android-keystore-audit
android-keystore-audit copied to clipboard
WithSecureLabs
App crashing immediately on start up
Step:
- edit app/build.gradle adding
lintOptions {
abortOnError false
}
- build using
./gradlew build
App crashing immediately on start up
Output of adb logcat -b crash:
01-01 19:24:52.070 24273 24273 E AndroidRuntime: FATAL EXCEPTION: main
01-01 19:24:52.070 24273 24273 E AndroidRuntime: Process: com.example.keystorecrypto, PID: 24273
01-01 19:24:52.070 24273 24273 E AndroidRuntime: java.lang.RuntimeException: Unable to start activity ComponentInfo{com.example.keystorecrypto/com.example.keystorecrypto.MainActivity}: java.security.InvalidAlgorithmParameterException: java.lang.IllegalStateException: At least one biometric must be enrolled to create keys requiring user authentication for every use
01-01 19:24:52.070 24273 24273 E AndroidRuntime: at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:3782)
01-01 19:24:52.070 24273 24273 E AndroidRuntime: at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3961)
01-01 19:24:52.070 24273 24273 E AndroidRuntime: at android.app.servertransaction.LaunchActivityItem.execute(LaunchActivityItem.java:91)
01-01 19:24:52.070 24273 24273 E AndroidRuntime: at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:149)
01-01 19:24:52.070 24273 24273 E AndroidRuntime: at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:103)
01-01 19:24:52.070 24273 24273 E AndroidRuntime: at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2386)
01-01 19:24:52.070 24273 24273 E AndroidRuntime: at android.os.Handler.dispatchMessage(Handler.java:107)
01-01 19:24:52.070 24273 24273 E AndroidRuntime: at android.os.Looper.loop(Looper.java:213)
01-01 19:24:52.070 24273 24273 E AndroidRuntime: at android.app.ActivityThread.main(ActivityThread.java:8178)
01-01 19:24:52.070 24273 24273 E AndroidRuntime: at java.lang.reflect.Method.invoke(Native Method)
01-01 19:24:52.070 24273 24273 E AndroidRuntime: at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:513)
01-01 19:24:52.070 24273 24273 E AndroidRuntime: at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1101)
01-01 19:24:52.070 24273 24273 E AndroidRuntime: Caused by: java.security.InvalidAlgorithmParameterException: java.lang.IllegalStateException: At least one biometric must be enrolled to create keys requiring user authentication for every use
01-01 19:24:52.070 24273 24273 E AndroidRuntime: at android.security.keystore.AndroidKeyStoreKeyGeneratorSpi.engineInit(AndroidKeyStoreKeyGeneratorSpi.java:256)
01-01 19:24:52.070 24273 24273 E AndroidRuntime: at android.security.keystore.AndroidKeyStoreKeyGeneratorSpi$AES.engineInit(AndroidKeyStoreKeyGeneratorSpi.java:53)
01-01 19:24:52.070 24273 24273 E AndroidRuntime: at javax.crypto.KeyGenerator.init(KeyGenerator.java:519)
01-01 19:24:52.070 24273 24273 E AndroidRuntime: at javax.crypto.KeyGenerator.init(KeyGenerator.java:502)
01-01 19:24:52.070 24273 24273 E AndroidRuntime: at com.example.keystorecrypto.KeystoreManager.generateSymmetricKey(KeystoreManager.kt:86)
01-01 19:24:52.070 24273 24273 E AndroidRuntime: at com.example.keystorecrypto.KeystoreManager.generateMasterKeys(KeystoreManager.kt:33)
01-01 19:24:52.070 24273 24273 E AndroidRuntime: at com.example.keystorecrypto.SecureLocalManager.<init>(SecureLocalManager.kt:27)
01-01 19:24:52.070 24273 24273 E AndroidRuntime: at com.example.keystorecrypto.MainActivity.onCreate(MainActivity.kt:26)
01-01 19:24:52.070 24273 24273 E AndroidRuntime: at android.app.Activity.performCreate(Activity.java:8086)
01-01 19:24:52.070 24273 24273 E AndroidRuntime: at android.app.Activity.performCreate(Activity.java:8074)
01-01 19:24:52.070 24273 24273 E AndroidRuntime: at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1313)
01-01 19:24:52.070 24273 24273 E AndroidRuntime: at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:3755)
01-01 19:24:52.070 24273 24273 E AndroidRuntime: ... 11 more
01-01 19:24:52.070 24273 24273 E AndroidRuntime: Caused by: java.lang.IllegalStateException: At least one biometric must be enrolled to create keys requiring user authentication for every use
01-01 19:24:52.070 24273 24273 E AndroidRuntime: at android.security.keystore.KeymasterUtils.addUserAuthArgs(KeymasterUtils.java:148)
01-01 19:24:52.070 24273 24273 E AndroidRuntime: at android.security.keystore.AndroidKeyStoreKeyGeneratorSpi.engineInit(AndroidKeyStoreKeyGeneratorSpi.java:254)
01-01 19:24:52.070 24273 24273 E AndroidRuntime: ... 22 more
@RobertoD91, Looking at the stacktrace
Caused by: java.lang.IllegalStateException: At least one biometric must be enrolled to create keys requiring user authentication for every use
Have you registered at least one fingerprint in your device?
