This article is the third part of the series, Storing data securely on Android. If you are new to this series or want to read the previous part, click here.

### Series

- Storing data securely on Android — Introduction
- Storing data securely on Android — KeyStore Symmetric
- Storing data securely on Android — KeyStore Asymmetric (you’re here)
- Storing data securely on Android — KeyStore Hybrid (soon)
- Storing data securely on Android — Key Derivation (soon)

### What Happened?

In the previous article, we reviewed the *keystore* in Android, and then we talked about generating a symmetric key in *keystore* with a sample code. IV and its usage were introduced. We investigated encryption and decryption by exploring the code. Finally, a test method was given as a sample of using those functions.

### What is the symmetric key problem?

For using a symmetric key in keystore, there is a limitation; you can use the symmetric key just from **API ≥23. **Android documentation mentions that you can support **62.6%** of current Android devices by using **API≥23**. So what can we do for the rest of the users? One of the answers is using an Asymmetric key.

### Generating an Asymmetric Key

In this section, we want to generate an *RSA* key in *AndroidKeyStore* with arbitrary alias. Later, we will use this key for encrypting or decrypting data.

This method takes *alias* as a parameter; it returns *keystore entry* if an alias **exists** before by using the *containAlias* method. Otherwise, it will generate an *RSA* key.

Because of using the *asymmetric* key, we should set a certificate for the public key. Above code determined the *start date* and* end date* of the certificate. Other items like the *subject* and the *serial number* can be filled with arbitrary data. For more information on these items, you can visit this page.

### Data Encryption

Now we can encrypt the data with the **public key** of the generated key we have saved.

For using this method, we should pass the *cipherAlgorithm* like *RSA/ECB/PKCS1Padding, plainText, *and* key. *This method returns the *ciphertext.*

### Why are we using the ECB mode in an RSA?

I should notice that Java **does not **implement *ECB* with *RSA* cipher even when you use *RSA/ECB/PKCS1Padding*. Java only encrypts/decrypts a **single block** by using the *RSA* algorithm and *ECB* is one of the block cipher modes which is being used for ciphers like *AES*.

### Data Decryption

Now, we can decrypt the ciphertext with the **private key **of the generated key pair.

### How to use?

For simplicity, I have put those functions into the *AsymmetricUtil* class and write test methods to verify its behavior. The *AsymmetricUtil* class is responsible for *generating a key*, *data encryption*, and *data decryption*.

RSA usage

As a sample, this is the result of using the above methods:

plain text = This is a sample text!

cipher text = tsoeQfve4A/bWggZW1p0XS+ABhgb8R8nDRHlONB3zTxDGub9b2LfB11qQgVUBqT6KcHllY8N317lA+yDZ8gEUPYPdmkihTzThvzsvvx6EjJXKpRpoTc33wLIF1RbpsulhbGaNE1tUHGuPOdwiiPy2GqTYUL8yWaJLhWIYyEhfUhV+qHJy3xTO94IA9hFornTTK/GFVS/lsvXGSLfq93ana1F/Pc5Vgerfg7cEDhTg+iVJROrqN7I17Wea09ttDjSht8ZSnpzZMM6HPu8JjZzyswCLj+D5TMWsrZPL4eY9RD0QVZ3Y5dD0zeRNJmAhKkQrZcUj5in0Ajsyu+Lmb6ZCA==

public key = MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9bWu4x54tKZrIPl7uw1qm1WMuYiH93Nhrwr8yHlRXMAhIoBIcN5y8QIOqqiyjnD26ZI0vNA64b2Is69CoOAxNA6GIRH7i4uGnLagUWl2s6KOM+KyhOlFCpB5/T5/9qBGfWDyGhtS6aqzW6b+vuiAOgzXsg1Yi8bBGKb5S4KY0gFWdxBniOABR8sM9S1WRM3Vg5paa4UotgPM8lR1jUuJrUFpXjz+yVgbVYBIIEDY89/WaQf2+dnkvITMdmPq51h5Aj14zl9GIowtvxhxxyDYRT3hkogV5WBa44DHIsSfUxG7V7B2xTwQaGVME0vR9WprvVrYcsVSg7a6kv8HfRRSxQIDAQAB

### There is a big problem!

When you use *asymmetric* ciphers like *RSA*, your plain text **can not be longer **than your **key size**!

For example, in above code, we used RSA 1024, so when you use the above code and try to encrypt a long text or file which is larger than 1024 bits (256 bytes) you will get an **exception** in the *encrypt* method which is:

javax.crypto.IllegalBlockSizeException: input must be under 256 bytes

### What should we do?

We can combine the *symmetric* and *asymmetric* ciphers to surmount the* *** API level restriction** and also

**.**

*input length limitation*In cryptography, the **hybrid cryptosystem **is one which combines the convenience of an asymmetric cryptosystem with the efficiency of an asymmetric cryptosystem. We will discover hybrid crypto in the next article!

### Summary

We reviewed the *asymmetric crypto *in Android, and then we talked about generating an asymmetric key in *KeyStore* with the sample code. We investigated the encryption and decryption by exploring the code. Finally, a test method was given as a sample of using those functions.

### What is Next?

In the next article, I will talk about using the *KeyStore* with *hybrid *crypto, which uses both* RSA *and* AES*. The following article will cover the mentioned topic entirely with code in Kotlin ✌️.

**Thank you for using your time to read this article.** **Feedback is always much appreciated.**

**Liked it? Clap 👏 to say “thanks!” and please share it to others. Don’t forget you can clap up to 50 times! ❤**