The KeyChain API will not allow to copy the private key if it is implemented with a hardware key store. Unfortionally only the Google Nexus devices with Android 4.1+ implement a hardware keystore. Other vendors might also do this or might use the standard insecure software implementation.
I think there are specialized SD Cards with smart card support on them but these are not cheap and I don't know if they work on all telephones.
Also in Android 4.1+ you don't get access to the private key. You only get an object which can be used as private key in signing/decrypting/encryption but you don't get the actual key. See more details on the implementation here: http://nelenkov.blogspot.de/2012/07/jelly-bean-hardware-backed-credential.html