0

I have been trying to solve this issue regarding AndroidKeyStore. My app seems to not getting Android native provider for NONEwithRSA signing algorithm. This is the code reference:

Calendar startDate = Calendar.getInstance();
Calendar endDate = Calendar.getInstance();
endDate.add(Calendar.YEAR, 30);

KeyPairGeneratorSpec keyPairGeneratorSpec = new KeyPairGeneratorSpec.Builder(context)
                        .setAlias("aliasName")
                        .setSubject(new X500Principal("CN=aliasName"))
                        .setSerialNumber(BigInteger.TEN)
                        .setStartDate(startDate.getTime())
                        .setEndDate(endDate.getTime())
                        .build();

KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
keyPairGenerator.initialize(keyPairGeneratorSpec);
keyPairGenerator.generateKeyPair();

Once generateKeyPair() gets called, I got the following exception stack trace.

Caused by: java.security.SignatureException: java.security.ProviderException: No provider for NONEwithRSA
    at com.google.android.gms.org.conscrypt.OpenSSLSignature.engineSign(:com.google.android.gms@12673012@12.6.73 (020408-194189626):6)
    at java.security.Signature$SignatureImpl.engineSign(Signature.java:672)
    at java.security.Signature.sign(Signature.java:381)
    at com.android.org.bouncycastle.x509.X509Util.calculateSignature(X509Util.java:248)
    at com.android.org.bouncycastle.x509.X509V3CertificateGenerator.generate(X509V3CertificateGenerator.java:434)
    at com.android.org.bouncycastle.x509.X509V3CertificateGenerator.generate(X509V3CertificateGenerator.java:412)
    at android.security.AndroidKeyPairGenerator.generateKeyPair(AndroidKeyPairGenerator.java:133)
    ... 26 more
Caused by: java.security.ProviderException: No provider for NONEwithRSA
    at java.security.Signature$SignatureImpl.getSpi(Signature.java:734)
    at java.security.Signature$SignatureImpl.engineInitSign(Signature.java:692)
    at java.security.Signature.initSign(Signature.java:343)
    at com.google.android.gms.org.conscrypt.CryptoUpcalls.rawSignDigestWithPrivateKey(:com.google.android.gms@12673012@12.6.73 (020408-194189626):11)
    at com.google.android.gms.org.conscrypt.NativeCrypto.EVP_DigestSignFinal(Native Method)
    at com.google.android.gms.org.conscrypt.OpenSSLSignature.engineSign(:com.google.android.gms@12673012@12.6.73 (020408-194189626):2)
    ... 32 more

No solution is found related to my issue. Does anyone have any idea on how to solve this?

Jeff
  • 293
  • 4
  • 13

1 Answers1

0

You can replace the line with
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");

As it is showing in logs that No provider for NONEwithRSA

Updated

You can try the below code for generating key pair in Androidkeystore and android version should be greater than 18

KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
           // generator.initialize(spec);
            generator.initialize(new KeyGenParameterSpec.Builder(
                    alias ,
                    KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY)
                    .setDigests(KeyProperties.DIGEST_SHA256,
                            KeyProperties.DIGEST_SHA512)
                    .setCertificateSubject(new X500Principal("CN=aliasName" ))
                    .setCertificateNotBefore(start.getTime())
                    .setCertificateNotAfter(end.getTime())
                    .setCertificateSerialNumber(BigInteger.ONE)
                    .setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1)
                    .build());
            KeyPair keyPair = generator.generateKeyPair();
Dante
  • 221
  • 1
  • 3
  • 14
  • I'm sorry to confuse you with all the constants. I edited all the constants to actual value used. The odd part is that my device is still not getting `Android` native `Provider`. – Jeff Jun 01 '18 at 02:28
  • I even replaced `"AndroidKeyStore"` with `keystore.getProvider()` and it's still not working. What I got wasn't `NoSuchProviderException` so I guess my device actually has `AndroidKeyStore` as one of the providers but NONEwithRSA is not supported, which is different from what stated here: https://developer.android.com/training/articles/keystore#SupportedSignatures – Jeff Jun 01 '18 at 02:35
  • I would appreciate if you could add explanation for the `KeyGenParameterSpec` part and how it would solve the issue. – Jeff Jun 01 '18 at 06:20
  • You have to provide the digest in KeyGenParameterSpec. It can be sha256 or sha512. As you have not specified any digest it is taking null. – Dante Jun 01 '18 at 09:25
  • What you wanted to do with Keypair? – Dante Jun 01 '18 at 09:26