Sign JWT with PrivateKey from android Fingerprint API -


i have claims , want create jwt , sign privatekey created in fingerprint api.

this jwt claim -

header:  {      "alg": "rs256”,      “kid”: “abcdedfkjsdfjaldfkjg”,       “auth_type” : “fingerprint” / "pin" }  payload: {       “client_id”:”xxxxx-yyyyyy-zzzzzz” }

creating keypair fingerprint -

import android.os.build; import android.security.keystore.keygenparameterspec; import android.security.keystore.keyproperties; import android.support.annotation.requiresapi; import android.util.log;  import com.yourmobileid.mobileid.library.common.midcommons;  import org.jose4j.base64url.base64;  import java.io.ioexception; import java.security.invalidalgorithmparameterexception; import java.security.keypairgenerator; import java.security.keystore; import java.security.keystoreexception; import java.security.nosuchalgorithmexception; import java.security.nosuchproviderexception; import java.security.privatekey; import java.security.publickey; import java.security.unrecoverablekeyexception; import java.security.cert.certificateexception; import java.security.spec.rsakeygenparameterspec;   @requiresapi(api = build.version_codes.m) public class biometrichelper {      public static final string key_name = "my_key";     static keypairgenerator mkeypairgenerator;     private static string mkid;     private static keystore keystore;      public static void init() {         try {             mkeypairgenerator = keypairgenerator.getinstance(  keyproperties.key_algorithm_rsa, "androidkeystore");         } catch (nosuchalgorithmexception | nosuchproviderexception e) {             throw new runtimeexception("failed instance of keypairgenerator", e);         }         mkid = midcommons.generaterandomstring();           keystore = null;          try {             keystore = keystore.getinstance("androidkeystore");         } catch (keystoreexception e) {             throw new runtimeexception("failed instance of keystore", e);         }          createkeypair();     }       /**      * generates asymmetric key pair in android keystore. every use of private key must      * authorized user authenticating fingerprint. public key use unrestricted.      */     public static void createkeypair() {         try {              mkeypairgenerator.initialize(                     new keygenparameterspec.builder(                             key_name,                             keyproperties.purpose_encrypt | keyproperties.purpose_decrypt)                             .setencryptionpaddings(keyproperties.encryption_padding_rsa_pkcs1)                             .setalgorithmparameterspec(new rsakeygenparameterspec(2048, rsakeygenparameterspec.f4))                             .build());             mkeypairgenerator.generatekeypair();         } catch (invalidalgorithmparameterexception e) {             throw new runtimeexception(e);         }     }       public static privatekey getprivatekey() {         privatekey privatekey = null;         try {             keystore.load(null);             privatekey = (privatekey) keystore.getkey(key_name, null);         } catch (keystoreexception | certificateexception | unrecoverablekeyexception | nosuchalgorithmexception | ioexception e) {             e.printstacktrace();         }         return privatekey;     }      public static publickey getpublickey() {         publickey publickey = null;         try {             keystore.load(null);             publickey = keystore.getcertificate(key_name).getpublickey();         } catch (keystoreexception | certificateexception | nosuchalgorithmexception | ioexception e) {             e.printstacktrace();         }         return publickey;     }      public static keystore getkeystore(){         return keystore;     }     public static string getpublickeystr()  {         stringbuilder publickey = new stringbuilder("-----begin public key-----\n");         publickey.append(base64.encode((getpublickey().getencoded())).replace("==",""));         publickey.append("\n-----end public key-----");           log.d("key==","\n"+publickey);         return publickey.tostring();     }      public static string getkid() {          log.d("mkid==","\n"+mkid);         return mkid;     }  }

and creating jwt way -

@requiresapi(api = build.version_codes.m) private string createjwt(){      jwtclaims claims = new jwtclaims();     claims.setclaim("client_id","”xxxxx-yyyyyy-zzzzzz”");       jsonwebsignature jws = new jsonwebsignature();      jws.setpayload(claims.tojson());     jws.setkey(biometrichelper.getprivatekey());     jws.setkeyidheadervalue(biometrichelper.getkid());     jws.setheader("auth_type","fingerprint");     jws.setalgorithmheadervalue(algorithmidentifiers.rsa_using_sha256);      string jwt = null;     try {         jwt = jws.getcompactserialization();      } catch (joseexception e) {         e.printstacktrace();     }     system.out.println("jwt: " + jwt);      return jwt; }

