TechQA.

"AndroidKeyStore" with custom passcode or different provider with secure hardware protection

326 views Asked by At

I'm implementing SCA (Strong Customer Authentication) on Android. There are 3 factors on SCA which are following:

  1. Something you know (customer's 6 digit passCode)
  2. Something you have (device secure hardware)
  3. Something you are (biometrics)

So for this, I need to generate public&private keys which is protected by customer's 6 digit passcode. "AndroidKeyStore" can protect public private keys with device-owner's lock-screen credentials but I need to protect it with my user's passCode on my app.

val keyStore = KeyStore.getInstance("AndroidKeyStore")
keyStore.load(null, passCode.toCharArray())

But, "AndroidKeyStore" does not support password. ( Is there any workaround to implement it with AndroidKeyStore? ) Following exception is thrown:

    Caused by: java.lang.IllegalArgumentException: password not supported
        at android.security.keystore.AndroidKeyStoreSpi.engineLoad(AndroidKeyStoreSpi.java:1031)
        at java.security.KeyStore.load(KeyStore.java:1484)

If there is no way to use "AndroidKeyStore" direction, I need to change my path to the custom keystore.

val keyStore = KeyStore.getInstance(KeyStore.getDefaultType())
keyStore.load(null)

val keyPairGenerator: KeyPairGenerator = KeyPairGenerator.getInstance(
    KeyProperties.KEY_ALGORITHM_EC,
)
val parameterSpec = ECGenParameterSpec("secp256r1")
keyPairGenerator.initialize(parameterSpec)
val keyPair = keyPairGenerator.generateKeyPair()

val passwordProtection = KeyStore.PasswordProtection(passCode.toCharArray())

keyStore.setEntry(
    ALIAS_PUBLIC_KEY, 
    KeyStore.SecretKeyEntry(SecretKeySpec(
        keyPair.public.encoded, 
        ALGORITHM_ELLIPTIC_CURVE
    )), 
    passwordProtection
)
keyStore.setEntry(
    ALIAS_PRIVATE_KEY,
    KeyStore.SecretKeyEntry(SecretKeySpec(
        keyPair.private.encoded, 
        ALGORITHM_ELLIPTIC_CURVE
    )),
    passwordProtection
)
keyStore.store(getOutputStream(), passCode.toCharArray())

So, I generated custom keystore with customer's passcode on PasswordProtection and I stored it in my app's data directory. After that, I generated public&private keys and put them on custom keystore. But I can not put this private key on secure hardware on Android.

The question is, how to implement proper SCA on Android with user's passCode with/without using "AndroidKeyStore" ?

android kotlin android-keystore android-security strong-customer-authentication
Original Q&A
0

There are 0 answers

Related Questions in ANDROID

Related Questions in KOTLIN

Related Questions in ANDROID-KEYSTORE

Related Questions in ANDROID-SECURITY

Related Questions in STRONG-CUSTOMER-AUTHENTICATION

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions