How to encrypt and decrypt data in Android using the elliptic curve key pair of type secp256r1?

Asked 18/7, 2019 at 5:22 Answered 12/9, 2024 at 20:44

android encryption kotlin elliptic-curve

I need to use NIST P-256 elliptic curves to encrypt and decrypt data. Now that I have generated the key pair, but how do I use them to encrypt and decrypt?

The official website only says how to use this ec key pair to sign/verify, but I want to know how to use this ec key pair to encrypt/decrypt.

website: https://developer.android.com/reference/android/security/keystore/KeyGenParameterSpec#example:-nist-p-256-ec-key-pair-for-signingverification-using-ecdsa

generate NIST P-256 key pair code:

        val kpg: KeyPairGenerator = KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_EC, "AndroidKeyStore")
        val parameterSpec =
            KeyGenParameterSpec.Builder("container", KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT)
                .setAlgorithmParameterSpec(ECGenParameterSpec("secp256r1"))
                .setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA384, KeyProperties.DIGEST_SHA512)
                .build()
        kpg.initialize(parameterSpec)
        val keyPair = kpg.generateKeyPair()

        val ecPublicKey = keyPair.public as ECPublicKey
        val ecPrivateKey = keyPair.private as ECPrivateKey

Kush answered 18/7, 2019 at 5:22 Comment(4)

Follow the recommendation. Use ECC key exchange, see ECHKE then encrypt with a block cipher like AES. – Bunde 18/7, 2019 at 6:52

@kelalaka,Excuse me, do you have a recommended document link or code example? Sorry, I am new in android, so I have to ask for more information. – Kush 18/7, 2019 at 8:0

This is nothing to do with android. It is the general practice in Cryptography. See an implementation here – Bunde 18/7, 2019 at 8:31

Could you accept and close this question if satisfies you? – Bunde 21/8, 2019 at 20:41

AndroidKeyStore does not currently support encryption or decryption with EC keys, only with RSA keys.

To use EC keys for encryption, you need to either use ECDH plus a key derivation function (KDF) to compute a shared symmetric key which you can use for your data, or to use ECIES which does that internally. But AndroidKeyStore doesn't support either mode of operation as of Android 10. Maybe in Android 11.

For now, you can either use RSA with an appropriate padding mode (OAEP recommended) to encrypt your symmetric key, or you can use the native Java cryto provider. This, unfortunately, will not use secure hardware to generate, store or use the key, and will instead do all of these things in your app's process space. There's an example here.

(For what it's worth, I'm the Google engineer who owns AndroidKeyStore. I've been planning to add ECDH support for a few years now, but it's always been pre-empted by other features that were considered higher priority. I will get to it, though.)

Apoplectic answered 24/8, 2019 at 0:36 Comment(11)

I need your help with this question – Bola 19/5, 2020 at 21:42

Thanks @Apoplectic for this, I am also looking for similar stuff to be used. I need to use ECIES, I searched it a lot but not able to locate any helpful pages for it. Any references for it, to get myself how to implement it would be of great help. Cheers! – Frenetic 15/7, 2020 at 10:59

@Apoplectic EC seems to be supported now? developer.android.com/training/articles/keystore – Tercentenary 21/8, 2020 at 8:35

@Ixx nope, still not supported. Is there something in that article that implies it is? If so, please point it out so I can fix the article. ECDH support is planned for Android 12, and I think it will land this time. No guarantees, though :-) – Apoplectic 18/11, 2020 at 13:12

@Apoplectic It says EC is supported on 23+ here developer.android.com/training/articles/… also there is this example developer.android.com/reference/android/security/keystore/… If it is not supported could you elaborate which algorithm to use and provide resources where people can learn more about this process. So far it seems there are lots of dependencies one must understand to generate a key. – Dropping 16/4, 2021 at 9:34

@Dropping I think you can use EC for signatures (developer.android.com/training/articles/…) but not encryption. – Wandy 18/4, 2021 at 19:8

Is ECDH supported yet in 2022? – Earthiness 31/1, 2022 at 1:6

2023 and the answer is No, its still not supported... Hard to believe. – Amicable 20/3, 2023 at 8:26

@Amicable ECDH is supported since Android 12. – Apoplectic 14/3, 2024 at 17:28

@divegeek, a related question, as of today I see most devices cannot hardware-backed store agreement purpose keys. Is that something that will get better over time or am I doing something wrong? – Edla 17/5, 2024 at 7:18

thats the natural result of google being a technical monopoly. see they are not being evil but they can prevent every one else from doing good. amazing leeway and leverage they have been afforded. we are not permitted to use open source security algorithms becuase they dont feel like it – Minus 12/9, 2024 at 20:41

Public key encryption is not recommended to use for encryption. The general practice is hybrid-encryption where a block cipher key is exchanged then symmetric encryption is performed.

After the key exchange the most common issues Authentication and Integrity. The modern practice is using an authenticated encryption mode as AES-GCM. GCM mode gives you authentication and integrity. You can see an implementation here

Bunde answered 18/7, 2019 at 9:49 Comment(1)

Thanks, it really solved my problem. I originally wanted to use the public key to encrypt the aes key to exchange the symmetric key, because I cannot find the ecdh algorithm!! – Kush 18/7, 2019 at 10:1

Google approach towards user security is pathetic - dont even allow developers to access state of the art algorithm easily - we are forced to hack and make things insecure. hopefully someone punishes them for it.

The alternative is to build and package the C++ implementation of ECC and do everything away from the prying eyes of G

A good list is available here https://en.wikipedia.org/wiki/Comparison_of_cryptography_libraries

Notice the on the border of evil documentation - "The Bouncy Castle implementations of many algorithms are deprecated." from android dev page.

Those are the FIPS certified - those they depracate - and others insecure ones they permit.

Hope during monopoly investigations someone explains to lawyers how unfortunate such a casual approach towards user security and well being is

Minus answered 12/9, 2024 at 20:44 Comment(0)

Recommended topics

Hot tags