Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Android android.credentials.UNLOCK Initializing keystore without password

Tags:

android

credentials

encryption

android-keystore

aes

Having a random key to encrypt local credentials through AES, I'm following the below tutorial to try to store securely that key and then be able to decrypt later on:

nelenkov.blogspot.co.uk storing applicationsecrets in androids

This tutorial explains how access to the system keystore and store your passwords in it.

The issue I'm facing it's focused in the call to UNLOCK (android.credentials.UNLOCK) the KeyStore. Devices (at the moment with API below 14) that don't have KeyStore initialized, they are showing a dialog requesting a 8 digits password.

The tutorial works fine however showing this dialog even do being only once, it's going to bother most of the users.

are there any way to skip this dialog?

I would be even happier if someone described a better way to keep locally a Key.

like image 733
Jose M Lechon Avatar asked Mar 27 '26 13:03

Jose M Lechon

1 Answers

KeyStore can appear locked not only on pre-ICS devices. The simplest way to get KeyStore locked is:

  1. Initialize KeyStore by setting KeyGuard (pattern, pin, or password on the Screen Lock)
  2. Add keys or whatever you store in the KeyStore
  3. Go to Settings > Security and change Screen Lock to something "not secure", for example, Slide.
  4. Reboot your device.

After the device is booted, KeyStore will be LOCKED. com.android.credentials.UNLOCK intent will start com.android.settings.CredentialStorage activity, which, in turn, will show UnlockDialog, prompting for a password.

 * KeyStore: LOCKED
 * KeyGuard: OFF/ON
 * Action:   old unlock dialog
 * Notes:    assume old password, need to use it to unlock.
 *           if unlock, ensure key guard before install.
 *           if reset, treat as UNINITALIZED/OFF

KeyStore gets reset after 5 attempts to enter incorrect password. But resetting KeyStore actually doesn't turn it off or uninitialize. KeyStore remains locked and the only way to uninitialize it seems to call for com.android.credentials.RESET. But this will reset both KeyStore and KeyChain (user installed certificates).

If you want to reset KeyStore and KeyChain silently, without user confirmation, you can do it by binding to IKeyChainService and calling its reset() method.

But I'd not recommend doing this. A better solution could be to display some notification message asking user to set Screen Lock manually

like image 154
Alexander Zhak Avatar answered Mar 29 '26 03:03

Alexander Zhak
Sign in to Comment

Related questions

OnPostCreate in Fragment
How to open a .so file? [closed]
Repeating IntentService using Timers- is it advisable?
Nullpointerexcepiton on cursor while selecting photo from gallery on dialog fragment
.SQLiteException: near ",": syntax error (code 1): , while compiling:
proguard don't keep anonymous class
Custom Drawer Layout - Click transparency
Set a values folder for multiple android sdk versions
Unable to parse JSonArray in Android
Add buttons in Map Fragment?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!