Function KeyStore.setKeystorePassword is not working properly.

[Sargis Simonyan]

Hello again,

thank you for excellent support in my previous request in "Keystore.checkPassword" funciton. I am testing further the changing of password and encountered in a strange behavior. Briefly - I can change password of keystore which is proved after setting it, but at next call the password remains unchanged.

I am calling firstly this:

KeyStore keyStore = new KeyStore(userName+".keystore", pass);

            

//load the key store data from a previous session

File keystoreFile = mContext.getFileStreamPath(userName+".keystore");

if (keystoreFile.exists()) 

{

mKeyPath = keystoreFile.getAbsolutePath();

InputStream keystoreStream = mContext.openFileInput(userName+".keystore");

keyStore.loadFromStream(keystoreStream);

System.err.println("mKeyPath: "+mKeyPath+ "keystore password: "+keyStore.getKeystorePassword());

}

This functions shows the right password in logs

Then I am calling directly checking the password from KeyPair object:

// user id is the userMail

if (keyStore.getKey(userMail).checkPassword(pass))

{

System.err.println("password is right: "+keyStore.getKeystorePassword());

        ........

and here to I see the right password in logs.

Then in next function I am trying to change the password. I am creating the LeyStore object exactly as here in above code calling:

......

keyStore.setKeystorePassword(newPass);

System.err.println("setting new password; "+"keystore password: "+keyStore.getKeystorePassword());

the checking the password shows that is set, i.e. the getKeystorePassword() shows already the new password.

But in this case the direct calling of code below fails:

// user id is the userMail

if (keyStore.getKey(userMail).checkPassword(newPass))

{

     ...... fails here

and in next call the keyStore.getKeystorePassword() (I am using dialog box for adding old/new password) shows that the password is an older one, not a newer, even the logs above shown that it was changes succesfully. 

So, I hope I described the case rightly, the "keyStore.setKeystorePassword(newPass);" function has no effect to next call of it.

Could you kindly help in this case? Possibly it is a bug in android module.

Thank you in advance,

Sargis

[DidiSoft Support]

Hi Sargis,

And explicit call to KeyStore.save() will be needed after setting the new password.

Kind Regards
Peter Kalef
Technical Support
DidiSoft Inc | Toll free (USA and Canada): 866-253-7568 | International: +1-501-313-0397 | Fax: +1-501-313-0397 | Web: www.didisoft.com

--
You received this message because you are subscribed to the Google Groups "DidiSoft Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to didisoft_foru...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Sargis Simonyan]

Hi Peter,

thank you for your advice!

I tried this function but I am getting error in logs:

 

05-31 14:46:08.159: W/System.err(20742): com.didisoft.pgp.PGPException: exception saving key store

05-31 14:46:08.164: W/System.err(20742): at com.didisoft.pgp.KeyStore.save(SourceFile:5733)

....

05-31 14:46:08.165: W/System.err(20742): Caused by: java.io.FileNotFoundException: .....keystore: open failed: EROFS (Read-only file system)

Some research at stackoverflow reveals that this function will demand rooting. Is it so? Since in this case it becames useless.

[Sargis Simonyan]

One important note, the appropirate permission in manifest is set:

<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />

[DidiSoft Support]

Hi Sargis,

Can try to execute in your code this line:(before calling keyStore.save())

OutputStream testStream = new FileOutputStream(keyStore.getKeystoreFileName());

and tell me the outcome.

Kind Regards
Peter Kalef
Technical Support
DidiSoft Inc | Toll free (USA and Canada): 866-253-7568 | International: +1-501-313-0397 | Fax: +1-501-313-0397 | Web: www.didisoft.com

On 31.05.2017 1:51 PM, Sargis Simonyan wrote:

EROFS (Read-only file system)

[Sargis Simonyan]

Hi, this function fails. I loged a test message before calling it:

05-31 15:19:26.430: W/System.err(24010): test stream, check point before ... 