when doing getting -

w/system.err: org.jose4j.lang.invalidkeyexception: given key (algorithm=rsa) not valid sha256withrsa w/system.err:     @ org.jose4j.jws.basesignaturealgorithm.initforsign(basesignaturealgorithm.java:97) w/system.err:     @ org.jose4j.jws.basesignaturealgorithm.sign(basesignaturealgorithm.java:68) w/system.err:     @ org.jose4j.jws.jsonwebsignature.sign(jsonwebsignature.java:101)

i tried many other way signing jwt privatekey far did not find solution.

any appreciated

you have created key encryption only, not signing. change 

mkeypairgenerator.initialize(         new keygenparameterspec.builder(                     key_name,                     keyproperties.purpose_encrypt | keyproperties.purpose_decrypt)                     .setencryptionpaddings(keyproperties.encryption_padding_rsa_pkcs1)                     .setalgorithmparameterspec(new rsakeygenparameterspec(2048, rsakeygenparameterspec.f4))                     .build());

with

mkeypairgenerator.initialize(       new keygenparameterspec.builder(                   key_name,                   keyproperties.purpose_sign | keyproperties.purpose_verify)                   .setdigests(keyproperties.digest_sha256)                   .setalgorithmparameterspec(new rsakeygenparameterspec(2048, rsakeygenparameterspec.f4))                   .build());

Comments

Post a Comment

Popular posts from this blog

python Tkinter Capturing keyboard events save as one single string -

is possible store keyboard events 1 string? code below stores 1 char , prints it. card reader or bar code reader, contains collection of character/ string not 1 character @ time. goal save char pressed text variable. from tkinter import * root = tk() def key(event): text= event.char text+= event.char print ("pressed", text) def callback(event): frame.focus_set() print ("clicked at", event.x, event.y) frame = frame(root, width=100, height=100) frame.bind("<key>", key) frame.bind("<button-1>", callback) frame.pack() root.mainloop() currently, creating text variable , everytime key() function gets called, , text stores last character typed. you can define text module level variable , , use module level text inside key function - text = '' def key(event): global text text+= event.char print("pressed", text)
Read more

android - InAppBilling registering BroadcastReceiver in AndroidManifest -

i'm implementing inapp billing in android app. works well, however, i'm trying decouple broadcast receiver activity manifest. suggestion in android's trivialdrive sample: // important: dynamically register broadcast messages updated purchases. // register receiver here instead of <receiver> in manifest // because call getpurchases() @ startup, therefore can ignore // broadcasts sent while app isn't running. // note: registering listener in activity bad idea, done here // because sample. regardless, receiver must registered after // iabhelper setup, before first call getpurchases(). currently there's class extends broadcastreceiver : public class iabbroadcastreceiver extends broadcastreceiver { /** * intent action receiver should filter for. */ public static final string action = "com.android.vending.billing.purchases_updated"; private final iabbroadcastlistener mlistener; public iabbroadcastreceiver(iabbroadcastlistener listener) { m
Read more

javascript - Z-index in d3.js -

i have map , when hover effect on region of map below yellow line , circle, last ones disappear. how can solve problem? http://jsfiddle.net/ot21n9qx/ var arc = g.append("path") .style("fill", "none") .style("stroke", "yellow") .style("stroke-width", 2) .attr("d", "m" + pathorigin[0] + "," + pathorigin[1] + " q" + svgpoint[0] + "," + pathorigin[1] + " " + svgpoint[0] + "," + svgpoint[1]); var circlesize = d3.scale.linear() .domain([0, 0.5, 1]) .range([4, 10, 4]); svg not have z order draws objects in order created. need create path , circle after create highlight regions. here forked fiddle: http://jsfiddle.net/o00fzgaf/1/
Read more