0

I'm trying to load PKCS12 keystore with a single SecretKeyEntry on Android device:

Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: client_key_11
Creation date: Sep 28, 2023
Entry type: SecretKeyEntry

Here is detailed information that I'm able to get using openssl -info:

MAC: sha1, Iteration 100000
MAC length: 20, salt length: 20
PKCS7 Data
Secret bag
Bag Attributes
    friendlyName: client_key_11
    localKeyID: *local_id*
Bag Type: pkcs8ShroudedKeyBag

Finally, here is the code that I use to load keystore:

try {
    var keyStorePath = "/path/to/keystore"
    val keyStore = loadKeyStoreFromFile(keystorePath, "password")
    println(keyStore.aliases())
    val retrievedEntry = keyStore.getEntry(
        "client_key_11",
        KeyStore.PasswordProtection("password".toCharArray())
    )
    val entryData = convertEntryToData(retrievedEntry)
} catch (e: Exception) {
    result.error("KEYSTORE_ERROR", e.message, null)
}

private fun loadKeyStoreFromFile(pathToKeyStore: String, keyStorePassword: String): KeyStore {
        val keyStore = KeyStore.getInstance("PKCS12")
        val inputStream = File(pathToKeyStore).inputStream()
        keyStore.load(inputStream, keyStorePassword.toCharArray())
        return keyStore
}

However, my keyStore seems to be empty after I load it, even though I can clearly see the original data stored in .p12 file:

extra in data 1.2.840.113549.1.12.10.1.5
I/System.out( 6668): Sequence
I/System.out( 6668):     ObjectIdentifier(1.2.840.113549.1.12.10.1.5)
I/System.out( 6668):     Tagged [0]
I/System.out( 6668):         DER Sequence
I/System.out( 6668):             ObjectIdentifier(1.2.840.113549.1.12.10.1.2)
I/System.out( 6668):             Tagged [0]
I/System.out( 6668):                 DER Octet String[6512]
I/System.out( 6668):     Set
I/System.out( 6668):         Sequence
I/System.out( 6668):             ObjectIdentifier(1.2.840.113549.1.9.20)
I/System.out( 6668):             Set
I/System.out( 6668):                 BMPString(client_key_11)
I/System.out( 6668):         Sequence
I/System.out( 6668):             ObjectIdentifier(1.2.840.113549.1.9.21)
I/System.out( 6668):             Set
I/System.out( 6668):                 DER Octet String[18]
I/System.out( 6668): java.util.Collections$EmptyEnumeration@a1f871a

Am I doing something wrong? Is there something I misunderstoodd about the keystore? I have checked the other topics on this type of issue but haven't found any information about it.

I would appreaciate any help or information. Any suggestion is highly appreciated, thanks in advance! ^_^

Improve this question
2
  • 1
    PKCS#12 files can be encrypted using different algorithms. The latest version uses AES but in the Java world the PKCS#12 implementation was only able to read the older 3DES version for a long time. Not sure what version of Android supports which algorithms. Therefore my recommendation would be to make sure the .p12 files uses the old 3DES Algo which should be supported by all Android versions. Commented Sep 29, 2023 at 18:50
  • @Robert thanks a lot for your answer! I've tried your suggestion and looks like 3DES entries cannot be imported to PKCS12 keystore: I just get "unrecognized algorithm name" for any version of 3DES algo name. There is also a SO question, where OP had the same problem: stackoverflow.com/questions/50761047/… Anyways, thanks a lot for your time! Commented Sep 30, 2023 at 10:48
Related questions
3119
Is there a unique Android device ID?
887
How can I access my localhost from my Android device?
615
How to make an Android device vibrate? with different frequency?
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.