05-31 15:19:26.430: W/System.err(24010): java.io.FileNotFoundException: ......keystore: open failed: EROFS (Read-only file system)

05-31 15:19:26.430: W/System.err(24010): at libcore.io.IoBridge.open(IoBridge.java:452)

05-31 15:19:26.431: W/System.err(24010): at java.io.FileOutputStream.<init>(FileOutputStream.java:87)

05-31 15:19:26.431: W/System.err(24010): at java.io.FileOutputStream.<init>(FileOutputStream.java:127)

05-31 15:19:26.431: W/System.err(24010): at java.io.FileOutputStream.<init>(FileOutputStream.java:116)

 

[DidiSoft Support]

Hi Sargis,

Will this line succeed if you comment // keyStore.save();

OutputStream testStream = new FileOutputStream(keyStore.getKeystoreFileName());

Kind Regards
Peter Kalef
Technical Support
DidiSoft Inc | Toll free (USA and Canada): 866-253-7568 | International: +1-501-313-0397 | Fax: +1-501-313-0397 | Web: www.didisoft.com

[Sargis Simonyan]

actually, creating "testStream" object is before ..save() functions and there is another tracing log between then, whcih is never called, since the first one fails. But I will test it again now and will reply! 

[Sargis Simonyan]

... ok, result is the same, it fails with same error log. 

[Sargis Simonyan]

If it is important, I made another test to check how it is working the creating InputStream object, which is called before our testing case:

InputStream keystoreStream = mContext.openFileInput(userName+".keystore");

System.err.println("test input stream, available bytes: "+keystoreStream.available()+

"; and filename: "+keyStore.getKeystoreFileName());

here is the log:

05-31 15:59:55.107: W/System.err(26388): test input stream, available bytes: 29773; and filename: karim.keystore

 

[DidiSoft Support]

Hi Sargis,

In that case instead of keyStore.save() use

OutputStream keystoreStream = mContext.openFileOutput(userName+".keystore");

keyStore.saveToStream(keystoreStream);

Kind Regards
Peter Kalef
Technical Support
DidiSoft Inc | Toll free (USA and Canada): 866-253-7568 | International: +1-501-313-0397 | Fax: +1-501-313-0397 | Web: www.didisoft.com

[Sargis Simonyan]

well, this function do not fails, but also has no effect, exactly that it was before (the point of this post :))

 

[Sargis Simonyan]

if it is important I am using device with android 6.0 Marshmallow. I will test today with JellyBean and will reply in a few hours today. 

 

[Sargis Simonyan]

Hi Peter,

I tested also on my other device, with Jellybean OS, result is the same. So, changing the keystore password is not working properly, presumably due to some error in KeyStore.save() function.

 

[DidiSoft Support]

Hi Sargis,

I see the problem. We will update the library in two days with a workaround.

[DidiSoft Support]

Hi Sargis,

Download the updated version of the library from our customers' section.

The new version offers a different approach for creating a password protected key store in Android apps.

The new approach is using this constructor:

// Context ctx ...
KeyStore keyStore = new KeyStore(new com.didisoft.pgp.storage.AndroidContextFileKeyStorage(ctx, "my.keystore"));

Kind Regards
Peter Kalef
Technical Support
DidiSoft Inc | Toll free (USA and Canada): 866-253-7568 | International: +1-501-313-0397 | Fax: +1-501-313-0397 | Web: www.didisoft.com

[DidiSoft Support]

Hi Sargis,

Please read this short article before you start implementing the new version 1.3.19 in your app:
https://www.didisoft.com/android-openpgp/examples/keystore/

Kind Regards
Peter Kalef
Technical Support
DidiSoft Inc | Toll free (USA and Canada): 866-253-7568 | International: +1-501-313-0397 | Fax: +1-501-313-0397 | Web: www.didisoft.com

[Sargis Simonyan]

Hi Peter,

I am testing the last update and it is not working at all, very strange! 

