Java – transfer privatekey from keystore and use JNI in OpenSSL

I have an Android application using webrtc Everything is perfect But now, the main problem is encryption

In order to make calls and transfer data, webrtc creates and uses a keypair for each call But I want to use the custom kaypair in the Android keystore For this problem, I need to send my keypair to the OpenSSL shared object to work

The fix will be in the native OpenSSL code, where webrtc uses this function to obtain the OpenSSL context of encrypted data (opensslidnetity. CC):

bool OpenSSLIdentity::ConfigureIdentity
{
    ...
}

How to transfer PK from Android keystore to webrtc native code? In another case, how to set up a custom PK for webrtc encryption?

AndroidKeyStore

In Java, I can open the keystore (Android keystore) and get the public key ready for transmission (key byte with method – getencoded()) In addition, I can get the private key of the encrypted data, but I can't send this key in bytes because getencoded() returns null In this case, I think I can get the publickey abd privatekey and save them in the bytes array Then, we call the prepared method in native code.

Update: Google source. There is something similar in chromium They get the key from the Android keystore and create the OpenSSL context in the native code Native classes for getting and using androidkeystore for TLS link 1 and link 2

Solution

Android keystore will not disclose the private key or key materials of the key as designed (see https://developer.android.com/training/articles/keystore.html ）Your choice is:

>Display Android key privatekey signature or password as OpenSSL EVP_ PKEY.> Do not use Android keystore Might you not need to provide additional protection than storing private keys in stored procedures?