During the creation of simple messaging android application that is to encrypt/decrypt messages and send them through internet, I decided to use RSA public/private key encryption. Question is how to store private key, so that even if phone is maliciously rooted, the key would stay safe? As far as I understood, KeyStore is used for certificates, and cannot be used for this? Should I encrypt private key as text file with AES? I have very little experience with security, so please feel free to correct my ideas, and give your opinion!
Kind Regards.
I think KeyStore could be suitable for your use. It is able to store RSA keys and encrypts them using AES so even with root access, they cannot be extracted without the password or bruteforcing.
There's a good post here about using KeyStore: http://nelenkov.blogspot.fr/2012/05/storing-application-secrets-in-androids.html