0

我在运行 Android KitKat 的平板设备以及 Lollipop 上的三星 Tab-A 上遇到了这个问题。它在运行 Android M 的 Acer 平板电脑上运行良好。

以下是故障点:

private KeysetHandle getOrGenerateNewKeysetHandle() throws IOException, GeneralSecurityException {
        return new AndroidKeysetManager.Builder()
                .withSharedPref(getApplicationContext(), TINK_KEYSET_NAME, TINK_PREF_FILE_NAME)
                .withKeyTemplate(AeadKeyTemplates.AES256_GCM) // Failure point
                .withMasterKeyUri(ANDROID_KEYSTORE_TINK_MASTER_KEY_URI)
                .build()
                .getKeysetHandle();
    }

然后在初始化 Tink 时初始化我的 AEAD:

// google\Tink crypto
try {
    TinkConfig.register();
    aead = AeadFactory.getPrimitive(getOrGenerateNewKeysetHandle());
    Log.i(LOG_TAG, "Tink registered.");
} catch (GeneralSecurityException | IOException e) {
    e.printStackTrace();
    Log.e(LOG_TAG, "Tink failed to register or could not generate a keyset handle.");
    Log.e(LOG_TAG, "Tink failed to register: " + e.getMessage());
}

无论哪种方式,Tink 都无法使用以下捕获的消息进行初始化:

10-03 16:10:58.319 com.mycompany.myapp.debug E/MainActivity: Tink failed to register: KeyGenerator AES implementation not found

是否有特定的 KeyTemplate 可以替换以下内容?

AeadKeyTemplates.AES256_GCM

完整的堆栈跟踪:

10-03 17:25:45.235 com.mycompany.myapp.debug W/System.err: java.security.NoSuchAlgorithmException: KeyGenerator AES implementation not found
10-03 17:25:45.245 com.mycompany.myapp.debug W/System.err:     at org.apache.harmony.security.fortress.Engine.notFound(Engine.java:177)
10-03 17:25:45.255 com.mycompany.myapp.debug W/System.err:     at org.apache.harmony.security.fortress.Engine.getInstance(Engine.java:170)
10-03 17:25:45.255 com.mycompany.myapp.debug W/System.err:     at javax.crypto.KeyGenerator.getInstance(KeyGenerator.java:163)
10-03 17:25:45.255 com.mycompany.myapp.debug W/System.err:     at javax.crypto.KeyGenerator.getInstance(KeyGenerator.java:135)
10-03 17:25:45.255 com.mycompany.myapp.debug W/System.err:     at com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient.generateNewAeadKey(AndroidKeystoreKmsClient.java:141)
10-03 17:25:45.265 com.mycompany.myapp.debug W/System.err:     at com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient.getOrGenerateNewAeadKey(AndroidKeystoreKmsClient.java:128)
10-03 17:25:45.265 com.mycompany.myapp.debug W/System.err:     at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.withMasterKeyUri(AndroidKeysetManager.java:157)
10-03 17:25:45.265 com.mycompany.myapp.debug W/System.err:     at com.mycompany.myapp.MainActivity.getOrGenerateNewKeysetHandle(MainActivity.java:2520)
10-03 17:25:45.265 com.mycompany.myapp.debug W/System.err:     at com.mycompany.myapp.MainActivity.initializeRequiredAppComponents(MainActivity.java:2554)
10-03 17:25:45.265 com.mycompany.myapp.debug W/System.err:     at com.mycompany.myapp.MainActivity.onCreate(MainActivity.java:230)
10-03 17:25:45.275 com.mycompany.myapp.debug W/System.err:     at android.app.Activity.performCreate(Activity.java:5231)
10-03 17:25:45.275 com.mycompany.myapp.debug W/System.err:     at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1087)
10-03 17:25:45.275 com.mycompany.myapp.debug W/System.err:     at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2159)
10-03 17:25:45.275 com.mycompany.myapp.debug W/System.err:     at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2245)
10-03 17:25:45.275 com.mycompany.myapp.debug W/System.err:     at android.app.ActivityThread.access$800(ActivityThread.java:135)
10-03 17:25:45.285 com.mycompany.myapp.debug W/System.err:     at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1196)
10-03 17:25:45.285 com.mycompany.myapp.debug W/System.err:     at android.os.Handler.dispatchMessage(Handler.java:102)
10-03 17:25:45.285 com.mycompany.myapp.debug W/System.err:     at android.os.Looper.loop(Looper.java:136)
10-03 17:25:45.285 com.mycompany.myapp.debug W/System.err:     at android.app.ActivityThread.main(ActivityThread.java:5017)
10-03 17:25:45.285 com.mycompany.myapp.debug W/System.err:     at java.lang.reflect.Method.invokeNative(Native Method)
10-03 17:25:45.295 com.mycompany.myapp.debug W/System.err:     at java.lang.reflect.Method.invoke(Method.java:515)
10-03 17:25:45.295 com.mycompany.myapp.debug W/System.err:     at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:779)
10-03 17:25:45.295 com.mycompany.myapp.debug W/System.err:     at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:595)
10-03 17:25:45.295 com.mycompany.myapp.debug W/System.err:     at dalvik.system.NativeStart.main(Native Method)
10-03 17:25:45.295 com.mycompany.myapp.debug E/MainActivity: GeneralSecurityException - Tink failed to register or could not generate a keyset handle: KeyGenerator AES implementation not found
10-03 17:25:45.295 com.mycompany.myapp.debug E/MainActivity: isMDMAPISupported: Exception ignored
4

1 回答 1

1

在 Tink v1.2.0 上遇到问题时,以下作为临时解决方法。对于 23 以下的 Android SDK,我们在构建 keysetManager 时跳过使用 Keystore。

但是,这应该不再是 Tink v1.2.1(发布时)的问题,因为我已经测试了最新的 HEAD-SNAPSHOT 并且没有遇到崩溃。

    private KeysetHandle getOrGenerateNewKeysetHandle() throws IOException, GeneralSecurityException {
        AndroidKeysetManager.Builder keysetManagerBuilder = new AndroidKeysetManager.Builder()
                .withSharedPref(getApplicationContext(), TINK_KEYSET_NAME, TINK_PREF_FILE_NAME)
                .withKeyTemplate(AeadKeyTemplates.AES256_GCM);

        if (Build.VERSION.SDK_INT >= 23) {
            keysetManagerBuilder.withMasterKeyUri(ANDROID_KEYSTORE_TINK_MASTER_KEY_URI);
        } else {
            keysetManagerBuilder.doNotUseKeystore();
        }

        return keysetManagerBuilder.build().getKeysetHandle();
    }
于 2018-10-05T18:13:03.227 回答