According to this sample, I am trying to get SecretKey from AndroidKeyStore:
KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
keyStore.load(null);
SecretKey secretKey = (SecretKey) keyStore.getKey(KEY_NAME, null);
But I get this exception:
android.security.keystore.AndroidKeyStoreRSAPrivateKey cannot be cast to javax.crypto.SecretKey
This is how I have created the key:
KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(context)
.setAlias(KEY_NAME)
.setSubject(new X500Principal("CN=" + KEY_NAME))
.setSerialNumber(BigInteger.valueOf(1337))
.setStartDate(START_TIME)
.setEndDate(END_TIME)
.build();
KeyPairGenerator kpGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
kpGenerator.initialize(spec);
kpGenerator.generateKeyPair();
So is there any way to generate SecretKey from AndroidKeyStore?
Since Android 6.0 you can generate AES keys using AndroidKeystore:
KeyGenerator kg = KeyGenerator.getInstance("AES", "AndroidKeyStore");
kg.init(keySpec);
SecretKey key = kg.generateKey();
For more details see blog post Keystore redesign in Android M (by Nikolay Elenkov).