not match provided alias (_androidx_security_master_key_ vs mykeyalias

The signing key is a key that exists on your computer (or maybe an external drive), for the purpose of signing your app. You should keep that key secure, so trying to bundle it inside your app seems like a bad idea. It's not clear to me why you're not simply using `MasterKeys.getOrCreate` as in the example from the documentation. — Michael, Mar 29 '21 at 09:14
Were you able to resolve this issue? I got the same `FileNotFoundException` when using the sample code from https://developer.android.com/topic/security/data-android-versions — user1033552, Aug 16 '21 at 13:34
Did you get the solution? If yes, can you please post the solution? — Viks, Aug 18 '21 at 03:18

score 1 · Answer 1 · answered Apr 12 '22 at 14:41

Your problem comes from this line:

MasterKey masterKey = new MasterKey.Builder(this)

According to the implementation of MasterKey.Builder(), if you don't provide the second parameter that is the key alias

 public Builder(@NonNull Context context, @NonNull String keyAlias) {
        mContext = context.getApplicationContext();
        mKeyAlias = keyAlias;
    }

Then the default key alias is being used

public Builder(@NonNull Context context) {
        this(context, MasterKey.DEFAULT_MASTER_KEY_ALIAS);
    }

So once you try to build with a KeyGenParameterSpec with a different alias, it is complaining. Make use of the constructor with the key alias as second parameter, then it should work.

Sorry being late answering, I've just faced the same problem. I've preferred to share this to help others while looking for an answer.

Paulo Henrique Teixeira · Answer 2 · 2021-07-14T21:31:34.950

-1

You don't necessarily need to use keyalias in this case. But I couldn't use KeyGenParameterSpec so I used KeyScheme and it worked for me. Try using it:

MasterKey masterKey = new MasterKey.Builder(this)
              .setKeyScheme(MasterKey.KeyScheme.AES256_GCM)
              .build();

Instead of:

MasterKey masterKey = new MasterKey.Builder(this)
                .setKeyGenParameterSpec(spec)
                .build();

edited Jul 14 '21 at 21:31

answered Jul 14 '21 at 21:17

Paulo Henrique Teixeira

1
1

2

This also gives same error. https://stackoverflow.com/questions/68825081/androidx-security-crypto-encrypted-prefs-key-keyset-does-not-exist – Viks Aug 18 '21 at 03:17

What key alias need to use in EncryptedSharedPreferences?

2 Answers2

Linked