Android Keychain problem
I'm not sure if it's the right place for my problem but I hope someone can help me.
On my device there is a certificate with a private key installed. I want to use this private key to decrypt data that was encrypted with the corresponding public key. I have a testapp that works roughly that way:
- Select the certificate using the Android Keychain API:
- in callback method load private and public key
- encrypt some data with public key
Cipher cipher = Cipher.getInstance(transformation, provider); cipher.init(Cipher.ENCRYPT_MODE, publicKey); byte encryptedKey = cipher.doFinal(decrypted);
- decrypt this encrypted data with private key
cipher = Cipher.getInstance(transformation, provider); cipher.init(Cipher.DECRYPT_MODE, privateKey); byte decryptedKey = cipher.doFinal(encrypted);
Cipher.getInstance() is always called with the same transformation und the same provider. My problem is that only "RSA/ECB/PKCS1Padding" works for transformation but I should use "RSA/ECB/OAEPWithSHA-1AndMGF1Padding" or "RSA/ECB/OAEPPadding". I tested with different providers and also "null" as provider. But OAEP-padding doesn't work.
The same app works on other android devices so my guess is that this is because of knox on my samsung device. The decryption always fails with the following error:
"javax.crypto.BadPaddingException: Unknown BoringSSL error - Unknown BoringSSL error"
In logcat I can see the following output which I think is from the failing decryption:
D: C_CloseSession Success Exit error_check_function Exit pkcs11_private_decrypt, ret: 48 D: Exit SECPKCS11_ENGINE_decrypt, ret: 0
So, has anybody an idea why this isn't working or what I have to change?