Crash at "KeyStore.checkPassword(keystorefilename, passowrd)" function

[Sargis Simonyan]

Hi there,

I am working on your Android module and found a crash at testing of "KeyStore.checkPassword()" function.

I am creating KeyStore object:

KeyStore keyStore = new KeyStore(mKeyName+".keystore", pass);

.. then I am checking if the files exists (and it is successfull):

File keystoreFile = mContext.getFileStreamPath(mKeyName+".keystore");

if (keystoreFile.exists()) 

{

mKeyPath = keystoreFile.getAbsolutePath();

System.err.println("mKeyPath: "+mKeyPath);

}

then as I want to check the password of the keystore:

if (KeyStore.checkPassword(mKeyPath, pass))

{

                           ......................

....the app crashes. 

Here is Log:

05-25 19:29:01.023: E/AndroidRuntime(18678): java.lang.ClassCastException: org.spongycastle.openpgp.PGPLiteralData cannot be cast to org.spongycastle.openpgp.PGPEncryptedDataList

Could you kindly help in this error, since it is apparently within the "checkPassword()" internal realisation?!

Thank you in advance,

Sargis

[DidiSoft Support]

Hi Sargis,

Thank you for this proper notice. We have just fixed it.

Please download the updated version 1.3.18 where the method will work as expected.

Also an additional method has been added (KeyStore.isPasswordProtected) which can be used in conjunction with checkPassword like this:


if (KeyStore.isPasswordProtected(mKeyPath))
  KeyStore.checkPassword(mKeyPath, pass))

Kind Regards
Peter Kalef
Technical Support
DidiSoft Inc | Toll free (USA and Canada): 866-253-7568 | International: +1-501-313-0397 | Fax: +1-501-313-0397 | Web: www.didisoft.com

--
You received this message because you are subscribed to the Google Groups "DidiSoft Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to didisoft_foru...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Sargis Simonyan]

Hi Peter, 

many thanks for your support. The function is not crashing anymore! 

However there are still some problems. It seems to me the function "checkPassword" returns always "false". For clear test I am generating a key and checking password directly after generating, with using same password. 

Here is code snippet:

 try {            

// invoke the key pair generation

KeyPairInformation key = 

keyStore.generateKeyPair(keySizeInBits, 

userId, 

algorithm, 

privateKeyPassword, 

compressions, 

hashingAlgorithms, 

cyphers);

 

System.err.println("1; Generation:" +

"keystore password: "+keyStore.getKeystorePassword());

System.err.println("2; Generation:" +

"check password: "+keyStore.checkPassword(keystoreFile.getAbsolutePath(), privateKeyPassword));

System.err.println("3; Generation:" +

"check password: "+keyStore.checkPassword(keyStore.getKeystoreFileName(), privateKeyPassword));

 

and logs:

05-26 15:06:54.325: W/System.err(9893): 1; Generation:keystore password: null

05-26 15:06:54.326: W/System.err(9893): 2; Generation:check password: false

The third tracing do not appears in the logs, instead I am getting a Toast message with this text: "Attempt to invoke virtual method 'char[] java.lang.String.toCharArray()' on a null object reference. This toast message also apparently within the function's internal realization, so its not really clear to me and not clear what happens there.

Could you kindly take attention on this part too?

[DidiSoft Support]

Hi Sargis,

The method KeyStore.checkPassword(password) - is intended to check the password of a Key Store file (this is our own format which combines in itself the pubring and secring from PGP/GnuPG)

If you need to check the password of a PGP key located in a KeyStore you can do it with:

KeyStore ks = ..
boolean passwordMatch = ks.getKey( keyId user Id or hexadecimal Key ID here ).checkPassword(password);

Kind Regards
Peter Kalef
Technical Support
DidiSoft Inc | Toll free (USA and Canada): 866-253-7568 | International: +1-501-313-0397 | Fax: +1-501-313-0397 | Web: www.didisoft.com

[Sargis Simonyan]

.... some more clarifications:

In my other test I am creating a keystore like this:

KeyStore keyStore = new KeyStore(mKeyName+".keystore", pass);

.. and then checking the app password with function: "keyStore.getKeystorePassword();".

This function shows the right answer. But the directly call of: "keyStore.checkPassword(mKeyPath, pass)" returns "false" with the same password.

Possibly this is due to different relations to "keystore password" and "private key password". But there are 2 uncetainces:

1) The keystore object gets any password, attached to its creation in code. Should it not be persistent one?

2) I didn't found a function for getting the private key password and I am not flexible in this sense, since I can't check it, if I want to make it in code, e.g. in some dialog box. I found a "changePrivateKeyPassword()" function, but it is something other. ...

[Sargis Simonyan]

Excellent, thanks! It is working now!