I'm trying to import various private keys into AndroidKeyStore. I'm using
BouncyCastle to decode raw key data. While I am able to obtain usable KeyPair
s,
I can't put EC keys into AndroidKeyStore due to the following exception:
java.security.KeyStoreException: Unsupported key algorithm: ECDSA
at android.security.keystore.AndroidKeyStoreSpi.getLegacyKeyProtectionParameter(AndroidKeyStoreSpi.java:348)
at android.security.keystore.AndroidKeyStoreSpi.setPrivateKeyEntry(AndroidKeyStoreSpi.java:360)
at android.security.keystore.AndroidKeyStoreSpi.engineSetKeyEntry(AndroidKeyStoreSpi.java:294)
at java.security.KeyStore.setKeyEntry(KeyStore.java:1179)
which gets thrown here:
androidKeyStore.setKeyEntry(alias,
keyPair.getPrivate(),
null,
new Certificate[]{ generateCertificate(keyPair) });
(The certificate is generated as
shown here except I added
case "ECDSA":
below case "EC":
)
The problem seems to be the algorithm name, it's ECDSA
instead of EC
;
when I use other means to obtain the key pair and its algorithm is EC
,
it works without issues.
What's going on here? Can I convert ECDSA
keys to EC
keys? Can I make
BouncyCastle create EC
keys in the first place?
For the record, this is how I create Edit: see fixed code in my answer belowKeyPair
s from byte array and passphrase:
One trick is to not use Bouncy Castle for converting PCKS1 keys. On Android 10, the built-in BC provider does that part just fine. To get a key pair, call
getKeyPair()
on an object returned by simplyJcaPEMKeyConverter()
instead ofJcaPEMKeyConverter().setProvider(bouncyCastleProvider)
.full code: