Android安全存储:Keystore系统详解
需积分: 16 32 浏览量
更新于2024-09-08
1
收藏 75KB PDF 举报
"Android Keystore 系统是Google官方文档中介绍的一个安全机制,它允许开发者在设备上存储加密密钥,以增加密钥被非法提取的难度。Android Keystore系统的核心在于,一旦密钥存入keystore,它们就无法导出,只能用于设备内的加密操作。此外,该系统还提供了各种安全特性,比如要求用户认证后才能使用密钥,或者限制密钥只能在特定的加密模式下使用。这些安全特性在Security Features部分有详细介绍。
Android Keystore系统由KeyChain API以及自Android 4.3(API级别18)引入的Android Keystore提供者功能共同使用。文档详细阐述了何时以及如何使用Android Keystore提供者。
安全特性
Android Keystore系统有多种措施来保护密钥材料免受未经授权的使用。首先,它通过防止应用程序进程和整个Android设备上的密钥材料导出来避免密钥材料在设备外部的未授权使用。其次,Android Keystore通过让应用指定授权用户或应用,确保只有经过授权的实体可以在设备上使用密钥材料,从而防止设备内部的未授权使用。此外,还可以设置使用密钥时需要用户进行生物识别(如指纹或面部识别)或PIN、图案、密码等keyguard验证,增强了密钥使用的安全性。
Android Keystore系统对于移动应用开发而言尤其重要,因为它允许开发者实现安全的本地存储敏感信息,如用户的私钥,用于数字签名、数据加密等。例如,应用可以使用Android Keystore来存储用于SSL/TLS连接的客户端证书,确保网络通信的安全。同时,它还能帮助应用遵守数据隐私法规,如GDPR,因为密钥的使用受到严格控制,无法轻易被其他应用或恶意软件访问。
使用Android Keystore时,开发者需要注意的是,系统会根据设备的安全硬件(如TrustZone或Hardware Secure Module)来进一步增强密钥的保护。不过,不同的Android设备可能具有不同的安全硬件支持,因此开发者在设计和测试应用时需要考虑到这一点。
为了确保最佳的安全性,开发者还需要了解并正确使用KeyChain API和Android Keystore提供者的接口,如KeyGenerator、KeyPairGenerator等,以创建和管理密钥。同时,必须谨慎设置权限和使用策略,避免因为配置不当而导致的安全漏洞。
Android Keystore系统是Android平台上一个强大的安全工具,它通过严格的密钥管理和使用限制,提供了强大的加密和身份验证功能,保护了用户的隐私和应用的数据安全。对于任何处理敏感信息的Android应用来说,理解和充分利用这个系统都是至关重要的。"
Android Keystore System
The Android Keystore system lets you store cryptographic keys in a container to make it more difficult to extract from the device. Once
keys are in the keystore, they can be used for cryptographic operations with the key material remaining non-exportable. Moreover, it
offers facilities to restrict when and how keys can be used, such as requiring user authentication for key use or restricting keys to be
used only in certain cryptographic modes. See Security Features section for more information.
The Keystore system is used by the KeyChain API as well as the Android Keystore provider feature that was introduced in Android 4.3
(API level 18). This document goes over when and how to use the Android Keystore provider.
Security Features
Android Keystore system protects key material from unauthorized use. Firstly, Android Keystore mitigates unauthorized use of key
material outside of the Android device by preventing extraction of the key material from application processes and from the Android
device as a whole. Secondly, Android KeyStore mitigates unauthorized use of key material on the Android device by making apps
specify authorized uses of their keys and then enforcing these restrictions outside of the apps' processes.
Extraction Prevention
Key material of Android Keystore keys is protected from extraction using two security measures:
Key material never enters the application process. When an application performs cryptographic operations using an Android
Keystore key, behind the scenes plaintext, ciphertext, and messages to be signed or verified are fed to a system process which
carries out the cryptographic operations. If the app's process is compromised, the attacker may be able to use the app's keys but
will not be able to extract their key material (for example, to be used outside of the Android device).
