What I want
Store a deterministic secret key in the device that only my app can access. No need to back it up. Losing the phone, losing the key, is ok.
How I’m trying to do it
I create an AES key in the KeyStore, use it to encrypt a known message (say the text “MyAppName”) and that will be my private key. I can then use this private key to sign stuff in my app.
The problem
The encrypted value is always different, and so my private key is not deterministic, and android security won’t let me set the IV to my own value to make it deterministic.
I get
java.security.InvalidAlgorithmParameterException: Caller-provided IV not permitted
The alternative EC algorithm is non-deterministic by default. So I’m starting to wonder if there is a way around this.
This sounds like a programming problem, not a security issue
As long as there is a solution to the programming question. Yes. My concern is that, maybe, Android security scheme purposely prevents this type of use of the KeyStore.