2

I do "sign" operation and have the following code:

 KeyStore.PrivateKeyEntry privateKeyEntry = 

(KeyStore.PrivateKeyEntry)keyStore.getEntry(keyAlias, null);
 PrivateKey privateKey = privateKeyEntry.getPrivateKey();

 signature = Signature.getInstance("NONEwithRSA");
 signature.initSign(privateKey);
 signature.update(data);

After executing the above, I get the following exception:

05-29 17:33:36.106 W/System.err( 4478): java.security.InvalidKeyException: Supplied key (android.security.keystore.AndroidKeyStoreRSAPrivateKey) is not a RSAPrivateKey instance
05-29 17:33:36.107 W/System.err( 4478):     at org.spongycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi.engineInitSign(DigestSignatureSpi.java:92)
05-29 17:33:36.107 W/System.err( 4478):     at java.security.Signature$Delegate.init(Signature.java:1208)
05-29 17:33:36.107 W/System.err( 4478):     at java.security.Signature$Delegate.chooseProvider(Signature.java:1167)
05-29 17:33:36.107 W/System.err( 4478):     at java.security.Signature$Delegate.engineInitSign(Signature.java:1232)
05-29 17:33:36.107 W/System.err( 4478):     at java.security.Signature.initSign(Signature.java:607)
05-29 17:33:36.107 W/System.err( 4478):     at com.example.TestClass.sign(TestClass.java:289)

I also use the Spongy Castle library in the same class because I need it for other purposes, so therefore I have the following in a static block:

Security.insertProviderAt(new org.spongycastle.jce.provider.BouncyCastleProvider(), 1);

What is the problem here? I've read all the threads on StackOverflow that are of similar nature and the solution is always to not use a specific provider when doing init on the Cipher (which I do not) and to not cast the key to RSAPrivateKey (which I do not!).

Does it have something to do with Spongy being registered as a 1st provider? I do not have any ideas left. Please share

Sandra
  • 4,239
  • 10
  • 47
  • 80
  • Try *not* registering the spongycastle provider in the first position and see what happens. There is little reason to to do so anyways. – President James K. Polk May 29 '17 at 15:53
  • This is the recommended way of registering the provider from the SpongyCastle library's page. They say the provider is registered like this to ensure that Spongy Castle is used in preference to any other security provider on the device. I will try to register it at the second or other position and write a comment here. – Sandra May 30 '17 at 08:51
  • Have you been sussessful in your try_ I have simmilar issues and looking for a solution. To me it first happend moving the old api to new androi 8.0 .. so something fishy there. What is your setup ? Versions? – lukassos May 16 '18 at 22:04
  • I use the following: Provider[] providers = Security.getProviders(); Security.insertProviderAt(new BouncyCastleProvider(), providers.length); in a static block – Sandra Mar 19 '19 at 15:04

1 Answers1

0

I had the same issue with my code and thanks to this forum I found that the following line is what causes it:

Security.insertProviderAt(new org.spongycastle.jce.provider.BouncyCastleProvider(), 1);

Setting the provider to SpongyCastle while getting the private key overrides Java's default way of getting the private key which is what seems to cause the exception.

You mention

I need it for other purposes, so therefore I have the following in a static block

The way to get around this and still be able to use SpongyCastle's functionality is to only use SpongyCastle as a provider in the methods that require it.

Josh Correia
  • 3,807
  • 3
  • 33
  • 50