Re: [android-developers] Cipher.wrap() not working in Android 4.2?

Thanks very much. I had pretty much reached the same conclusion -- that I should just try switching to encryption/decryption rather than wrap/unwrap, and this works. I have included a complete example, below, which works on Android 4.2, 4.1, and presumably earlier versions.

Actually I developed this example on the desktop, using BouncyCastle 1.47 as the crypto provider. It turns outs the exception I got trying to wrap a key under Android 4.2, but not previous versions, could be reproduced on the desktop with BC 1.47, but not previous versions. Android 4.1 used BC 1.46, while Android 4.2 uses BC 1.47, which is why I only ran into the problem with 4.2. It is unclear why the wrapping function broke under BC 1.47. There is some porting advice on the BouncyCastle website which describes changes to the provider with the 1.47 version, but it doesn't say anything about wrapping. Evidently there was some undocumented change.

Here is the code which works, replacing wrap/unwrap with encrypt/decrypt. Unless you see anything wrong with this I think I'll just proceed on that basis:

 public void testWrapUnwrap2() {

try {

KeyGenerator kg = KeyGenerator.getInstance("AES");

kg.init(new SecureRandom());

SecretKey key = kg.generateKey();

ByteArrayOutputStream baos = new ByteArrayOutputStream();

ObjectOutputStream oos = new ObjectOutputStream(baos);

oos.writeObject(key);

oos.close();

byte[] keyBytes = baos.toByteArray();

Cipher c = Cipher.getInstance("AES/CBC/PKCS5PADDING");

c.init(Cipher.ENCRYPT_MODE, key);

byte[] iv = c.getIV();

String clearText = "clear text";

byte[] cipherText = c.doFinal(clearText.getBytes());

byte[] salt = {

(byte)0xc7, (byte)0x73, (byte)0x21, (byte)0x8c,

(byte)0x7e, (byte)0xc8, (byte)0xee, (byte)0x99

};                

char[] password = { 'p','a','s','s','w','o','r','d' };

PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt, 20);

PBEKeySpec pbeKeySpec = new PBEKeySpec(password);               

SecretKeyFactory keyFac = SecretKeyFactory.getInstance("PBEWITHSHA256AND128BITAES-CBC-BC");

SecretKey pbeKey = keyFac.generateSecret(pbeKeySpec);

Cipher pbeCipher = Cipher.getInstance("PBEWITHSHA256AND128BITAES-CBC-BC");      

pbeCipher.init(Cipher.ENCRYPT_MODE, pbeKey, pbeParamSpec);   

byte[] encryptedKeyBytes = pbeCipher.doFinal(keyBytes);    

pbeCipher.init(Cipher.DECRYPT_MODE, pbeKey, pbeParamSpec); 

keyBytes = pbeCipher.doFinal(encryptedKeyBytes);

ByteArrayInputStream bais = new ByteArrayInputStream(keyBytes);

ObjectInputStream ois = new ObjectInputStream(bais);

key = (SecretKey)ois.readObject();

                                ois.close():

c.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(iv));

byte[] clearTextBytes = c.doFinal(cipherText);

String clearTextStr = new String(clearTextBytes);

Log.v("tag", clearTextStr);

}

catch (Exception e) { e.printStackTrace(); }

    }

Thanks again.

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en