堆栈内存溢出
  简体   繁体   English

如何在Android Native Code中使用Keystore?

[英]How can I use Keystore in Android Native Code?

 原文  2017-02-09 02:13:16       android/ java-native-interface/ keystore/ pycrypto

问题描述

I need to encrypt the some file which are created by the android native service written in C++. 我需要加密一些由C ++编写的android本机服务创建的文件。 I have to use Keystore but I dont know how to use. 我必须使用Keystore但我不知道如何使用。 is there any libraries or document? 有没有图书馆或文件?

1 个解决方案

解决方案1
 1  2019-07-10 13:20:40

I know the thread is old but maybe it will help someone in the future. 我知道线程已经老了,但未来可能会有所帮助。 The hints below refer to Android Keystore v3 and v4 (Oreo and Pie respectively). 以下提示涉及Android Keystore v3和v4(分别为Oreo和Pie)。

Basically the HAL keystore (as described here ) is wrapped in the keystore service. 基本上,HAL密钥库(如所描述的在这里 )被包裹在密钥库服务。 The service API mimics the interface described in IKeymasterDevice.hal. 服务API模仿IKeymasterDevice.hal中描述的接口。 Instead of blob you can use a string alias for the key (eg "mySecretKey"). 您可以使用字符串别名代替blob(例如“mySecretKey”)。 The service stores the keyblobs (raw key material + key parameters) to the file system. 该服务将keyblobs(原始密钥材料+关键参数)存储到文件系统。 Default location is /data/misc/keystore/user_0/<uid>_<key_alias>. 默认位置是/ data / misc / keystore / user_0 / <uid> _ <key_alias>。

Keystore service is also the layer which checks whether requesting process is allowed to use the key (based on process uid). 密钥库服务也是检查请求进程是否允许使用密钥的层(基于进程uid)。

The communication with keystore service is done via binder interface (IPC). 与密钥库服务的通信是通过绑定器接口(IPC)完成的。 You may want to read more about it here . 您可能想在此处阅读更多相关信息。

AOSP contains reference client implementation here . AOSP包含参考客户端实现在这里

Example usage can be found in the stock CLI here 可以在此处的库存CLI中找到示例用法

The AOSP comes with SW based keystore implementation which can be found here . AOSP附带基于SW的密钥库实现,可在此处找到。 By default the keyblob on AOSP builds are not encrypted. 默认情况下,AOSP版本上的keyblob未加密。

Note that the stock keystore_cli_v2 does NOT provide support for key import. 请注意,库存keystore_cli_v2不提供对密钥导入的支持。 If you plan to encrypt the data offline (eg pycrypto) you must extend it. 如果您计划离线加密数据(例如pycrypto),则必须对其进行扩展。 If you plan to do so remember that the keystore_client_impl.cpp is linked to libkeystore_binder.so and not the keystore_cli_v2. 如果您打算这样做,请记住keystore_client_impl.cpp链接到libkeystore_binder.so而不是keystore_cli_v2。

For the asymmetric key ciphers you may export the public key component using the API. 对于非对称密钥密码,您可以使用API​​导出公钥组件。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用 Android KeyStore 安全地存储任意字符串? - How Can I Use the Android KeyStore to securely store arbitrary strings? 我可以在 React Native 中使用 .jks 文件而不是 .keystore 文件吗? - Can I use .jks file instead of .keystore file in react native? 如何在 android 工作室中创建密钥库? - how can i create keystore in android studio? 我可以在Android上使用Bouncy Castle Keystore.UBER吗? - Can I use Bouncy Castle Keystore.UBER on Android? 什么是 android 中的生产密钥库,我如何获得生产密钥库的路径? - What is production keystore in android and how can I get the path-to-production-keystore? 如何从 Android Studio 检索已保存的密钥库密码? - How can I retrieve a saved keystore password from Android Studio? 如何使用Android密钥库对Flex Mobile App进行签名? - How can I sign a Flex Mobile App using Android keystore? 为什么当我使用本机应用程序 package 名称和密钥库文件到 flutter android 应用程序时,谷歌登录不起作用? - Why google signin not working when i use native app package name and keystore files to flutter android app? rhomobile如何在Linux上使用新凭据创建android密钥库 - rhomobile how can i create android keystore with new credentials on linux 如何创建密钥库? - How can I create a keystore?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM