diff --git a/core/src/main/java/org/futo/circles/core/provider/KeyStoreProvider.kt b/core/src/main/java/org/futo/circles/core/provider/KeyStoreProvider.kt
new file mode 100644
index 0000000000000000000000000000000000000000..9582fa1411991aee4d214f8d19aa3d3cf596d698
--- /dev/null
+++ b/core/src/main/java/org/futo/circles/core/provider/KeyStoreProvider.kt
@@ -0,0 +1,37 @@
+package org.futo.circles.core.provider
+
+import org.matrix.android.sdk.api.extensions.tryOrNull
+import java.security.KeyStore
+import javax.crypto.SecretKey
+import javax.crypto.spec.SecretKeySpec
+import javax.inject.Inject
+
+class KeyStoreProvider @Inject constructor() {
+
+    private val keyStore = KeyStore.getInstance("AndroidKeyStore")
+
+    fun storeBsSpekePrivateKey(keyBytes: ByteArray, keyId: String) {
+        storeKey(keyBytes, "$ORG_FUTO_SSSS_KEY_PREFIX.$keyId")
+    }
+
+    fun getBsSpekePrivateKey(keyId: String): ByteArray? = getKey("$ORG_FUTO_SSSS_KEY_PREFIX.$keyId")
+
+    private fun storeKey(keyBytes: ByteArray, alias: String) = tryOrNull {
+        val secretKey: SecretKey = SecretKeySpec(keyBytes, "AES")
+        keyStore.load(null)
+        val protectionParameter = KeyStore.PasswordProtection(null)
+        val secretKeyEntry = KeyStore.SecretKeyEntry(secretKey)
+        keyStore.setEntry(alias, secretKeyEntry, protectionParameter)
+    }
+
+
+    private fun getKey(alias: String): ByteArray? = tryOrNull {
+        keyStore.load(null)
+        val secretKey = keyStore.getKey(alias, null) as SecretKey
+        secretKey.encoded
+    }
+
+    companion object {
+        private const val ORG_FUTO_SSSS_KEY_PREFIX = "org.futo.ssss.key"
+    }
+}