search

googlearchive / android-FingerprintDialog

Migrated:
https://github.com/android/security
Apache License 2.0
1.38k stars 477 forks source link

Caused by java.security.InvalidKeyException: Only SecretKey is supported #55

Closed Lucashuang0802 closed 5 years ago

Lucashuang0802 commented 5 years ago

Got an exception like this by using the standard approach to authenticate via fingerprint:

   private void generateKey() throws Exception {
        try {
            keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore");
            keyStore.load(null);
            keyGenerator.init(new KeyGenParameterSpec.Builder(KEY_NAME, KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
                    .setBlockModes(KeyProperties.BLOCK_MODE_CBC)
                    .setUserAuthenticationRequired(true)
                    .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_PKCS7)
                    .build());
            keyGenerator.generateKey();
        } catch (KeyStoreException
                | NoSuchAlgorithmException
                | NoSuchProviderException
                | InvalidAlgorithmParameterException
                | CertificateException
                | IOException exc) {
            exc.printStackTrace();
            throw new Exception(exc);
        }
    }
    private boolean initCipher() {
        try {
            cipher = Cipher.getInstance(KeyProperties.KEY_ALGORITHM_AES + "/" + KeyProperties.BLOCK_MODE_CBC + "/" + KeyProperties.ENCRYPTION_PADDING_PKCS7);
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new RuntimeException("Failed to get Cipher", e);
        }

        try {
            keyStore.load(null);
            SecretKey key = (SecretKey) keyStore.getKey(KEY_NAME, null);
            cipher.init(Cipher.ENCRYPT_MODE, key);
            return true;
        } catch (KeyPermanentlyInvalidatedException e) {
            return false;
        } catch (KeyStoreException | CertificateException
                | UnrecoverableKeyException | IOException
                | NoSuchAlgorithmException | InvalidKeyException e) {
            throw new RuntimeException("Failed to init Cipher", e);
        }
    }
Caused by java.security.InvalidKeyException: Only SecretKey is supported
       at com.android.org.conscrypt.OpenSSLCipher.checkAndSetEncodedKey(OpenSSLCipher.java:436)
       at com.android.org.conscrypt.OpenSSLCipher.engineInit(OpenSSLCipher.java:261)
       at javax.crypto.Cipher.tryTransformWithProvider(Cipher.java:2668)
       at javax.crypto.Cipher.tryCombinations(Cipher.java:2575)
       at javax.crypto.Cipher$SpiAndProviderUpdater.updateAndGetSpiAndProvider(Cipher.java:2480)
       at javax.crypto.Cipher.chooseProvider(Cipher.java:567)
       at javax.crypto.Cipher.init(Cipher.java:831)
       at javax.crypto.Cipher.init(Cipher.java:772)

Mostly users got crashes by 8 and 9 starts getting crashes:

screen shot 2019-01-23 at 1 10 10 am
batschz commented 5 years ago

any findings?

jkheeva commented 5 years ago

+1 any help anyone?

batschz commented 5 years ago

This was happening for me if the device is not secured via code/fingerprint - needs to be activated in the settings.

vrajeshpatel commented 5 years ago

You have set UserAuthenticationRequired as true. If you want to keep this, Device lock needs to be set via pin code or fingerprint as per @batschz or you can setUserAuthenticationRequired(false).

codingjeremy commented 5 years ago

I am closing this issue/PR, as it has been migrated to the new repo linked above in the comments. Thank you!