How does Android protect the keystore in 4.4 and beyond? How does it encrypt/decrypt it? Are there any good tutorials that describe the internals of how the keystore works on the device?
How is the Android keystore protected?
Asked Answered
The encryption/decryption of the keystore is handled by the keystore service, which in turn links with a Hardware Abstraction Layer module called "keymaster". The AOSP provides a sofware ("softkeymaster") implementation, but device vendors can offer support for hardware based protected storage, if available. On ARM architectures, this linked to the ARM "TrustZone".
The upper level layers remain entirely agnostic of the implementation: The keymaster HAL exports methods to generate or remove keypairs, sign data, etc, but does not actually provide exposure to any private keys.
Tutorial wise, there's nothing. But book-wise, there are two great books. The first is Nikolay Elenkov's "Android Security Internals". He also writes a blog, called Android Explorations, which describes (in several posts) the keystore in depth. The second is "Android Internals" by Jonathan Levin, which discusses the keystore daemon.
I believe The ARM TrustZone is about separating the processor/memories for Trusted world from the normal world. e.g run Trusted applications in Trusted Execution Environments. The "protected storage" will be another story, I think. –
Fiance
No, the keys to the keystore re actually linked to the user's passcode or pin, and TrustZone is used to verify them during the device lifetime. Also, in the case of protected storage (read: dm-crypt), the hardware key may reside on chip and be accessible only in trustzone mode (SMC or EL3, 64bit), and therefore it's just a different plot within the very same story. –
Feathering
© 2022 - 2024 — McMap. All rights reserved.