There is two concerns about last update:

1) I see on the page there is version number still 1.3.18. However I made a new download and working further with it. Maybe simply the webpage is not updated? To be sure here is the link:

https://www.didisoft.com/android-openpgp/

2) I made many tests, here is one of them, since the result is the same. I am trying to generate a keypair, which was successful in previous version, but fails now:

// KeyStore keyStore = new KeyStore();

   AndroidContextFileKeyStorage storage = new com.didisoft.pgp.storage.AndroidContextFileKeyStorage(

ctx, userName+".keystore");

  KeyStore keyStore = new KeyStore(storage); 

 

 // load the key store data from a previous session

 //my.keystore

// File keystoreFile = ctx.getFileStreamPath(userName+".keystore");

// if (keystoreFile.exists()) 

   {

InputStream keystoreStream = storage.getInputStream();//ctx.openFileInput(userName+".keystore");

keyStore.loadFromStream(keystoreStream);    

 

System.err.println("1; Keystore File Name: "+keyStore.getKeystoreFileName());

 }

try {            

// invoke the key pair generation

KeyPairInformation key = keyStore.generateKeyPair(keySizeInBits, 

userId, 

algorithm, 

privateKeyPassword, 

compressions, 

hashingAlgorithms, 

cyphers);

 ..............

[didisoft]

Hi Sargis,

With the new release there is no need of

InputStream keystoreStream = storage.getInputStream();//ctx.openFileInput(userName+".keystore");

keyStore.loadFromStream(keystoreStream);    

 

System.err.println("1; Keystore File Name: "+keyStore.getKeystoreFileName());

Please check the updated example app that ships with the library for correct usage.

[Sargis Simonyan]

Yes, you know, I tested also without it (commented) and generation failed. But I will check the new samples. One please, is the downloadable archive a latest one, since there is stated 1.3.18, not 1.3.19. I am not sure, but it could be important

[didisoft]

Can you please specify how it fails? Is there an exception, etc,

[Sargis Simonyan]

ok, i see it now updated, thanks!

[Sargis Simonyan]

well, I will perform more tests and will update you later again.

[Sargis Simonyan]

ok, I can specify now exactly how it fails. I compiled a demo project "android.demo" from your example project and the error is the same as happens in my app. I am attaching a screenshots, you can see errors there.

[didisoft]

Hi Sargis,

Please download again the latest version - this shall be fixed now.

[Sargis Simonyan]

ok, is it again under version 1.3.19 or it will be with increased version name? Since I see on download page the old version name.

[didisoft]

This is an undocumented update. Just download again the latest version.

[Sargis Simonyan]

ok, i tested it. It seems to me have another kind of error now :)

it is tested on "android.demo" project. I replaced library files and run again the demo.

[didisoft]

Hi Sargis,

I though that the whole point of this functionality is that you want a password protected KeyStore. The mentioned error will be thrown if you use the constructor KeyStore(IKeyStoreStorage storage) instead of KeyStore(IKeyStoreStorage storage, String keystorePassword)

We've updated again the library to skip this error in KeyStore(IKeyStoreStorage storage) too. Update again your copy of the library if you wish to use KeyStore(IKeyStoreStorage storage) instead of KeyStore(IKeyStoreStorage storage, String keystorePassword)

[Sargis Simonyan]

Hi Peter,

actually the story of this post was from "changePassword" function, which wasn't working, so the version with password I will need too, probably. I will test again with new download and will reply asap.

[Sargis Simonyan]

well, it look better now but there is one important problem, which do not allow to proceed further. As you see I am getting null of keystore file name. Password "nnn" is right here.

KeyStore keyStore = new KeyStore(new com.didisoft.pgp.storage.AndroidContextFileKeyStorage(

ctx, userName+".keystore"), privateKeyPassword);

System.err.println("1; Keystore File Name: "+keyStore.getKeystoreFileName());

KeyPairInformation key = keyStore.generateKeyPair(keySizeInBits, 

                        userId, 

                        algorithm, 

                        privateKeyPassword, 

                        compressions, 

                        hashingAlgorithms, 

                        cyphers);

        

System.err.println("2; Generation:" +

"keystore password: "+keyStore.getKeystorePassword());

06-08 12:25:58.207: W/System.err(7789): 1; Keystore File Name: null

06-08 12:26:00.432: W/System.err(7789): 2; Generation:keystore password: nnn

[didisoft]

Hi Sargis,

The library has been updated to version 1.3.20 to allow that.

