通过查看KeyStore
类,并修改initCipher()
,我自己找到了答案。没有最好的实现,但不够好,考出来的东西:
private boolean initCipher(Cipher cipher, String keyName) {
try {
mKeyStore.load(null);
// ADDED: Check is keystore contains my key name
if(!mKeyStore.containsAlias(DEFAULT_KEY_NAME)) {
// ADDED: Create if it doesn't
createKey(DEFAULT_KEY_NAME, true);
}
SecretKey key = (SecretKey) mKeyStore.getKey(keyName, null);
cipher.init(Cipher.ENCRYPT_MODE, key);
return true;
} catch (KeyPermanentlyInvalidatedException e) {
// ADDED: Remove the key if it is invalidated so
// it can be created fresh next time
try {
mKeyStore.deleteEntry(keyName);
} catch (KeyStoreException e1) {
e1.printStackTrace();
return false;
}
return false;
} catch (KeyStoreException | CertificateException | UnrecoverableKeyException | IOException
| NoSuchAlgorithmException | InvalidKeyException e) {
throw new RuntimeException("Failed to init Cipher", e);
}
}
还需要从onCreate()
删除createKey()
呼叫太明显。