.setCertificateSubject(new X500Principal("CN=Inspeckage, OU=ACPM, O=ACPM, C=BR")) .setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512) .setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1) .setCertificateNotBefore(start.getTime()) .setCertificateNotAfter(end.getTime())
/** * Generate a new key pair entry in the Android Keystore by using the KeyPairGenerator API. * This creates both a KeyPair and a self-signed certificate, both with the same alias, * using the {@link #keyAlgorithm} provided. */ private void generateAuthenticationKey() throws GeneralSecurityException { KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyAlgorithm, keystoreName); KeyGenParameterSpec.Builder specBuilder = new KeyGenParameterSpec.Builder(keyAlias, KeyProperties.PURPOSE_SIGN) .setCertificateSubject(new X500Principal("CN=unused")) .setDigests(KeyProperties.DIGEST_SHA256); if (keyAlgorithm.equals(KeyProperties.KEY_ALGORITHM_RSA)) { specBuilder.setKeySize(KEY_SIZE_RSA) .setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1); } else if (keyAlgorithm.equals(KeyProperties.KEY_ALGORITHM_EC)) { specBuilder.setKeySize(KEY_SIZE_EC); } kpg.initialize(specBuilder.build()); kpg.generateKeyPair(); }
@TargetApi(M) public void createKeyPair() { KeyPairGenerator keyPairGenerator; try { keyPairGenerator = KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore"); } catch (NoSuchAlgorithmException | NoSuchProviderException e) { throw new RuntimeException("Failed to get an instance of KeyPairGenerator", e); } /* By calling setUserAuthenticationRequired(true), we are indicating that any time the private key for this pair so to be used, we have to be authed via fingerprint. This is what enforces the invariant that the successful verification of the signature implies that an authorized individual has touched the fingerprint sensor. */ try { keyPairGenerator.initialize( new KeyGenParameterSpec.Builder(KEY_NAME, PURPOSE_SIGN) .setKeySize(2048) .setDigests(DIGEST_SHA256) .setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1) .setUserAuthenticationRequired(true) .build()); keyPairGenerator.generateKeyPair(); } catch (InvalidAlgorithmParameterException e) { throw new RuntimeException("failed to generate key pair", e); } }
.setCertificateSubject(new X500Principal("CN=" + mAlias)) .setDigests(KeyProperties.DIGEST_SHA256) .setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1) .setCertificateSerialNumber(BigInteger.valueOf(1337)) .setCertificateNotBefore(start.getTime())
@Override public void writeResult(PrintWriter out) throws GeneralSecurityException { String alias = intent.getStringExtra("alias"); String algorithm = intent.getStringExtra("algorithm"); int purposes = intent.getIntExtra("purposes", 0); String[] digests = intent.getStringArrayExtra("digests"); int size = intent.getIntExtra("size", 2048); String curve = intent.getStringExtra("curve"); int userValidity = intent.getIntExtra("validity", 0); KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(alias, purposes); builder.setDigests(digests); if (algorithm.equals(KeyProperties.KEY_ALGORITHM_RSA)) { // only the exponent 65537 is supported for now builder.setAlgorithmParameterSpec( new RSAKeyGenParameterSpec(size, RSAKeyGenParameterSpec.F4)); builder.setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1); } if (algorithm.equals(KeyProperties.KEY_ALGORITHM_EC)) { builder.setAlgorithmParameterSpec(new ECGenParameterSpec(curve)); } if (userValidity > 0) { builder.setUserAuthenticationRequired(true); builder.setUserAuthenticationValidityDurationSeconds(userValidity); } KeyPairGenerator generator = KeyPairGenerator.getInstance(algorithm, PROVIDER); generator.initialize(builder.build()); generator.generateKeyPair(); } });