KeyProperties
public
abstract
class
KeyProperties
extends Object
java.lang.Object | |
↳ | android.security.keystore.KeyProperties |
Properties of Android Keystore keys.
Summary
Constants | |
---|---|
int |
AUTH_BIOMETRIC_STRONG
Any biometric (e.g. fingerprint, iris, or face) on the device that meets or exceeds the requirements for Strong, as defined by the Android CDD. |
int |
AUTH_DEVICE_CREDENTIAL
The non-biometric credential used to secure the device (i.e., PIN, pattern, or password) |
String |
BLOCK_MODE_CBC
Cipher Block Chaining (CBC) block mode. |
String |
BLOCK_MODE_CTR
Counter (CTR) block mode. |
String |
BLOCK_MODE_ECB
Electronic Codebook (ECB) block mode. |
String |
BLOCK_MODE_GCM
Galois/Counter Mode (GCM) block mode. |
String |
DIGEST_MD5
MD5 digest. |
String |
DIGEST_NONE
No digest: sign/authenticate the raw message. |
String |
DIGEST_SHA1
SHA-1 digest. |
String |
DIGEST_SHA224
SHA-2 224 (aka SHA-224) digest. |
String |
DIGEST_SHA256
SHA-2 256 (aka SHA-256) digest. |
String |
DIGEST_SHA384
SHA-2 384 (aka SHA-384) digest. |
String |
DIGEST_SHA512
SHA-2 512 (aka SHA-512) digest. |
String |
ENCRYPTION_PADDING_NONE
No encryption padding. |
String |
ENCRYPTION_PADDING_PKCS7
PKCS#7 encryption padding scheme. |
String |
ENCRYPTION_PADDING_RSA_OAEP
RSA Optimal Asymmetric Encryption Padding (OAEP) scheme. |
String |
ENCRYPTION_PADDING_RSA_PKCS1
RSA PKCS#1 v1.5 padding scheme for encryption. |
String |
KEY_ALGORITHM_3DES
This constant was deprecated
in API level 28.
Included for interoperability with legacy systems. Prefer |
String |
KEY_ALGORITHM_AES
Advanced Encryption Standard (AES) key. |
String |
KEY_ALGORITHM_EC
Elliptic Curve (EC) Cryptography key. |
String |
KEY_ALGORITHM_HMAC_SHA1
Keyed-Hash Message Authentication Code (HMAC) key using SHA-1 as the hash. |
String |
KEY_ALGORITHM_HMAC_SHA224
Keyed-Hash Message Authentication Code (HMAC) key using SHA-224 as the hash. |
String |
KEY_ALGORITHM_HMAC_SHA256
Keyed-Hash Message Authentication Code (HMAC) key using SHA-256 as the hash. |
String |
KEY_ALGORITHM_HMAC_SHA384
Keyed-Hash Message Authentication Code (HMAC) key using SHA-384 as the hash. |
String |
KEY_ALGORITHM_HMAC_SHA512
Keyed-Hash Message Authentication Code (HMAC) key using SHA-512 as the hash. |
String |
KEY_ALGORITHM_RSA
Rivest Shamir Adleman (RSA) key. |
int |
ORIGIN_GENERATED
Key was generated inside AndroidKeyStore. |
int |
ORIGIN_IMPORTED
Key was imported into AndroidKeyStore. |
int |
ORIGIN_SECURELY_IMPORTED
Key was imported into the AndroidKeyStore in an encrypted wrapper. |
int |
ORIGIN_UNKNOWN
Origin of the key is unknown. |
int |
PURPOSE_AGREE_KEY
Purpose of key: creating a shared ECDH secret through key agreement. |
int |
PURPOSE_ATTEST_KEY
Purpose of key: Signing attestations. |
int |
PURPOSE_DECRYPT
Purpose of key: decryption. |
int |
PURPOSE_ENCRYPT
Purpose of key: encryption. |
int |
PURPOSE_SIGN
Purpose of key: signing or generating a Message Authentication Code (MAC). |
int |
PURPOSE_VERIFY
Purpose of key: signature or Message Authentication Code (MAC) verification. |
int |
PURPOSE_WRAP_KEY
Purpose of key: wrapping and unwrapping wrapped keys for secure import. |
int |
SECURITY_LEVEL_SOFTWARE
Indicates enforcement by system software. |
int |
SECURITY_LEVEL_STRONGBOX
Indicates enforcement by environment meeting the Strongbox security profile, such as a secure element. |
int |
SECURITY_LEVEL_TRUSTED_ENVIRONMENT
Indicates enforcement by a trusted execution environment. |
int |
SECURITY_LEVEL_UNKNOWN
This security level indicates that no assumptions can be made about the security level of the respective key. |
int |
SECURITY_LEVEL_UNKNOWN_SECURE
This security level indicates that due to the target API level of the caller no exact
statement can be made about the security level of the key, however, the security level
can be considered is at least equivalent to |
String |
SIGNATURE_PADDING_RSA_PKCS1
RSA PKCS#1 v1.5 padding for signatures. |
String |
SIGNATURE_PADDING_RSA_PSS
RSA PKCS#1 v2.1 Probabilistic Signature Scheme (PSS) padding. |
int |
UNRESTRICTED_USAGE_COUNT
This value indicates that there is no restriction on the number of times the key can be used. |
Inherited methods | |
---|---|
Constants
AUTH_BIOMETRIC_STRONG
public static final int AUTH_BIOMETRIC_STRONG
Any biometric (e.g. fingerprint, iris, or face) on the device that meets or exceeds the requirements for Strong, as defined by the Android CDD.
