Florian Knogl
Aug 23, 2019
7:49 am

Android Keychain problem


I'm not sure if it's the right place for my problem but I hope someone can help me.

On my device there is a certificate with a private key installed. I want to use this private key to decrypt data that was encrypted with the corresponding public key. I have a testapp that works roughly that way:

  • Select the certificate using the Android Keychain API: 
  • in callback method load private and public key
  • encrypt some data with public key
    Cipher cipher = Cipher.getInstance(transformation, provider);
    cipher.init(Cipher.ENCRYPT_MODE, publicKey);
    byte[] encryptedKey = cipher.doFinal(decrypted);
  • decrypt this encrypted data with private key
    cipher = Cipher.getInstance(transformation, provider);
    cipher.init(Cipher.DECRYPT_MODE, privateKey);
    byte[] decryptedKey = cipher.doFinal(encrypted);

Cipher.getInstance() is always called with the same transformation und the same provider. My problem is that only "RSA/ECB/PKCS1Paddingworks for transformation but I should use  "RSA/ECB/OAEPWithSHA-1AndMGF1Padding" or "RSA/ECB/OAEPPadding". I tested with different providers and also "null" as provider. But OAEP-padding doesn't work. 


The same app works on other android devices so my guess is that this is because of knox on my samsung device. The decryption always fails with the following error:

"javax.crypto.BadPaddingException: Unknown BoringSSL error - Unknown BoringSSL error"


In logcat I can see the following output which I think is from the failing decryption:

D: C_CloseSession
    Exit error_check_function
    Exit pkcs11_private_decrypt, ret: 48
D: Exit SECPKCS11_ENGINE_decrypt, ret: 0


So, has anybody an idea why this isn't working or what I have to change?


Kind regards


Similar topics

No similar topics found.