I got the following on start up
Both Android 9 Honor 9 Lite and Pixel XL emulator API 30
Process: com.example.keystorecrypto, PID: 29923
java.lang.RuntimeException: Unable to start activity ComponentInfo{com.example.keystorecrypto/com.example.keystorecrypto.MainActivity}: android.security.keystore.StrongBoxUnavailableException: Failed to generate key pair
at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:3430)
at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3614)
at android.app.servertransaction.LaunchActivityItem.execute(LaunchActivityItem.java:86)
at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:108)
at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:68)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2199)
at android.os.Handler.dispatchMessage(Handler.java:112)
at android.os.Looper.loop(Looper.java:216)
at android.app.ActivityThread.main(ActivityThread.java:7625)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:524)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:987)
Caused by: android.security.keystore.StrongBoxUnavailableException: Failed to generate key pair
at android.security.keystore.AndroidKeyStoreKeyPairGeneratorSpi.generateKeystoreKeyPair(AndroidKeyStoreKeyPairGeneratorSpi.java:511)
at android.security.keystore.AndroidKeyStoreKeyPairGeneratorSpi.generateKeyPair(AndroidKeyStoreKeyPairGeneratorSpi.java:470)
at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:727)
at com.example.keystorecrypto.KeystoreManager.generateAsymmetricKeys(KeystoreManager.kt:64)
at com.example.keystorecrypto.KeystoreManager.generateMasterKeys(KeystoreManager.kt:35)
at com.example.keystorecrypto.SecureLocalManager.<init>(SecureLocalManager.kt:27)
at com.example.keystorecrypto.MainActivity.onCreate(MainActivity.kt:26)
at android.app.Activity.performCreate(Activity.java:7458)
at android.app.Activity.performCreate(Activity.java:7448)
at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1286)
at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:3409)
at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3614)
at android.app.servertransaction.LaunchActivityItem.execute(LaunchActivityItem.java:86)
at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:108)
at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:68)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2199)
at android.os.Handler.dispatchMessage(Handler.java:112)
at android.os.Looper.loop(Looper.java:216)
at android.app.ActivityThread.main(ActivityThread.java:7625)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:524)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:987)
Caused by: android.security.KeyStoreException: No StrongBox available
at android.security.keystore.AndroidKeyStoreKeyPairGeneratorSpi.generateKeystoreKeyPair(AndroidKeyStoreKeyPairGeneratorSpi.java:511)
at android.security.keystore.AndroidKeyStoreKeyPairGeneratorSpi.generateKeyPair(AndroidKeyStoreKeyPairGeneratorSpi.java:470)
at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:727)
at com.example.keystorecrypto.KeystoreManager.generateAsymmetricKeys(KeystoreManager.kt:64)
at com.example.keystorecrypto.KeystoreManager.generateMasterKeys(KeystoreManager.kt:35)
at com.example.keystorecrypto.SecureLocalManager.<init>(SecureLocalManager.kt:27)
at com.example.keystorecrypto.MainActivity.onCreate(MainActivity.kt:26)
at android.app.Activity.performCreate(Activity.java:7458)
at android.app.Activity.performCreate(Activity.java:7448)
at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1286)
at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:3409)
at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3614)
at android.app.servertransaction.LaunchActivityItem.execute(LaunchActivityItem.java:86)
at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:108)
at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:68)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2199)
at android.os.Handler.dispatchMessage(Handler.java:112)
at android.os.Looper.loop(Looper.java:216)
at android.app.ActivityThread.main(ActivityThread.java:7625)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:524)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:987)
Same here on a Xiaomi Redmi 9. It seems that not all devices has a StrongBox KeyStore.
Process: com.example.keystorecrypto, PID: 18317
java.lang.RuntimeException: Unable to start activity ComponentInfo{com.example.keystorecrypto/com.example.keystorecrypto.MainActivity}: android.security.keystore.StrongBoxUnavailableException: Failed to generate key
at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:3780)
at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3947)
at android.app.servertransaction.LaunchActivityItem.execute(LaunchActivityItem.java:106)
at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:135)
at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:95)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2325)
at android.os.Handler.dispatchMessage(Handler.java:106)
at android.os.Looper.loopOnce(Looper.java:210)
at android.os.Looper.loop(Looper.java:299)
at android.app.ActivityThread.main(ActivityThread.java:8280)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:576)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1073)
Caused by: android.security.keystore.StrongBoxUnavailableException: Failed to generate key
at android.security.keystore2.AndroidKeyStoreKeyGeneratorSpi.engineGenerateKey(AndroidKeyStoreKeyGeneratorSpi.java:411)
at javax.crypto.KeyGenerator.generateKey(KeyGenerator.java:612)
at com.example.keystorecrypto.KeystoreManager.generateSymmetricKey(KeystoreManager.kt:87)
at com.example.keystorecrypto.KeystoreManager.generateMasterKeys(KeystoreManager.kt:33)
at com.example.keystorecrypto.SecureLocalManager.
