Android examples for java.security:KeyStore
Creates a symmetric key in the Android Key Store which can only be used after the user has authenticated with fingerprint.
/*//from ww w .j av a 2 s.co m * Copyright 2016 Thomas Hoffmann * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ //package com.java2s; import android.security.keystore.KeyGenParameterSpec; import android.security.keystore.KeyProperties; import java.io.IOException; import java.security.GeneralSecurityException; import java.security.InvalidAlgorithmParameterException; import java.security.KeyStore; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; public class Main { /** * Alias for our key in the Android Key Store */ private static final String KEY_NAME = "my_key"; private static KeyStore mKeyStore; private static KeyGenerator mKeyGenerator; /** * Creates a symmetric key in the Android Key Store which can only be used after the user has * authenticated with fingerprint. */ private static void createKey() throws CertificateException, NoSuchAlgorithmException, IOException, InvalidAlgorithmParameterException { // The enrolling flow for fingerprint. This is where you ask the user to set up fingerprint // for your flow. Use of keys is necessary if you need to know if the set of // enrolled fingerprints has changed. mKeyStore.load(null); // Set the alias of the entry in Android KeyStore where the key will appear // and the constrains (purposes) in the constructor of the Builder mKeyGenerator.init(new KeyGenParameterSpec.Builder(KEY_NAME, KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT) .setBlockModes(KeyProperties.BLOCK_MODE_CBC) // Require the user to authenticate with a fingerprint to authorize every use // of the key .setUserAuthenticationRequired(true) .setEncryptionPaddings( KeyProperties.ENCRYPTION_PADDING_PKCS7).build()); mKeyGenerator.generateKey(); } /** * Initializes the keystore and creates the key if necessary * * @return true, if a new key has been generated * @throws GeneralSecurityException * @throws IOException */ static boolean init() throws GeneralSecurityException, IOException { mKeyStore = KeyStore.getInstance("AndroidKeyStore"); mKeyGenerator = KeyGenerator.getInstance( KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore"); if (!hasKey()) { createKey(); return true; } else { return false; } } /** * Checks if a key has already been create * * @return true, if a key is already created */ private static boolean hasKey() { try { mKeyStore.load(null); SecretKey key = (SecretKey) mKeyStore.getKey(KEY_NAME, null); return key != null; } catch (Exception e) { e.printStackTrace(); } return false; } }