> For the complete documentation index, see [llms.txt](https://docs.payments.thalescloud.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.payments.thalescloud.io/nfc-wallet-sdk-android/help/knowledge-base/android-12-keystore-creation-issue.md). # Android 12 Keystore creation issue ## Overview NFC Wallet SDK creates an Android Keystore key that requires end-user authentication. This key protects payment assets used during contactless payments. On some devices, key creation fails when authentication is required. {% hint style="warning" %} This issue blocks wallet access and payments when **CDCVM** requires device authentication. {% endhint %} ### Symptoms The **digital wallet application** creates the key when it initializes **Device CVM**. This happens when you call `DeviceCVMManager.INSTANCE.initialize(CHVerificationMethod)`. The issue typically occurs with: * `CHVerificationMethod.DEVICE_KEYGUARD` * `CHVerificationMethod.BIOMETRICS` When key creation fails, NFC Wallet SDK throws `DeviceCVMException`. The message is typically: `Problem creating AKS key. Failed to store private key` ```java // Initialize Device CVM for the wallet DeviceCVMManager.INSTANCE.initialize(CHVerificationMethod.BIOMETRICS); ``` When you reproduce with a debug build of NFC Wallet SDK, you may also see: ``` java.security.KeyStoreException: Failed to store private key at android.security.keystore2.AndroidKeyStoreSpi.setPrivateKeyEntry(AndroidKeyStoreSpi.java:581) at android.security.keystore2.AndroidKeyStoreSpi.engineSetEntry(AndroidKeyStoreSpi.java:1211) at java.security.KeyStore.setEntry(KeyStore.java:1617) at java.lang.reflect.Method.invoke(Native Method) … Caused by: android.security.KeyStoreException: Keystore not initialized at android.security.KeyStore2.getKeyStoreException(KeyStore2.java:384) at android.security.KeyStoreSecurityLevel.handleExceptions(KeyStoreSecurityLevel.java:59) at android.security.KeyStoreSecurityLevel.importKey(KeyStoreSecurityLevel.java:204 … ``` ### Root cause A similar Android platform issue is tracked on Google Issue Tracker. See [issue 195330769](https://issuetracker.google.com/issues/195330769). Google indicates the fix is available starting with **Android 12L**. The fix is not backported to **Android 12**. ### Affected Android versions and devices Most reports are on **Android 12**, often on Xiaomi devices. As of Feb 2026, the following non-exhaustive list is reported: | Vendor | Model | Android version | API level | | ------- | -------------- | --------------- | --------- | | Honor | NTH-NX9 | Android 12 | 31 | | LGE | LG-US996 | Android 8.0 | 26 | | OnePlus | KB2003 | Android 12 | 31 | | Samsung | SM-G998B | Android 12 | 31 | | Samsung | SM-G998U | Android 12 | 31 | | Samsung | SM-A426BZKHXSP | Android 12 | 31 | | Samsung | SM-A516U | Android 12 | 31 | | Xiaomi | M2101K7BNY | Android 12 | 31 | | Xiaomi | 2109119DG | Android 12 | 31 | | Xiaomi | 22031116BG | Android 12 | 31 | | Xiaomi | M2007J3SG | Android 12 | 31 | | Xiaomi | M2012K11G | Android 12 | 31 | | Xiaomi | M2007J17G | Android 12 | 31 | | Xiaomi | M2101K9G | Android 12 | 31 | | Xiaomi | M2007J20CG | Android 12 | 31 | | Xiaomi | 21081111RG | Android 12 | 31 | | Xiaomi | M2004J19C | Android 11 | 30 | | Xiaomi | POCO F2 Pro | Android 12 | 31 | | Xiaomi | M2011K2G | Android 12 | 31 | | Xiaomi | M2102J20SG | Android 12 | 31 | ### Workarounds and next steps 1. **If the device runs Android 12, upgrade to Android 12L or later.** 2. **If the device runs another version, reset device lock and biometrics.** * Remove the screen lock. * Reboot the device. * Re-enroll biometrics. * Set the screen lock again. 3. **Retry Device CVM initialization.** If the issue reproduces on non-Android 12 devices, open a support ticket. Share device model, Android version, and full logs. Follow [How to report issues with Thales NFC Wallet SDK?](/nfc-wallet-sdk-android/help/knowledge-base/report-nfc-wallet-sdk-issues.md). Capture logs with [Retrieve logs from an Android device](/nfc-wallet-sdk-android/help/knowledge-base/retrieve-logs-from-an-android-device.md). --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.payments.thalescloud.io/nfc-wallet-sdk-android/help/knowledge-base/android-12-keystore-creation-issue.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.