Keychain entry on Android must be under 256 bytes(?)

[tomasMizera]

Thank you for maintaining this library!

Our code on Android fails to write an entry to KeyStore with value longer than 256 bytes. It does not seem to happen on other platforms. Is this an Android limitation? I was unable to find such a hard constraint anywhere online about KeyStore.

This is the java exception we receive:

java.io.IOException: javax.crypto.IllegalBlockSizeException: input must be under 256 bytes
	at javax.crypto.CipherOutputStream.close(CipherOutputStream.java:214)
	at org.qtproject.qt.android.QtNative.startQtApplication(Native Method)
	at org.qtproject.qt.android.QtNative$7.run(QtNative.java:465)
	at org.qtproject.qt.android.QtThread$1.run(QtThread.java:25)
	at java.lang.Thread.run(Thread.java:1012)
Caused by: javax.crypto.IllegalBlockSizeException: input must be under 256 bytes
	at com.android.org.conscrypt.OpenSSLCipherRSA.engineDoFinal(OpenSSLCipherRSA.java:300)
	at javax.crypto.Cipher.doFinal(Cipher.java:1957)
	at javax.crypto.CipherOutputStream.close(CipherOutputStream.java:210)
	... 4 more

The QKeychain::WritePasswordJob finishes without any error though.

[JustinSteventon]

This looks to be a limitation of using RSA on Android. This is a pretty serious issue as it means you cannot use qtkeychain to store tokens.

[JamesMBallard]

I ran into this problem as well. I was able to devise a workaround, but it's nearly entirely driven by AI/Copilot using "hybrid encryption" to use AES to encrypt the payload data, then RSA to encrypt just the AES key. The end result worked, but I am reluctant to trust Copilot recommendations with encryption.

@frankosterfeld does that sound like a viable pattern to solve the problem? I can share the source file as well with the tweaks.