Excellent! "Caused by: android.security.KeyStoreException: Incompatible padding mode" is the issue here. The issue is that you're asking Android Keystore to sign using this RSA private key using SHA-512 digest and PKCS #1 v1.5 signature padding scheme, but you didn't authorize the key to be used with the PKCS #1 v1.5 signature padding scheme. Unfortunately, it's not obvious from Signature algorithm name "SHA512withRSA" that this padding scheme will be used... To fix, invoke setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1) on the KeyGenParameterSpec.Builder when generating the key.
Cheers, Alex On Wednesday, February 17, 2016 at 6:11:55 PM UTC-8, Jacob Taylor wrote: > > Hi Alex, > > How silly of me, I thought I already commented out the BouncyCastle JCA > provider. That's done now, and yes, this is running on Android 6 and I'm > using the single arg getInstance for Signature. > > Now I get another error, stack trace below: > > java.security.InvalidKeyException: Keystore operation failed > > at android.security.KeyStore.getInvalidKeyException(KeyStore > .java:692) > > at android.security.KeyStore.getInvalidKeyException(KeyStore > .java:712) > > at android.security.keystore.KeyStoreCryptoOperationUtils. > getInvalidKeyExceptionForInit(KeyStoreCryptoOperationUtils.java:54) > > at android.security.keystore.AndroidKeyStoreSignatureSpiBase > .ensureKeystoreOperationInitialized(AndroidKeyStoreSignatureSpiBase.java: > 219) > > at android.security.keystore.AndroidKeyStoreSignatureSpiBase > .engineInitSign(AndroidKeyStoreSignatureSpiBase.java:99) > > at android.security.keystore.AndroidKeyStoreSignatureSpiBase > .engineInitSign(AndroidKeyStoreSignatureSpiBase.java:77) > > at java.security.Signature$SignatureImpl.engineInitSign( > Signature.java:706) > > at java.security.Signature.initSign(Signature.java:357) > > at au.com.taylornetworks.tapid.keystoreContentSigner. > getSignature(keystoreContentSigner.java:69) > > at org.spongycastle.pkcs.PKCS10CertificationRequestBuilder. > build(PKCS10CertificationRequestBuilder.java:149) > > at au.com.taylornetworks.tapid.pkiManager.generateCSR( > pkiManager.java:78) > > at au.com.taylornetworks.tapid.MainActivity.createAndShowCSR > (MainActivity.java:42) > > at java.lang.reflect.Method.invoke(Native Method) > > at android.support.v7.app. > AppCompatViewInflater$DeclaredOnClickListener.onClick( > AppCompatViewInflater.java:270) > > at android.view.View.performClick(View.java:5204) > > at android.view.View$PerformClick.run(View.java:21153) > > at android.os.Handler.handleCallback(Handler.java:739) > > at android.os.Handler.dispatchMessage(Handler.java:95) > > at android.os.Looper.loop(Looper.java:148) > > at android.app.ActivityThread.main(ActivityThread.java:5417) > > at java.lang.reflect.Method.invoke(Native Method) > > at com.android.internal.os.ZygoteInit$MethodAndArgsCaller. > run(ZygoteInit.java:726) > > at com.android.internal.os.ZygoteInit.main(ZygoteInit.java: > 616) > > Caused by: android.security.KeyStoreException: Incompatible > padding mode > > at android.security.KeyStore.getKeyStoreException(KeyStore. > java:632) > > at android.security.KeyStore.getInvalidKeyException(KeyStore > .java:712) > > at android.security.keystore.KeyStoreCryptoOperationUtils. > getInvalidKeyExceptionForInit(KeyStoreCryptoOperationUtils.java:54) > > at android.security.keystore.AndroidKeyStoreSignatureSpiBase > .ensureKeystoreOperationInitialized(AndroidKeyStoreSignatureSpiBase.java: > 219) > > at android.security.keystore.AndroidKeyStoreSignatureSpiBase > .engineInitSign(AndroidKeyStoreSignatureSpiBase.java:99) > > at android.security.keystore.AndroidKeyStoreSignatureSpiBase > .engineInitSign(AndroidKeyStoreSignatureSpiBase.java:77) > > at java.security.Signature$SignatureImpl.engineInitSign( > Signature.java:706) > > at java.security.Signature.initSign(Signature.java:357) > > at au.com.taylornetworks.tapid.keystoreContentSigner. > getSignature(keystoreContentSigner.java:69) > > at org.spongycastle.pkcs.PKCS10CertificationRequestBuilder. > build(PKCS10CertificationRequestBuilder.java:149) > > at au.com.taylornetworks.tapid.pkiManager.generateCSR( > pkiManager.java > ... -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/android-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/android-developers/9dc7b901-ede4-4e67-9ec4-13ecd25f46ca%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
