WrappedKeyEntry

Kotlin |Java

public class WrappedKeyEntry
extends Object implements KeyStore.Entry

java.lang.Object
↳	android.security.keystore.WrappedKeyEntry

An Entry that holds a wrapped key. Wrapped keys contain encrypted key data and description information that can be used to securely import key material into a hardware-backed Keystore.

The wrapped key is in DER-encoded ASN.1 format, specified by the following schema:

     KeyDescription ::= SEQUENCE(
         keyFormat INTEGER,                   # Values from KeyFormat enum.
         keyParams AuthorizationList,
     )

     SecureKeyWrapper ::= SEQUENCE(
         version INTEGER,                     # Contains value 0
         encryptedTransportKey OCTET_STRING,
         initializationVector OCTET_STRING,
         keyDescription KeyDescription,
         encryptedKey OCTET_STRING,
         tag OCTET_STRING
     )

keyFormat is an integer from the KeyFormat enum, defining the format of the plaintext key material.
keyParams is the characteristics of the key to be imported (as with generateKey or importKey). If the secure import is successful, these characteristics must be associated with the key exactly as if the key material had been insecurely imported with importKey. See Key Attestation for the AuthorizationList format.
encryptedTransportKey is a 256-bit AES key, XORed with a masking key and then encrypted in RSA-OAEP mode (SHA-256 digest, SHA-1 MGF1 digest) with the wrapping key specified by wrappingKeyBlob.
keyDescription is a KeyDescription, above.
encryptedKey is the key material of the key to be imported, in format keyFormat, and encrypted with encryptedEphemeralKey in AES-GCM mode, with the DER-encoded representation of keyDescription provided as additional authenticated data.
tag is the tag produced by the AES-GCM encryption of encryptedKey.

Imported wrapped keys will have KeymasterDefs.KM_ORIGIN_SECURELY_IMPORTED

Summary

Public constructors
`WrappedKeyEntry(byte[] wrappedKeyBytes, String wrappingKeyAlias, String transformation, AlgorithmParameterSpec algorithmParameterSpec)` Constructs a `WrappedKeyEntry` with a binary wrapped key.

Public methods
`AlgorithmParameterSpec`	`getAlgorithmParameterSpec()`
`String`	`getTransformation()`
`byte[]`	`getWrappedKeyBytes()`
`String`	`getWrappingKeyAlias()`

Inherited methods

From class


        
          java.lang.Object

`Object`	`clone()` Creates and returns a copy of this object.
`boolean`	`equals(Object obj)` Indicates whether some other object is "equal to" this one.
`void`	`finalize()` Called by the garbage collector on an object when garbage collection determines that there are no more references to the object.
`final Class<?>`	`getClass()` Returns the runtime class of this `Object`.
`int`	`hashCode()` Returns a hash code value for the object.
`final void`	`notify()` Wakes up a single thread that is waiting on this object's monitor.
`final void`	`notifyAll()` Wakes up all threads that are waiting on this object's monitor.
`String`	`toString()` Returns a string representation of the object.
`final void`	`wait(long timeoutMillis, int nanos)` Causes the current thread to wait until it is awakened, typically by being notified or interrupted, or until a certain amount of real time has elapsed.
`final void`	`wait(long timeoutMillis)` Causes the current thread to wait until it is awakened, typically by being notified or interrupted, or until a certain amount of real time has elapsed.
`final void`	`wait()` Causes the current thread to wait until it is awakened, typically by being notified or interrupted.

From interface


        
          java.security.KeyStore.Entry


        
        default
        
        
        
        Set<KeyStore.Entry.Attribute>


      getAttributes()

Retrieves the attributes associated with an entry.

Public constructors

WrappedKeyEntry

Added in API level 28

public WrappedKeyEntry (byte[] wrappedKeyBytes, 
                String wrappingKeyAlias, 
                String transformation, 
                AlgorithmParameterSpec algorithmParameterSpec)

Constructs a WrappedKeyEntry with a binary wrapped key.

Parameters
`wrappedKeyBytes`	`byte`: ASN.1 DER encoded wrapped key
`wrappingKeyAlias`	`String`: identifies the private key that can unwrap the wrapped key
`transformation`	`String`: used to unwrap the key. ex: "RSA/ECB/OAEPPadding"
`algorithmParameterSpec`	`AlgorithmParameterSpec`: spec for the private key used to unwrap the wrapped key

Public methods

getAlgorithmParameterSpec

Added in API level 28

public AlgorithmParameterSpec getAlgorithmParameterSpec ()

Returns
`AlgorithmParameterSpec`

getTransformation

Added in API level 28

public String getTransformation ()

Returns
`String`

getWrappedKeyBytes

Added in API level 28

public byte[] getWrappedKeyBytes ()

Returns
`byte[]`

getWrappingKeyAlias

Added in API level 28

public String getWrappingKeyAlias ()

Returns
`String`