I'm getting this error when I try to fetch the previously chosen private key when I recreate the activity after rotating the screen.
I've seen this question here, which suggests that choosePrivateKeyAlias() needs to be called "at least once after the application is installed". In this case it has been called numerous times, including when the app is started up before the screen rotation happens - so why is it considered to be a new app? Is the uid changing somehow?
Here's the call:
PrivateKey privateKey = KeyChain.getPrivateKey(getBaseContext(), alias);
I've just noticed that the other question was using getCertificateChain rather than getPrivateKey - is that the difference?
For posterity's sake, and to repeat my comment, the issue was that the alias was not being properly stored, and so this call attempted to access an entirely unrelated, or nonexistent, private key.