Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for hardware backed keys #51

Open
jcrabanal opened this issue Nov 11, 2024 · 1 comment
Open

Support for hardware backed keys #51

jcrabanal opened this issue Nov 11, 2024 · 1 comment

Comments

@jcrabanal
Copy link

In Android, you can generate AES keys in secure hardware, in the TEE (trusted execution environment) of the main processor:

KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(sKeyAlias, KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
        .setBlockModes(KeyProperties.BLOCK_MODE_CBC)
        .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
        .setRandomizedEncryptionRequired(true);
keyGenerator.init(builder.build());
SecretKey key = keyGenerator.generateKey();

If you're super paranoid, you can instruct it to generate on the StrongBox on supported devices, which is a TPM chip separated from the rest of the hardware. You wouldn't want to do this, because the StrongBox is painfully slow, but it's doable.

builder.setIsStrongBoxBacked(true);

This is useful from the security perspective, because you generate/use AES keys that never expose the key material to the application process. It also limits the usage modes a key can set. An attacker can still abuse the application process to encrypt/decrypt, but it needs the original device, and extracting the key material for off-site decryption would involve hacking the TEE or the StrongBox, and that's quite a harder feat to achieve.

SQLCipher requires you to provide directly the key material, exposing it to the application process. Using a hardware backed key is a nice idea I think.

Not sure how this goes, but I believe that stripping OpenSSL from the main SQLCipher binary becomes a possibility, if the app is only gonna use hardware backed keys (which require the use of the java crypto API), and bundle OpenSSL if they don't, saving a few MBs from the resulting APK.

Implementing support for java SecretKey that come from the Android KeyStore would also automatically add support from many other HSM sources, like for example NFC smartcards or USB security dongles.
@developernotes
Copy link
Member

Hi @jcrabanal,

Thank you for your interest in SQLCipher. You can certainly store password material within the Android Keystore, then use biometrics to access the key material you provide SQLCipher. Android device hardware integration for key storage is not a feature we plan to integrate within the library itself, instead we would defer this to an application integration point.

SQLCipher core is a C library that SQLCipher for Android interfaces with via JNI. While an interesting idea, removing the usage of a native crypto library and replacing it with an alternative crypto provider which utilizes JNI to perform the crypto operations would likely degrade overall performance.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@developernotes @jcrabanal