我在使用某些 Android 设备时遇到问题,密钥对生成失败,并显示“java.security.ProviderException:无法生成密钥对”。由“无法处理超级加密”、“无法使用 LskfBound 密钥进行超级加密”、“未为用户设置 LSKF”
重置锁屏密码/密码没有帮助。
据我分析错误,LSKF是锁屏知识因子,用于解锁设备锁屏的PIN/密码。
完全例外(来自三星 S21、Android 14):
Java.security.ProviderException: Failed to generate key pair.
...
at android.view.View.performClick(View.java:8043) ~[na:0.0]
at android.widget.TextView.performClick(TextView.java:17816) ~[na:0.0]
at com.google.android.material.button.MaterialButton.performClick(MaterialButton.java:1218) ~[na:0.0]
at android.view.View.performClickInternal(View.java:8020) ~[na:0.0]
at android.view.View.-$$Nest$mperformClickInternal(Unknown Source:0) ~[na:0.0]
at android.view.View$PerformClick.run(View.java:31850) ~[na:0.0]
at android.os.Handler.handleCallback(Handler.java:958) ~[na:0.0]
at android.os.Handler.dispatchMessage(Handler.java:99) ~[na:0.0]
at android.os.Looper.loopOnce(Looper.java:230) ~[na:0.0]
at android.os.Looper.loop(Looper.java:319) ~[na:0.0]
at android.app.ActivityThread.main(ActivityThread.java:8893) ~[na:0.0]
at java.lang.reflect.Method.invoke(Native Method) ~[na:0.0]
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:608) ~[na:0.0]
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1103) ~[na:0.0]
Caused by: android.security.KeyStoreException: Keystore not initialized (internal Keystore code: 3 message: system/security/keystore2/src/security_level.rs:701: In generate_key. 10012
Caused by:
0: system/security/keystore2/src/security_level.rs:209
1: system/security/keystore2/src/security_level.rs:186: Failed to handle super encryption.
2: system/security/keystore2/src/super_key.rs:758: Failed to super encrypt with LskfBound key.
3: system/security/keystore2/src/super_key.rs:718: LSKF is not setup for the user.
4: Error::Rc(r#UNINITIALIZED))
at android.security.KeyStore2.getKeyStoreException(KeyStore2.java:399) ~[na:0.0]
at android.security.KeyStoreSecurityLevel.handleExceptions(KeyStoreSecurityLevel.java:60) ~[na:0.0]
at android.security.KeyStoreSecurityLevel.generateKey(KeyStoreSecurityLevel.java:161) ~[na:0.0]
at android.security.keystore2.AndroidKeyStoreKeyPairGeneratorSpi.generateKeyPair(AndroidKeyStoreKeyPairGeneratorSpi.java:651) ~[na:0.0]
24 common frames omitted
我无法直接访问该设备,无法在任何测试设备上重现相同的错误。
我对该设备的了解:
相关密钥生成参数:
setUserAuthenticationRequired(true)
setUserAuthenticationParameters(0,KeyProperties.AUTH_BIOMETRIC_STRONG)
setUserConfirmationRequired(false)
setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512)
生成 RSA 和 EC 密钥时发生错误。仅 SHA256 和基于时间的密钥身份验证有后备方案,但在这里似乎都不起作用。
有人有同样的问题吗?我在网上发现了一些类似的问题,但没有任何答案。 有人可以重现这个问题吗?
我尝试删除并设置不同制造商的不同设备型号的锁屏系数。
对于某些较旧的设备,您可以设置指纹,然后移除引脚并保留指纹数据,但这不会导致预期的错误。
我在不同密钥类型(RSA、EC)、不同哈希算法(SHA256、SHA512)和身份验证超时(每次使用密钥和基于时间的密钥)的密钥生成过程中添加了重试逻辑。这些设备的所有变体都会出现该错误。
我能够重现该问题,但不确定根本原因或解决方案是什么。这是抛出异常的代码:
// ...
val keyPairGenerator = KeyPairGenerator.getInstance(
KeyProperties.KEY_ALGORITHM_EC,
mAndroidKeyStoreProviderName
)
keyPairGenerator.initialize(generateKeyGenParameterSpec(name))
val keyPair = keyPairGenerator.generateKeyPair()
// ...
这是我所看到的例外:
2024-05-24 16:27:15.424 735-8535 keystore2 keystore2 E keystore2::error: In generate_key.
Caused by:
0: In store_new_key.
1: In store_new_key. Failed to handle super encryption.
2: In handle_super_encryption_on_key_init. Failed to super encrypt with LskfBound key.
3: In super_encrypt. LSKF is not setup for the user.
4: Error::Rc(ResponseCode(3))
2024-05-24 16:27:15.424 26563-26770 [AEA]KeyStoreHelperImpl [omitted] E Error while generating key pair: android.security.KeyStoreException: Keystore not initialized