2

I am currently trying to create an EDCSA Key Pair with the Android Keystore. Creation works fine but when sending the key to the backend I receive "Invalid EDCSA Key". I have no insight into the backend implementation.

The website: https://kjur.github.io/jsrsasign/sample/sample-ecdsa.html

Also marks the created key(s) as having an invalid signature.

My code is as follows:

val keyPairGenerator = KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_EC, "AndroidKeyStore")
    keyPairGenerator.initialize(
        KeyGenParameterSpec.Builder(
                "key4",
        KeyProperties.PURPOSE_SIGN)
        .setAlgorithmParameterSpec(ECGenParameterSpec("secp256r1"))
        .setDigests(KeyProperties.DIGEST_SHA256)
        .setUserAuthenticationRequired(false)
        .build())
    val keyPair = keyPairGenerator.generateKeyPair()
    val p = KeyFactory.getInstance(keyPair.public.getAlgorithm()).generatePublic(
        X509EncodedKeySpec(keyPair.public.getEncoded()))
    hexPublic = Hex.toHexString(p.encoded)

Resulting in for example:

Public-Key: (256 bit)
00000000  04 6e 33 8a 49 1a 96 de  e8 b6 53 a7 b6 4a df 33  |.n3.I.....S..J.3|
00000010  b5 23 ce 92 2d 39 2e a2  f0 cc 19 ec 54 cf ad d7  |.#..-9......T...|
00000020  6e e1 ce 78 c7 61 c4 01  f4 7b 64 2a a4 32 03 4b  |n..x.a...{d*.2.K|
00000030  8d 29 e4 8f 16 6e d6 82  ce bf 07 b9 30 97 15 ff  |.)...n......0...|
00000040  d1                                                |.|

Encoded from above results in:

3059301306072a8648ce3d020106082a8648ce3d030107034200046e338a491a96dee8b653a7b64adf33b523ce922d392ea2f0cc19ec54cfadd76ee1ce78c761c401f47b642aa432034b8d29e48f166ed682cebf07b9309715ffd1

After initial searching I found the addition:

KeyFactory.getInstance(keyPair.public.getAlgorithm()).generatePublic(X509EncodedKeySpec(keyPair.public.getEncoded()))

To remove unnecessary padding from my key.

But still the key looks way different than what the website creates as an example:

04d8888078160aa934ace1745efb1d00ddec4a0e73ea93931902784c57c6ac604df3898241c1925e42907419d6d0ce5956d4109964608749aedc69e1e532c018c9

The content of the public key above(not encoded) seems to have the right format, but when trying it on the website it still is marked as invalid signature.

I am not sure what to do to get the correct value from the key, I am happy for any pointers and or help.

p.S. tried: How can I generate a valid ECDSA EC key pair?

which also is not working.

Update Found out that we need an ASIN 9.63 key format to make it work with the backend

Thank you in advance

Koerfer_P
  • 341
  • 2
  • 13
  • 1
    Hey @Koerfer_P, I'm having the same issue. Would you mind elaborating on your solution with the "ASIN 9.63 key format", please? Thanks! – manusobles Apr 05 '22 at 10:28

0 Answers0