Usage of Android Keystore

Let's take a look at the Android Developer docs "Android keystore system". We'll need to break this down depending on how you use the KeyStore object. If you're using the Android KeyStore KeyStore.getInstance("AndroidKeyStore"), then:

1) If the device the app is running on has hardware-backed secure storage, then

Key material may be bound to the secure hardware (e.g., Trusted Execution Environment (TEE), Secure Element (SE)) of the Android device. When this feature is enabled for a key, its key material is never exposed outside of secure hardware.

The "Android keystore system" article gives more info on how to use this feature.

2) If the device does not have hardware-backed secure storage, then:

Key material never enters the application process. When an application performs cryptographic operations using an Android Keystore key, behind the scenes plaintext, ciphertext, and messages to be signed or verified are fed to a system process which carries out the cryptographic operations.

Presumably this system process is written in C where they have more control over memory management and can zeroize the key properly when it goes out of scope in your application (which leads me to my rant about garbage collectors...)

3) If for some reason you use KeyStore.getInstance("JKS") as in the examples here - maybe you need access to the private keys for some reason, or you need to load / store the private keys in a .jks file - then No, you can not wipe it: because the Java garbage collector is famous for returning memory to the OS without clearing or zeroizing it. From the Android developer docs, I don't see any evidence that the Dalvik garbage collector works any differently.

Moreover, one of the mechanisms of the Java garbage collector is to make a copy of any heap variable that's currently referenced by your program and then free the old heap. This means that a copy of your private key may be freed back to the operating system even before it goes out of scope.

Bottom line: If the Android KeyStore object is used properly, your private keys will remain securely inside the Trusted Execution Environment (TEE), Secure Element (SE)) or System process.

If for some reason you do bring the private key into your app, then all bets are off because in Java / Dalvik / Android, once something is in your app's memory, it is nearly impossible to clear or zeroize it.


The other answers cover everything pretty well, but one aspect seems to be misunderstood. As the other answers quoted, ...

Key material never enters the application process. When an application performs cryptographic operations using an Android Keystore key, behind the scenes plaintext, ciphertext, and messages to be signed or verified are fed to a system process which carries out the cryptographic operations.

What this means is that an Android application can't retrieve any of the bytes of the key through any supported means. This enforcement is possible because Android (and Java) get access to raw key material through a single method, Key.getEncoded(), in the Key interface. For keys that are managed by the Android keystore, Key.getEncoded() returns null.

Tags:

Android

Key Management

Tpm

Related

I gave my cell number to a stranger on the internet. Have I fallen victim to a scam? Should I be concerned about strange, new iPhone app appearing after repair? Is there a way to prevent hackers from using cookies to bypass two step verification? How can I safely back-up files from an infected computer? Alternatives to anti-virus for keeping oneself safe Why would PayPal send messages from another domain? Wget and Python Requests fail to validate SSL certificates, but browsers don't show any warnings How would disabling IPv6 make a server any more secure? Is there any point in setting the secure cookie flag for HSTS websites? What is the best protocol for an organisation to make phone calls to clients, where the client is required to verify their identity? Why are two CSRF tokens (hidden field and cookie) necessary to mitigate CSRF attacks? What's the point in hashing phone numbers?

Recent Posts