Caused by java.security.InvalidKeyException: Only SecretKey is supported

[Lucashuang0802]

Got an exception like this by using the standard approach to authenticate via fingerprint:

   private void generateKey() throws Exception {
        try {
            keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore");
            keyStore.load(null);
            keyGenerator.init(new KeyGenParameterSpec.Builder(KEY_NAME, KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
                    .setBlockModes(KeyProperties.BLOCK_MODE_CBC)
                    .setUserAuthenticationRequired(true)
                    .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_PKCS7)
                    .build());
            keyGenerator.generateKey();
        } catch (KeyStoreException
                | NoSuchAlgorithmException
                | NoSuchProviderException
                | InvalidAlgorithmParameterException
                | CertificateException
                | IOException exc) {
            exc.printStackTrace();
            throw new Exception(exc);
        }
    }

    private boolean initCipher() {
        try {
            cipher = Cipher.getInstance(KeyProperties.KEY_ALGORITHM_AES + "/" + KeyProperties.BLOCK_MODE_CBC + "/" + KeyProperties.ENCRYPTION_PADDING_PKCS7);
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new RuntimeException("Failed to get Cipher", e);
        }

        try {
            keyStore.load(null);
            SecretKey key = (SecretKey) keyStore.getKey(KEY_NAME, null);
            cipher.init(Cipher.ENCRYPT_MODE, key);
            return true;
        } catch (KeyPermanentlyInvalidatedException e) {
            return false;
        } catch (KeyStoreException | CertificateException
                | UnrecoverableKeyException | IOException
                | NoSuchAlgorithmException | InvalidKeyException e) {
            throw new RuntimeException("Failed to init Cipher", e);
        }
    }

Caused by java.security.InvalidKeyException: Only SecretKey is supported
       at com.android.org.conscrypt.OpenSSLCipher.checkAndSetEncodedKey(OpenSSLCipher.java:436)
       at com.android.org.conscrypt.OpenSSLCipher.engineInit(OpenSSLCipher.java:261)
       at javax.crypto.Cipher.tryTransformWithProvider(Cipher.java:2668)
       at javax.crypto.Cipher.tryCombinations(Cipher.java:2575)
       at javax.crypto.Cipher$SpiAndProviderUpdater.updateAndGetSpiAndProvider(Cipher.java:2480)
       at javax.crypto.Cipher.chooseProvider(Cipher.java:567)
       at javax.crypto.Cipher.init(Cipher.java:831)
       at javax.crypto.Cipher.init(Cipher.java:772)

Mostly users got crashes by 8 and 9 starts getting crashes:

[batschz]

any findings?

[jkheeva]

+1 any help anyone?

[batschz]

This was happening for me if the device is not secured via code/fingerprint - needs to be activated in the settings.

[vrajeshpatel]

You have set UserAuthenticationRequired as true. If you want to keep this, Device lock needs to be set via pin code or fingerprint as per @batschz or you can setUserAuthenticationRequired(false).

[codingjeremy]

I am closing this issue/PR, as it has been migrated to the new repo linked above in the comments. Thank you!