Constant Value: 2 (0x00000002)
AUTH_DEVICE_CREDENTIAL
public static final int AUTH_DEVICE_CREDENTIAL
The non-biometric credential used to secure the device (i.e., PIN, pattern, or password)
Constant Value: 1 (0x00000001)
BLOCK_MODE_CBC
public static final String BLOCK_MODE_CBC
Cipher Block Chaining (CBC) block mode.
Constant Value: "CBC"
BLOCK_MODE_CTR
public static final String BLOCK_MODE_CTR
Counter (CTR) block mode.
Constant Value: "CTR"
BLOCK_MODE_ECB
public static final String BLOCK_MODE_ECB
Electronic Codebook (ECB) block mode.
Constant Value: "ECB"
BLOCK_MODE_GCM
public static final String BLOCK_MODE_GCM
Galois/Counter Mode (GCM) block mode.
Constant Value: "GCM"
DIGEST_MD5
public static final String DIGEST_MD5
MD5 digest.
Constant Value: "MD5"
DIGEST_NONE
public static final String DIGEST_NONE
No digest: sign/authenticate the raw message.
Constant Value: "NONE"
DIGEST_SHA1
public static final String DIGEST_SHA1
SHA-1 digest.
Constant Value: "SHA-1"
DIGEST_SHA224
public static final String DIGEST_SHA224
SHA-2 224 (aka SHA-224) digest.
Constant Value: "SHA-224"
DIGEST_SHA256
public static final String DIGEST_SHA256
SHA-2 256 (aka SHA-256) digest.
Constant Value: "SHA-256"
DIGEST_SHA384
public static final String DIGEST_SHA384
SHA-2 384 (aka SHA-384) digest.
Constant Value: "SHA-384"
DIGEST_SHA512
public static final String DIGEST_SHA512
SHA-2 512 (aka SHA-512) digest.
Constant Value: "SHA-512"
ENCRYPTION_PADDING_NONE
public static final String ENCRYPTION_PADDING_NONE
No encryption padding.
Constant Value: "NoPadding"
ENCRYPTION_PADDING_PKCS7
public static final String ENCRYPTION_PADDING_PKCS7
PKCS#7 encryption padding scheme.
Constant Value: "PKCS7Padding"
ENCRYPTION_PADDING_RSA_OAEP
public static final String ENCRYPTION_PADDING_RSA_OAEP
RSA Optimal Asymmetric Encryption Padding (OAEP) scheme.
Constant Value: "OAEPPadding"
ENCRYPTION_PADDING_RSA_PKCS1
public static final String ENCRYPTION_PADDING_RSA_PKCS1
RSA PKCS#1 v1.5 padding scheme for encryption.
Constant Value: "PKCS1Padding"
KEY_ALGORITHM_3DES
public static final String KEY_ALGORITHM_3DES
This constant was deprecated
in API level 28.
Included for interoperability with legacy systems. Prefer KEY_ALGORITHM_AES
for new development.
Triple Data Encryption Algorithm (3DES) key.
Constant Value: "DESede"
KEY_ALGORITHM_AES
public static final String KEY_ALGORITHM_AES
Advanced Encryption Standard (AES) key.
Constant Value: "AES"
KEY_ALGORITHM_EC
public static final String KEY_ALGORITHM_EC
Elliptic Curve (EC) Cryptography key.
Constant Value: "EC"
KEY_ALGORITHM_HMAC_SHA1
public static final String KEY_ALGORITHM_HMAC_SHA1
Keyed-Hash Message Authentication Code (HMAC) key using SHA-1 as the hash.
Constant Value: "HmacSHA1"
KEY_ALGORITHM_HMAC_SHA224
public static final String KEY_ALGORITHM_HMAC_SHA224
Keyed-Hash Message Authentication Code (HMAC) key using SHA-224 as the hash.
Constant Value: "HmacSHA224"
KEY_ALGORITHM_HMAC_SHA256
public static final String KEY_ALGORITHM_HMAC_SHA256
Keyed-Hash Message Authentication Code (HMAC) key using SHA-256 as the hash.
Constant Value: "HmacSHA256"
KEY_ALGORITHM_HMAC_SHA384
public static final String KEY_ALGORITHM_HMAC_SHA384
Keyed-Hash Message Authentication Code (HMAC) key using SHA-384 as the hash.
