AndroidKeystore on 4.1 API

About

Asked 5/1, 2015 at 18:58 Answered 12/1, 2015 at 16:56

Solved android security android-keystore android-developer-api

I am using AndroidKeystore as the provider in my current project to store private keys securely. Now I want to make my app available for older Android releases down to 4.1 (API version 16). Therefore I need to find an alternative for the AndroidKeystore but can hardly find any usable solution. Is there any recommendation how to implement/emulate/replace the AndroidKeystore functionality on these older versions?

Additionally the KeyPairGeneratorSpec is available since v18. What would be the correct replacement on older versions?

Magnusson answered 5/1, 2015 at 18:58 Comment(3)

can you use BouncyCastle keystore instead ? – Robot 5/1, 2015 at 19:2

The AndroidKeystore is a provider for (preferrable) hardware security devices. The question is what to use instead. A plain KeyStore would be one solution. – Magnusson 5/1, 2015 at 21:58

I'm also incredibly flabbergasted that the support library doesn't provide backwards compatibility to Android 4.1. Seriously! I am at a loss for words. Maybe in a couple of years I'll get over it... – Bargello 6/3, 2015 at 18:54

I finally found a working solution. For Android 4.x there is the Credential Storage service which can hold various secrets. The best description I found so far is here

http://nelenkov.blogspot.de/2012/05/storing-application-secrets-in-androids.html

Magnusson answered 12/1, 2015 at 16:56 Comment(2)

Did it worked with no issues? I read in this blog post that it is tested but not guaranteed to work. – Manly 22/6, 2017 at 17:57

I had no problems with it. Unfortunately there is no other "standard way" I found. So what can you do? Use and hope :-) – Magnusson 24/6, 2017 at 9:51

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags