Caused by java.security.InvalidKeyException: Only SecretKey is supported

[codingjeremy]

Issue by Lucashuang0802 Wednesday Jan 23, 2019 at 09:11 GMT Originally opened as https://github.com/googlesamples/android-FingerprintDialog/issues/55

---

Got an exception like this by using the standard approach to authenticate via fingerprint:

   private void generateKey() throws Exception {
        try {
            keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore");
            keyStore.load(null);
            keyGenerator.init(new KeyGenParameterSpec.Builder(KEY_NAME, KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
                    .setBlockModes(KeyProperties.BLOCK_MODE_CBC)
                    .setUserAuthenticationRequired(true)
                    .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_PKCS7)
                    .build());
            keyGenerator.generateKey();
        } catch (KeyStoreException
                | NoSuchAlgorithmException
                | NoSuchProviderException
                | InvalidAlgorithmParameterException
                | CertificateException
                | IOException exc) {
            exc.printStackTrace();
            throw new Exception(exc);
        }
    }

    private boolean initCipher() {
        try {
            cipher = Cipher.getInstance(KeyProperties.KEY_ALGORITHM_AES + "/" + KeyProperties.BLOCK_MODE_CBC + "/" + KeyProperties.ENCRYPTION_PADDING_PKCS7);
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new RuntimeException("Failed to get Cipher", e);
        }

        try {
            keyStore.load(null);
            SecretKey key = (SecretKey) keyStore.getKey(KEY_NAME, null);
            cipher.init(Cipher.ENCRYPT_MODE, key);
            return true;
        } catch (KeyPermanentlyInvalidatedException e) {
            return false;
        } catch (KeyStoreException | CertificateException
                | UnrecoverableKeyException | IOException
                | NoSuchAlgorithmException | InvalidKeyException e) {
            throw new RuntimeException("Failed to init Cipher", e);
        }
    }

Caused by java.security.InvalidKeyException: Only SecretKey is supported
       at com.android.org.conscrypt.OpenSSLCipher.checkAndSetEncodedKey(OpenSSLCipher.java:436)
       at com.android.org.conscrypt.OpenSSLCipher.engineInit(OpenSSLCipher.java:261)
       at javax.crypto.Cipher.tryTransformWithProvider(Cipher.java:2668)
       at javax.crypto.Cipher.tryCombinations(Cipher.java:2575)
       at javax.crypto.Cipher$SpiAndProviderUpdater.updateAndGetSpiAndProvider(Cipher.java:2480)
       at javax.crypto.Cipher.chooseProvider(Cipher.java:567)
       at javax.crypto.Cipher.init(Cipher.java:831)
       at javax.crypto.Cipher.init(Cipher.java:772)

Mostly users got crashes by 8 and 9 starts getting crashes:

[codingjeremy]

Comment by batschz Wednesday Jan 30, 2019 at 09:12 GMT

---

any findings?

[codingjeremy]

Comment by jkheeva Thursday Jan 31, 2019 at 21:51 GMT

---

+1 any help anyone?

[codingjeremy]

Comment by batschz Monday Feb 11, 2019 at 10:16 GMT

---

This was happening for me if the device is not secured via code/fingerprint - needs to be activated in the settings.

[codingjeremy]

Comment by vrajeshpatel Tuesday Jun 11, 2019 at 12:31 GMT

---

You have set UserAuthenticationRequired as true. If you want to keep this, Device lock needs to be set via pin code or fingerprint as per @batschz or you can setUserAuthenticationRequired(false).

[nic0lette]

Hi. Sorry, but the issues here are intended for problems or feature requests for the Security samples themselves, rather than for general support issues. I'd recommend checking out Stack Overflow and asking your question there.