Sign JWT with PrivateKey from android Fingerprint API -


i have claims , want create jwt , sign privatekey created in fingerprint api.

this jwt claim -

header:  {      "alg": "rs256”,      “kid”: “abcdedfkjsdfjaldfkjg”,       “auth_type” : “fingerprint” / "pin" }  payload: {       “client_id”:”xxxxx-yyyyyy-zzzzzz” } 

creating keypair fingerprint -

import android.os.build; import android.security.keystore.keygenparameterspec; import android.security.keystore.keyproperties; import android.support.annotation.requiresapi; import android.util.log;  import com.yourmobileid.mobileid.library.common.midcommons;  import org.jose4j.base64url.base64;  import java.io.ioexception; import java.security.invalidalgorithmparameterexception; import java.security.keypairgenerator; import java.security.keystore; import java.security.keystoreexception; import java.security.nosuchalgorithmexception; import java.security.nosuchproviderexception; import java.security.privatekey; import java.security.publickey; import java.security.unrecoverablekeyexception; import java.security.cert.certificateexception; import java.security.spec.rsakeygenparameterspec;   @requiresapi(api = build.version_codes.m) public class biometrichelper {      public static final string key_name = "my_key";     static keypairgenerator mkeypairgenerator;     private static string mkid;     private static keystore keystore;      public static void init() {         try {             mkeypairgenerator = keypairgenerator.getinstance(  keyproperties.key_algorithm_rsa, "androidkeystore");         } catch (nosuchalgorithmexception | nosuchproviderexception e) {             throw new runtimeexception("failed instance of keypairgenerator", e);         }         mkid = midcommons.generaterandomstring();           keystore = null;          try {             keystore = keystore.getinstance("androidkeystore");         } catch (keystoreexception e) {             throw new runtimeexception("failed instance of keystore", e);         }          createkeypair();     }       /**      * generates asymmetric key pair in android keystore. every use of private key must      * authorized user authenticating fingerprint. public key use unrestricted.      */     public static void createkeypair() {         try {              mkeypairgenerator.initialize(                     new keygenparameterspec.builder(                             key_name,                             keyproperties.purpose_encrypt | keyproperties.purpose_decrypt)                             .setencryptionpaddings(keyproperties.encryption_padding_rsa_pkcs1)                             .setalgorithmparameterspec(new rsakeygenparameterspec(2048, rsakeygenparameterspec.f4))                             .build());             mkeypairgenerator.generatekeypair();         } catch (invalidalgorithmparameterexception e) {             throw new runtimeexception(e);         }     }       public static privatekey getprivatekey() {         privatekey privatekey = null;         try {             keystore.load(null);             privatekey = (privatekey) keystore.getkey(key_name, null);         } catch (keystoreexception | certificateexception | unrecoverablekeyexception | nosuchalgorithmexception | ioexception e) {             e.printstacktrace();         }         return privatekey;     }      public static publickey getpublickey() {         publickey publickey = null;         try {             keystore.load(null);             publickey = keystore.getcertificate(key_name).getpublickey();         } catch (keystoreexception | certificateexception | nosuchalgorithmexception | ioexception e) {             e.printstacktrace();         }         return publickey;     }      public static keystore getkeystore(){         return keystore;     }     public static string getpublickeystr()  {         stringbuilder publickey = new stringbuilder("-----begin public key-----\n");         publickey.append(base64.encode((getpublickey().getencoded())).replace("==",""));         publickey.append("\n-----end public key-----");           log.d("key==","\n"+publickey);         return publickey.tostring();     }      public static string getkid() {          log.d("mkid==","\n"+mkid);         return mkid;     }  } 

and creating jwt way -

@requiresapi(api = build.version_codes.m) private string createjwt(){      jwtclaims claims = new jwtclaims();     claims.setclaim("client_id","”xxxxx-yyyyyy-zzzzzz”");       jsonwebsignature jws = new jsonwebsignature();      jws.setpayload(claims.tojson());     jws.setkey(biometrichelper.getprivatekey());     jws.setkeyidheadervalue(biometrichelper.getkid());     jws.setheader("auth_type","fingerprint");     jws.setalgorithmheadervalue(algorithmidentifiers.rsa_using_sha256);      string jwt = null;     try {         jwt = jws.getcompactserialization();      } catch (joseexception e) {         e.printstacktrace();     }     system.out.println("jwt: " + jwt);      return jwt; } 

when doing getting -

w/system.err: org.jose4j.lang.invalidkeyexception: given key (algorithm=rsa) not valid sha256withrsa w/system.err:     @ org.jose4j.jws.basesignaturealgorithm.initforsign(basesignaturealgorithm.java:97) w/system.err:     @ org.jose4j.jws.basesignaturealgorithm.sign(basesignaturealgorithm.java:68) w/system.err:     @ org.jose4j.jws.jsonwebsignature.sign(jsonwebsignature.java:101) 

i tried many other way signing jwt privatekey far did not find solution.

any appreciated

you have created key encryption only, not signing. change

mkeypairgenerator.initialize(         new keygenparameterspec.builder(                     key_name,                     keyproperties.purpose_encrypt | keyproperties.purpose_decrypt)                     .setencryptionpaddings(keyproperties.encryption_padding_rsa_pkcs1)                     .setalgorithmparameterspec(new rsakeygenparameterspec(2048, rsakeygenparameterspec.f4))                     .build()); 

with

mkeypairgenerator.initialize(       new keygenparameterspec.builder(                   key_name,                   keyproperties.purpose_sign | keyproperties.purpose_verify)                   .setdigests(keyproperties.digest_sha256)                   .setalgorithmparameterspec(new rsakeygenparameterspec(2048, rsakeygenparameterspec.f4))                   .build()); 

Comments

Popular posts from this blog

android - InAppBilling registering BroadcastReceiver in AndroidManifest -

python Tkinter Capturing keyboard events save as one single string -

sql server - Why does Linq-to-SQL add unnecessary COUNT()? -