Create a RSASigner.newSHA256Signer which supports PrivateKey instance

Question

Create a RSASigner.newSHA256Signer which supports PrivateKey instance

tommed opened this issue 3 years ago · 2 comments

We're using the AndroidKeyStore which protects the private exponent (by design for improved security) so it's impossible to call .getEncoded() or retrieve the private key's ASN1 for the PEM.

Your implementation is assuming this is possible, but by doing so, will only support private keys which expose the private exponent which isn't always a good idea.

Ideally rather than hard-coding the pem decoding in your RSASigner constructor, you should be accepting PrivateKey from elsewhere too and allow these to be managed by the respective KeyStore.

Answer 1 · 2021-08-25T12:03:47.000Z

Thanks for the request @tommed - if I add additional methods that take a reference of type java.security.interfaces.RSAPrivateKey will this work for you?

References:
https://developer.android.com/reference/java/security/KeyStore.PrivateKeyEntry
https://developer.android.com/reference/java/security/PrivateKey

Answer 2 · 2021-08-25T13:30:17.000Z

Available in 4.3.0