KB869254

From The LI AO Wiki
Revision as of 21:04, 15 October 2024 by Admin (talk | contribs) (Create the page and save contents.)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)


Introduction

This article introduces an issue found on Android virtual devices of BlueStacks 5 that a prompt for entering credential storage password may be displayed when performing certificate operations requiring the use of protected private keys.

Symptoms

Consider the scenario that a user imported a private key that corresponds to a X.509 certificate on an Android VM of BlueStacks 5, and the user is going to sign data using Android's own cryptographic abilities. When the user has set up a screen lock but is never entered in the time of device start, he/she will be asked to enter a password for credential storage which is never set explicitly by him/her.

Solution

Like cryptographic modules on other major operating systems, Android introduces a set of features in order to protect the safety of critical credentials and private keys. Because the Android ROM used on BlueStacks machines don't require entering a screen lock password or drawing a pattern after device start-up, such screen lock is never confirmed since device start at the time an app requires using the private key in the credentials storage. Therefore, the program logic encounters an error.

In order to resolve this issue, the user needs to draw a pattern or enter the screen lock password before using the app to conduct private key-related operations. Using one of the following steps to confirm the device lock:

  1. Starting the activity com.android.settings.ConfirmDeviceCredentialsActivity or com.android.settings.password.ConfirmDeviceCredentialsActivity, and draw the pattern or enter the screen lock password for confirmation;
  2. Enter Android's Settings app, and select the appropriate menus to enter the workflow to change the screen lock on device, then, enter the pattern or screen lock password, and take no action afterwards since there's no need to change it, or
  3. Enter Settings, navigate into the workflow for resetting network settings, and enter the pattern or screen lock password for confirmation; do not proceed with resetting network settings before final confirmation as there's no need to do so.

Such confirmation of screen lock mechanisms need to be finished each time after the device starts, unless there is a prior confirmation before using the credential storage to perform private key operations.

Retrieved from "https://wiki.liao.media/index.php?title=KB869254&oldid=631"