Keystore operation failed :Incompatible padding mode

问题

I am using AndroidKeystore to generate RSA Keypair and doing encryption and decryption using this keypair

My keypair generation code looks like this

        var keypairGen:KeyPairGenerator = KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore")
        var keyPairGeneratorSpec: KeyGenParameterSpec = KeyGenParameterSpec
        .Builder(this.Key_Name, KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT)
        .setDigests(KeyProperties.DIGEST_SHA256,  KeyProperties.DIGEST_SHA512)
        .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1)
        .setRandomizedEncryptionRequired(false)
        .build()
    keypairGen.initialize(keyPairGeneratorSpec, SecureRandom())
    keypairGen.genKeyPair()

And my encryption code looks like

    val keyStore:KeyStore = KeyStore.getInstance("AndroidKeyStore")
    keyStore.load(null)

    val String:String = "Test_String"

    val publicKey:PublicKey = keyStore.getCertificate(this.Key_Name).publicKey
    val privateKeyEntry:KeyStore.PrivateKeyEntry = keyStore.getEntry(this.Key_Name,null) as KeyStore.PrivateKeyEntry
    val privateKey:PrivateKey = privateKeyEntry.privateKey

    val cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding")
    cipher.init(Cipher.ENCRYPT_MODE,publicKey)
    val encryptedByte = cipher.doFinal(privateKeyString.toByteArray())
    val stringEncrypt:String = Base64.encodeToString(encryptedByte,Base64.DEFAULT)

And My Decryption Code like this

    val cipher1=Cipher.getInstance("RSA/ECB/PKCS1Padding")
    cipher1.init(Cipher.DECRYPT_MODE, privateKey);
    val decryptedBytes = cipher1.doFinal(Base64.decode(stringEncrypt,Base64.DEFAULT));
    val decrypted = String(decryptedBytes);

But when I am running this Encryption working fine but I got the following error in Decrypt

    java.lang.RuntimeException: Unable to create service com.example.myapplication.service.Myservice: java.security.InvalidKeyException: Keystore operation failed
    at android.app.ActivityThread.handleCreateService(ActivityThread.java:3201)
    at android.app.ActivityThread.-wrap5(ActivityThread.java)
    at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1567)
    at android.os.Handler.dispatchMessage(Handler.java:102)
    at android.os.Looper.loop(Looper.java:154)
    at android.app.ActivityThread.main(ActivityThread.java:6119)
    at java.lang.reflect.Method.invoke(Native Method)
    at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:886)
    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:776)
 Caused by: java.security.InvalidKeyException: Keystore operation failed
    at android.security.KeyStore.getInvalidKeyException(KeyStore.java:727)
    at android.security.KeyStore.getInvalidKeyException(KeyStore.java:748)
    at android.security.keystore.KeyStoreCryptoOperationUtils.getInvalidKeyExceptionForInit(KeyStoreCryptoOperationUtils.java:54)
    at android.security.keystore.KeyStoreCryptoOperationUtils.getExceptionForCipherInit(KeyStoreCryptoOperationUtils.java:89)
    at android.security.keystore.AndroidKeyStoreCipherSpiBase.ensureKeystoreOperationInitialized(AndroidKeyStoreCipherSpiBase.java:265)
    at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineInit(AndroidKeyStoreCipherSpiBase.java:109)
    at javax.crypto.Cipher.tryTransformWithProvider(Cipher.java:2977)
    at javax.crypto.Cipher.tryCombinations(Cipher.java:2884)
    at javax.crypto.Cipher$SpiAndProviderUpdater.updateAndGetSpiAndProvider(Cipher.java:2789)
    at javax.crypto.Cipher.chooseProvider(Cipher.java:956)
    at javax.crypto.Cipher.init(Cipher.java:1199)
    at javax.crypto.Cipher.init(Cipher.java:1143)
    at com.example.myapplication.component.Component.encryptKey(Component.kt:82)
    at com.example.myapplication.service.Myservice.keypairGenerator(Myservice.kt:92)
    at com.example.myapplication.service.Myservice.onCreate(Myservice.kt:55)
    at android.app.ActivityThread.handleCreateService(ActivityThread.java:3191)
    at android.app.ActivityThread.-wrap5(ActivityThread.java) 
    at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1567) 
    at android.os.Handler.dispatchMessage(Handler.java:102) 
    at android.os.Looper.loop(Looper.java:154) 
    at android.app.ActivityThread.main(ActivityThread.java:6119) 
    at java.lang.reflect.Method.invoke(Native Method) 
    at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:886) 
    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:776) 
 Caused by: android.security.KeyStoreException: Incompatible padding mode
    at android.security.KeyStore.getKeyStoreException(KeyStore.java:666)
    at android.security.KeyStore.getInvalidKeyException(KeyStore.java:748) 
    at android.security.keystore.KeyStoreCryptoOperationUtils.getInvalidKeyExceptionForInit(KeyStoreCryptoOperationUtils.java:54) 
    at android.security.keystore.KeyStoreCryptoOperationUtils.getExceptionForCipherInit(KeyStoreCryptoOperationUtils.java:89) 
    at android.security.keystore.AndroidKeyStoreCipherSpiBase.ensureKeystoreOperationInitialized(AndroidKeyStoreCipherSpiBase.java:265) 
    at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineInit(AndroidKeyStoreCipherSpiBase.java:109) 
    at javax.crypto.Cipher.tryTransformWithProvider(Cipher.java:2977) 
    at javax.crypto.Cipher.tryCombinations(Cipher.java:2884) 
    at javax.crypto.Cipher$SpiAndProviderUpdater.updateAndGetSpiAndProvider(Cipher.java:2789) 
    at javax.crypto.Cipher.chooseProvider(Cipher.java:956) 
    at javax.crypto.Cipher.init(Cipher.java:1199) 
    at javax.crypto.Cipher.init(Cipher.java:1143) 
    at com.example.myapplication.component.Component.encryptKey(Component.kt:82) 
    at com.example.myapplication.service.Myservice.keypairGenerator(Myservice.kt:92) 
    at com.example.myapplication.service.Myservice.onCreate(Myservice.kt:55) 
    at android.app.ActivityThread.handleCreateService(ActivityThread.java:3191) 
    at android.app.ActivityThread.-wrap5(ActivityThread.java) 
    at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1567) 
    at android.os.Handler.dispatchMessage(Handler.java:102) 
    at android.os.Looper.loop(Looper.java:154) 
    at android.app.ActivityThread.main(ActivityThread.java:6119) 
    at java.lang.reflect.Method.invoke(Native Method) 
    at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:886) 
    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:776) 

please help me out this.I tried most of the combination of padding and digest.

回答1:

Try putting this before you decrypt

 stringEncrypt = stringEncrypt.replace("/n","");
val decryptedBytes = cipher1.doFinal(Base64.decode(stringEncrypt,Base64.DEFAULT));
val decrypted = String(decryptedBytes);

Either the key is wrong or the Base64 encoding is adding stuff if your keys to long. So its seeing mismatched sizes.

来源：https://stackoverflow.com/questions/55046705/keystore-operation-failed-incompatible-padding-mode