1

I gave ECDH KeyAgreement for generating AES Secret Key based on EC public and private keys:

keyAgreement.init(privateKey)
keyAgreement.doPhase(publicKey, true)

val secretKey = keyAgreement.generateSecret(KeyProperties.KEY_ALGORITHM_AES)

And I want to save my AES Secret Key to AndroidKeyStore:

val secretKey = keyAgreement.generateSecret(KeyProperties.KEY_ALGORITHM_AES)
val keyStoreEntry = KeyStore.SecretKeyEntry(secretKey)
val keyProtection =
    KeyProtection.Builder(KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT)
        .setDigests(KeyProperties.DIGEST_MD5)
        .setBlockModes(KeyProperties.BLOCK_MODE_ECB)
        .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
        .setRandomizedEncryptionRequired(false)
        .build()

getKeyStore().setEntry(AES_KEY_NAME, keyStoreEntry, keyProtection)

But when I try to export my Secret Key (for encryption purpose) and get encoded:

val secretKeyEntry = getKeyStore().getEntry(AES_KEY_NAME, null) as KeyStore.SecretKeyEntry
val secretKey = secretKeyEntry.secretKey.encoded

I get an error: java.lang.NullPointerException: secretKey.encoded must not be null I am interested in two questions:

  1. Is there any point in saving as I do?
  2. Perhaps there is a variant of Cipher initialization without obtaining the encoded AES key?
Andrew
  • 33
  • 3

0 Answers0