Android KeyStore parameters building

Question

I'm trying to use RSA encryption with KeyStore and I need to specify Parameters for KeyPairGenerator and I'm lost here. KeyPairGeneratorPair is kinda straightforward, but I don't understand KeyGenParameterSpec for API>=23

That's what I did, I think I got everything in else part, but now I'm confused about KeyGenParameterSpec

What exactly public exponent in RSAKeyGenParameterSpec is?

What Digests in .setDigests should i specify?

There's also .setBlockMode() method to call, and since I'm using RSA and RSA/None/OAEPWithSHA1AndMGF1Padding which block mode to set? ECB, CBC?

if(Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
                generator.initialize(new KeyGenParameterSpec.Builder("PrivateKey", KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
                        .setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(2048, RSAKeyGenParameterSpec.F4))
                        .setDigests(KeyProperties.DIGEST_SHA1,
                                KeyProperties.DIGEST_SHA256)
                        .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_OAEP)
                        .setCertificateSerialNumber(BigInteger.ONE)
                        .setCertificateSubject(new X500Principal("CN=" + "PrivateKey"))
                        .setCertificateNotBefore(calendar.getTime())
                        .setCertificateNotAfter(endCalendar.getTime())
                        .setKeySize(2048).build());
            } else {
                generator.initialize(new KeyPairGeneratorSpec.Builder(MainActivity.this)
                        .setAlias("PrivateKey")
                        .setSerialNumber(BigInteger.ONE)
                        .setSubject(new X500Principal("CN=" + "PrivateKey"))
                        .setStartDate(calendar.getTime())
                        .setEndDate(endCalendar.getTime())
                        .setKeySize(2048).build()      

 );
            }

Cipher cipher = Cipher.getInstance("RSA/None/OAEPWithSHA1AndMGF1Padding");

Answer 1

Method setDigests() sets digest method for your padding mode and setBlockMode() sets encryption mode which depends on your work.

I think you have set a lot of unnecessary field. For example I use this method to create my own RSA key:

public boolean createKey() {
    try {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(
                KeyProperties.KEY_ALGORITHM_RSA,
                "AndroidKeyStore"
        );

        mKeyStore.load(null);
        KeyGenParameterSpec.Builder builder =
                new KeyGenParameterSpec.Builder(
                        MY_KEY,
                        KeyProperties.PURPOSE_DECRYPT).
                setKeySize(MY_KEYLEN).
                setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_OAEP).
                setDigests(KeyProperties.DIGEST_SHA256);

        keyPairGenerator.initialize(builder.build());
        keyPairGenerator.generateKeyPair();
    } catch (NoSuchAlgorithmException | CertificateException | IOException |
            InvalidAlgorithmParameterException | NoSuchProviderException e) {
        return false;
    }

    return true;
}

I created this key to use with RSA/ECB/OAEPWithSHA-256AndMGF1Padding algorithm.