Changes to the SecretKeyFactory API in Android 4.4
Posted by Trevor Johns, Android Developer Relations team
javax.crypto.SecretKeyFactory.Beginning with Android 4.4 KitKat, we’ve made a subtle change to the behavior of
SecretKeyFactory. This change may break some applications that use symmetric encryption and meet all of the following conditions:- Use
SecretKeyFactoryto generate symmetric keys, and - Use PBKDF2WithHmacSHA1 as their key generation algorithm for
SecretKeyFactory, and - Allow Unicode input for passphrases
Users using only ASCII characters in passphrases will see no difference. However, passphrases using higher-order Unicode characters will result in a different key being generated on devices running Android 4.4 and later.
For backward compatibility, we have added a new key generation algorithm which preserves the old behavior:
PBKDF2WithHmacSHA1And8bit. Applications that need to preserve compatibility with older platform versions (pre API 19) and meet the conditions above can make use of this code:import android.os.Build; SecretKeyFactory factory; if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) { // Use compatibility key factory -- only uses lower 8-bits of passphrase chars factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1And8bit"); } else { // Traditional key factory. Will use lower 8-bits of passphrase chars on // older Android versions (API level 18 and lower) and all available bits // on KitKat and newer (API level 19 and higher). factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); }
No comments:
Post a Comment