Key agreement for a key inside AndroidKeyStore

[a]

I'm aware of the key wrapping and key agreement options provided by android. But what I'm trying to achieve is multiple keystores agreeing on a key, without that key ever being exposed to main memory.

Is this even possible with the current Hardware/Android APIs?

A flow would look something like this:

1. Device A generates EC keypair inside AndroidKeyStore.

2. Device B generates EC keypair inside AndroidKeyStore.
3. Device A sends pubkey to Device B and Device B send pubkey to Device A for ECDH key agreement
4. Key agreement happens inside the KeyStore, both device A and device B have a new keypair entry in their AndroidKeyStore they can use (with the same pubkey).

5. Agreed private key is never exposed to main memory, always only was agreed and stored inside the KeyStore.

[Pete Bentley]

Not really...Firstly ECDH is going to get you a shared secret as a bunch of bytes, and there's no obvious way to transform that into a asymmetric key pair, and secondly the current hardware and APIs generate that in main memory which would be difficult to change as Android Keystore only implements private key operations.

However, if an attacker is able to read your keys from main memory then they can also read your plaintext data, so it's game over and you might as well use ephemeral symmetric keys derived from the shared secret, e.g. https://developer.android.google.cn/reference/android/security/keystore/KeyGenParameterSpec#example:ecdh

Or HPKE (not yet in Android but currently landing in Conscrypt).

--
You received this message because you are subscribed to the Google Groups "conscrypt" group.
To unsubscribe from this group and stop receiving emails from it, send an email to conscrypt+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/conscrypt/2a0cd2d6-1a12-4c5d-aac3-9dade11fb220n%40googlegroups.com.