[Sargis Simonyan]

well, this part is working but we have another problem.

KeyStore keyStore = new KeyStore(new com.didisoft.pgp.storage.AndroidContextFileKeyStorage(

mContext, userName+".keystore"), oldPass);

String keyStoreFileName = keyStore.getKeystoreFileName();

System.err.println("2; keyStoreFileName: "+keyStoreFileName);

keyStore.setKeystorePassword(newPass);

if (keyStore.checkPassword(keyStoreFileName, newPass))

{

             .................

}

06-08 14:15:33.993: W/System.err(15040): 2;keyStoreFileName: sargius.keystore

keyStore.checkPassword(keyStoreFileName, newPass) -- Fails

06-08 14:15:33.994: W/System.err(15040): java.io.FileNotFoundException: sargius.keystore: open failed: ENOENT (No such file or directory)

[didisoft]

Hi Sargis,

Download again the latest version.

The keyStore.checkPassword(keyStoreFileName, newPass) is not suitable for Android (it suffers the same problem as the constructor KeyStore(keyStoreFileName, newPass)

The preferred way with the new update is:

keyStore.checkPassword(new AndroidContextFileKeyStorage(keyStoreFileName), newPass)

[Sargis Simonyan]

Hi Peter,

the last update do not throw error but also do not work:

KeyStore keyStore = new KeyStore(new com.didisoft.pgp.storage.AndroidContextFileKeyStorage(

mContext, userName+".keystore"), oldPass);

String keyStoreFileName = keyStore.getKeystoreFileName();

System.err.println("2;keyStoreFileName: "+keyStoreFileName);

keyStore.setKeystorePassword(newPass);

System.err.println("ChP2");

if (keyStore.checkPassword(new AndroidContextFileKeyStorage(mContext, keyStoreFileName), newPass))

{

System.err.println("3; new keystore password is set: "+keyStore.getKeystorePassword());

}

here the function"checkPassword" return false with checking a new password

[Atanas Walks]

Hi Sargis,

Download again the latest version, the set password will auto save the key store.

--
You received this message because you are subscribed to the Google Groups "DidiSoft Forum" group.

To unsubscribe from this group and stop receiving emails from it, send an email to didisoft_forum+unsubscribe@googlegroups.com.

[Sargis Simonyan]

Hi Peter,

thank you for your great work!

This issue we can consider as solved.

However I see problems in mailing functionality of your library. I will create new post for that.

On Thursday, June 8, 2017 at 6:47:51 PM UTC+4, didisoft wrote:

Hi Sargis,

Download again the latest version, the set password will auto save the key store.

2017-06-08 15:22 GMT+03:00 Sargis Simonyan <sarg...@gmail.com>:

Hi Peter,

the last update do not throw error but also do not work:

KeyStore keyStore = new KeyStore(new com.didisoft.pgp.storage.AndroidContextFileKeyStorage(

mContext, userName+".keystore"), oldPass);

String keyStoreFileName = keyStore.getKeystoreFileName();

System.err.println("2;keyStoreFileName: "+keyStoreFileName);

keyStore.setKeystorePassword(newPass);

System.err.println("ChP2");

if (keyStore.checkPassword(new AndroidContextFileKeyStorage(mContext, keyStoreFileName), newPass))

{

System.err.println("3; new keystore password is set: "+keyStore.getKeystorePassword());

}

here the function"checkPassword" return false with checking a new password

On Thursday, June 8, 2017 at 3:25:54 PM UTC+4, didisoft wrote:

Hi Sargis,

Download again the latest version.

The keyStore.checkPassword(keyStoreFileName, newPass) is not suitable for Android (it suffers the same problem as the constructor KeyStore(keyStoreFileName, newPass)

The preferred way with the new update is:

keyStore.checkPassword(new AndroidContextFileKeyStorage(keyStoreFileName), newPass)

--
You received this message because you are subscribed to the Google Groups "DidiSoft Forum" group.

To unsubscribe from this group and stop receiving emails from it, send an email to didisoft_foru...@googlegroups.com.