I gave ECDH KeyAgreement for generating AES Secret Key based on EC public and private keys:
keyAgreement.init(privateKey)
keyAgreement.doPhase(publicKey, true)
val secretKey = keyAgreement.generateSecret(KeyProperties.KEY_ALGORITHM_AES)
And I want to save my AES Secret Key to AndroidKeyStore:
val secretKey = keyAgreement.generateSecret(KeyProperties.KEY_ALGORITHM_AES)
val keyStoreEntry = KeyStore.SecretKeyEntry(secretKey)
val keyProtection =
KeyProtection.Builder(KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT)
.setDigests(KeyProperties.DIGEST_MD5)
.setBlockModes(KeyProperties.BLOCK_MODE_ECB)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
.setRandomizedEncryptionRequired(false)
.build()
getKeyStore().setEntry(AES_KEY_NAME, keyStoreEntry, keyProtection)
But when I try to export my Secret Key (for encryption purpose) and get encoded:
val secretKeyEntry = getKeyStore().getEntry(AES_KEY_NAME, null) as KeyStore.SecretKeyEntry
val secretKey = secretKeyEntry.secretKey.encoded
I get an error: java.lang.NullPointerException: secretKey.encoded must not be null I am interested in two questions:
- Is there any point in saving as I do?
- Perhaps there is a variant of Cipher initialization without obtaining the encoded AES key?