Key material may be bound to the secure hardware (e.g., Trusted Execution Environment (TEE), Secure Element (SE)) of the
Android device. When this feature is enabled for a key, its key material is never exposed outside of secure hardware. If the
Android OS is compromised or an attacker can read the device's internal storage, the attacker may be able to use any app's
Android Keystore keys on the Android device, but not extract them from the device. This feature is enabled only if the device's
secure hardware supports the particular combination of key algorithm, block modes, padding schemes, and digests with which
the key is authorized to be used. To check whether the feature is enabled for a key, obtain a KeyInfo for the key and inspect the
return value of KeyInfo.isInsideSecurityHardware().
Key Use Authorizations
To mitigate unauthorized use of keys on the Android device, Android Keystore lets apps specify authorized uses of their keys when
generating or importing the keys. Once a key is generated or imported, its authorizations can not be changed. Authorizations are then
enforced by the Android Keystore whenever the key is used. This is an advanced security feature which is generally useful only if your
requirements are that a compromise of your application process after key generation/import (but not before or during) cannot lead to
unauthorized uses of the key.
Supported key use authorizations fall into the following categories:
cryptography: authorized key algorithm, operations or purposes (encrypt, decrypt, sign, verify), padding schemes, block modes,
digests with which the key can be used;
temporal validity interval: interval of time during which the key is authorized for use;
user authentication: the key can only be used if the user has been authenticated recently enough. SeeRequiring User
Authentication For Key Use.
As an additional security measure, for keys whose key material is inside secure hardware (seeKeyInfo.isInsideSecurityHardware())
some key use authorizations may be enforced by secure hardware, depending on the Android device. Cryptographic and user
authentication authorizations are likely to be enforced by secure hardware. Temporal validity interval authorizations are unlikely to be
enforced by the secure hardware because it normally does not have an independent secure real-time clock.
Whether a key's user authentication authorization is enforced by the secure hardware can be queried
usingKeyInfo.isUserAuthenticationRequirementEnforcedBySecureHardware().
Choosing Between a Keychain or the Android Keystore Provider
Use the KeyChain API when you want system-wide credentials. When an app requests the use of any credential through the KeyChain
API, users get to choose, through a system-provided UI, which of the installed credentials an app can access. This allows several apps
to use the same set of credentials with user consent.
Use the Android Keystore provider to let an individual app store its own credentials that only the app itself can access. This provides a
way for apps to manage credentials that are usable only by itself while providing the same security benefits that the KeyChain API
provides for system-wide credentials. This method requires no user interaction to select the credentials.
Using Android Keystore Provider
下载后可阅读完整内容,剩余4页未读,立即下载
2019-10-10 上传
2018-01-08 上传
2017-04-30 上传
2021-05-09 上传
2021-03-11 上传
2023-05-25 上传
2023-07-25 上传
2016-07-20 上传
连过五人儿
- 粉丝: 2
- 资源: 3
我的内容管理
展开
最新资源
- 基于Python和Opencv的车牌识别系统实现
- 我的代码小部件库:统计、MySQL操作与树结构功能
- React初学者入门指南:快速构建并部署你的第一个应用
- Oddish:夜潜CSGO皮肤,智能爬虫技术解析
- 利用REST HaProxy实现haproxy.cfg配置的HTTP接口化
- LeetCode用例构造实践:CMake和GoogleTest的应用
- 快速搭建vulhub靶场:简化docker-compose与vulhub-master下载
- 天秤座术语表:glossariolibras项目安装与使用指南
- 从Vercel到Firebase的全栈Amazon克隆项目指南
- ANU PK大楼Studio 1的3D声效和Ambisonic技术体验
- C#实现的鼠标事件功能演示
- 掌握DP-10:LeetCode超级掉蛋与爆破气球
- C与SDL开发的游戏如何编译至WebAssembly平台
- CastorDOC开源应用程序:文档管理功能与Alfresco集成
- LeetCode用例构造与计算机科学基础:数据结构与设计模式
- 通过travis-nightly-builder实现自动化API与Rake任务构建
