- edited description
Android M Support
Hey You library is really great :) The only problem is with the RSASigner, is expect to receive an RSAPrivateKey, but on android M the keys are from the class AndroidKeyStorePrivateKey, which not inherit from RSAPrivateKey. I check this on 2 different phones:
-
KitKat (4.4.2): OpenSSLRSAPrivateKey
-
Marshmelo (6): AndroidKeyStorePrivateKey
As a temporary solution I copied the RSAJWSSigner and implement it using standard java private key class, but I would like to hear from you about that.
Thanks,
Omer
Comments (11)
-
reporter -
reporter - edited description
-
Hi Omer,
You could use the
PrivateKey.getEncoded()
method to get the raw key material, and then recreate the key as anRSAPrivateKey
using theKeyFactory
:Hope this helps!
-
reporter I've just tried that, in android M the
PrivateKey.getEncoded()
returns null, look like they tried to block export of private key that stored in key store. See this for example: Android key store
-
The RP that you submitted - does it work / pass the tests on Android M?
Preventing key material extraction is good, however, in that case they also need to provide a default RSA signer that can handle their key store.
-
reporter I've tested the code manually on my android app, and it is working. Also - all I've changed is the constructor, all the other code worked as expected. And as far as I know you have no way to run the tests on android M.
-
Thanks for the feedback! We'll check for any other issues with the API and if all is well and nothing else gets upset, we'll make the change.
-
reporter Ok thanks!
-
Hi Omer,
Could you please confirm that the native
PrivateKey.getAlgorithm()
on Android M returns "RSA"?We would like to compensate for the missing key type check at construction time, and check the key alg instead.
Cheers,
-
reporter Hi Vladimir, Yes, the algorithm is "RSA" also on android M. Thanks, Omer
-
- changed status to resolved
At long last, we just got 4.13 out with the PrivateKey interface for the RSASSASigner.
It should appear on Maven Central in the next couple of hours.
http://search.maven.org/#artifactdetails|com.nimbusds|nimbus-jose-jwt|4.13|jar
I tried to modify the ECDSA signer in a similar way to work with key stores that don't expose the key material via the Java API, but this is harder to do there and I gave up.
- Log in to comment