KeyStore

The Key storage concept is a combination of the traditional Java KeyStore and the classic PGP pubring and secring files but combined in a single entity. Containing not only public keys but also private keys, an additional encryption over its content is offered with a password key. As of version 1.3.19 DidiSoft OpenPGP Library for Android offers a more Android suitable approach for this task.

KeyStore constructor

As of version 1.3.19 the main constructors of the com.didisoft.pgp.KeyStore class are:

1
2
KeyStore(IKeyStoreStorage storage) // storage is not password protected
KeyStore(IKeyStoreStorage storage, String keystorePassword) // storage is password protected

 

Temporary in-memory KeyStore

If we need a temporary KeyStore object located only in the application runtime memory we can use the constructor

1
2
3
KeyStore keyStore = new KeyStore();
// equivalent 
KeyStore keyStore =new KeyStore(new com.didisoft.pgp.storage.InMemoryKeyStorage());

File based KeyStore

A file based key storage allows the KeyStore to persist its state after each operation that alters it like key generation, changing properties of a key, importing keys, etc. For Android applications the preferred way to create such KeyStore is

1
2
3
// open/create a key store located in a context located file
// ctx is instance of android.content.Context
KeyStore keyStore = new KeyStore(new com.didisoft.pgp.storage.AndroidContextFileKeyStorage(ctx, "my.keystore"), "my keystore password");

Implementing custom key storage

A key storage implementation must implement the interface com.didisoft.pgp.storage.IKeyStoreStorage

1
2
3
4
5
6
7
8
9
10
11
12
public interface IKeyStoreStorage {
  /**
  * Gets the source input stream containing serialized {@link KeyStore}
  * @return {@link InputStream} from serialized {@link KeyStore} or <code>null</code> for an in-memory located {@link KeyStore}
  */
  InputStream getInputStream() throws IOException;
  /**
  * Gets the storage output stream where {@link KeyStore} will be serialized
  * @return {@link OutputStream} where a {@link KeyStore} will be serialized or <code>null</code> for an in-memory located {@link KeyStore}
  */
  OutputStream getOutputStream() throws IOException;
}

Basically the KeyStore class calls thee getInputStream() method when it loads its data and getOutputStream() when it stores its data after modification to the internal state. If any of those operations return null, then the KeyStore will ignore them. For example lets suppose we want to implement a read only key storage. In that case our getOutputStream() will simply return null:

1
2
3
4
5
6
7
8
9
public class ReadOnlyKeyStorage implements IKeyStoreStorage {
  public InputStream getInputStream() throws IOException {
  ...
  }
 
  public OutputStream getOutputStream() throws IOException {
    return null;
  }
}

Summary

This chapter illustrates the new approach for using the com.didisoft.pgp.KeyStore class in DidiSoft OpenPGP Library for Android available as of version 1.3.19. Before the KeyStore was suffering the inherited design from OpenPGP Library for Java which wasn’t very suitable for Android applications, especially when the key storage had to be persisted.