Constant Value: "HmacSHA384"
KEY_ALGORITHM_HMAC_SHA512
public static final String KEY_ALGORITHM_HMAC_SHA512
Keyed-Hash Message Authentication Code (HMAC) key using SHA-512 as the hash.
Constant Value: "HmacSHA512"
KEY_ALGORITHM_RSA
public static final String KEY_ALGORITHM_RSA
Rivest Shamir Adleman (RSA) key.
Constant Value: "RSA"
ORIGIN_GENERATED
public static final int ORIGIN_GENERATED
Key was generated inside AndroidKeyStore.
Constant Value: 1 (0x00000001)
ORIGIN_IMPORTED
public static final int ORIGIN_IMPORTED
Key was imported into AndroidKeyStore.
Constant Value: 2 (0x00000002)
ORIGIN_SECURELY_IMPORTED
public static final int ORIGIN_SECURELY_IMPORTED
Key was imported into the AndroidKeyStore in an encrypted wrapper. Unlike imported keys, securely imported keys can be imported without appearing as plaintext in the device's host memory.
Constant Value: 8 (0x00000008)
ORIGIN_UNKNOWN
public static final int ORIGIN_UNKNOWN
Origin of the key is unknown. This can occur only for keys backed by an old TEE-backed implementation which does not record origin information.
Constant Value: 4 (0x00000004)
PURPOSE_AGREE_KEY
public static final int PURPOSE_AGREE_KEY
Purpose of key: creating a shared ECDH secret through key agreement.
A key having this purpose can be combined with the elliptic curve public key of another
party to establish a shared secret over an insecure channel. It should be used as a
parameter to KeyAgreement.init(java.security.Key)
(a complete example is
available here).
See this
article for a more detailed explanation.
Constant Value: 64 (0x00000040)
PURPOSE_ATTEST_KEY
public static final int PURPOSE_ATTEST_KEY
Purpose of key: Signing attestations. This purpose is incompatible with all others, meaning that when generating a key with PURPOSE_ATTEST_KEY, no other purposes may be specified. In addition, PURPOSE_ATTEST_KEY may not be specified for imported keys.
Constant Value: 128 (0x00000080)
PURPOSE_DECRYPT
public static final int PURPOSE_DECRYPT
Purpose of key: decryption.
Constant Value: 2 (0x00000002)
PURPOSE_ENCRYPT
public static final int PURPOSE_ENCRYPT
Purpose of key: encryption.
Constant Value: 1 (0x00000001)
PURPOSE_SIGN
public static final int PURPOSE_SIGN
Purpose of key: signing or generating a Message Authentication Code (MAC).
Constant Value: 4 (0x00000004)
PURPOSE_VERIFY
public static final int PURPOSE_VERIFY
Purpose of key: signature or Message Authentication Code (MAC) verification.
Constant Value: 8 (0x00000008)
PURPOSE_WRAP_KEY
public static final int PURPOSE_WRAP_KEY
Purpose of key: wrapping and unwrapping wrapped keys for secure import.
Constant Value: 32 (0x00000020)
SECURITY_LEVEL_SOFTWARE
public static final int SECURITY_LEVEL_SOFTWARE
Indicates enforcement by system software.
Constant Value: 0 (0x00000000)
SECURITY_LEVEL_STRONGBOX
public static final int SECURITY_LEVEL_STRONGBOX
Indicates enforcement by environment meeting the Strongbox security profile, such as a secure element.
Constant Value: 2 (0x00000002)
SECURITY_LEVEL_TRUSTED_ENVIRONMENT
public static final int SECURITY_LEVEL_TRUSTED_ENVIRONMENT
Indicates enforcement by a trusted execution environment.
Constant Value: 1 (0x00000001)
SECURITY_LEVEL_UNKNOWN
public static final int SECURITY_LEVEL_UNKNOWN
This security level indicates that no assumptions can be made about the security level of the respective key.
Constant Value: -2 (0xfffffffe)
SECURITY_LEVEL_UNKNOWN_SECURE
public static final int SECURITY_LEVEL_UNKNOWN_SECURE
This security level indicates that due to the target API level of the caller no exact
statement can be made about the security level of the key, however, the security level
can be considered is at least equivalent to SECURITY_LEVEL_TRUSTED_ENVIRONMENT
.
Constant Value: -1 (0xffffffff)
SIGNATURE_PADDING_RSA_PKCS1
public static final String SIGNATURE_PADDING_RSA_PKCS1
RSA PKCS#1 v1.5 padding for signatures.
Constant Value: "PKCS1"
SIGNATURE_PADDING_RSA_PSS
public static final String SIGNATURE_PADDING_RSA_PSS
RSA PKCS#1 v2.1 Probabilistic Signature Scheme (PSS) padding.
Constant Value: "PSS"
UNRESTRICTED_USAGE_COUNT
public static final int UNRESTRICTED_USAGE_COUNT
This value indicates that there is no restriction on the number of times the key can be used.
Constant Value: -1 (0xffffffff)