How to create an RSA key pair on Android to protect data
In this post I will explain how to create a RSA key pair on Android and use that key pair for sign and verify data. This RSA key pair will be stored in the Android KeyStore.
What is RSA?
RSA is a public-key or asymmetric crypto system. It uses a public key for encryption and a private key for decryption. Anyone can use the public key to encrypt a message but it can be decrypted only by the private key owner.
Android KeyStore
The Android KeyStore is a storage facility for cryptographic keys and certificates. The keys stored in the KeyStore can be used for cryptographic operations but the key material will not be extracted, that means that an attacker might use a stored key but will not be able to export it outside the device. When a key is created from an app and stored in the KeyStore, the access to the key will be restricted to the app itself.
Why to use RSA?
We can use RSA to sign and verify data, for example when we transfer some data to a server. Because RSA is a public-key system, we can use the private key to sign data in our app and send the public key to the server, so the server can verify that the data sent is genuine and has not been tampered. If any malicious users know the public…
