Added in API level 28

CryptoObject


class CryptoObject
kotlin.Any
   ↳ android.hardware.biometrics.BiometricPrompt.CryptoObject

A wrapper class for the cryptographic operations supported by BiometricPrompt.

Currently the framework supports Signature, Cipher, Mac, IdentityCredential, PresentationSession and KeyAgreement.

Cryptographic operations in Android can be split into two categories: auth-per-use and time-based. This is specified during key creation via the timeout parameter of the setUserAuthenticationParameters(int, int) method of .

CryptoObjects are used to unlock auth-per-use keys via BiometricPrompt#authenticate(CryptoObject, CancellationSignal, Executor,, whereas time-based keys are unlocked for their specified duration any time the user authenticates with the specified authenticators (e.g. unlocking keyguard). If a time-based key is not available for use (i.e. none of the allowed authenticators have been unlocked recently), applications can prompt the user to authenticate via BiometricPrompt#authenticate(CancellationSignal, Executor, AuthenticationCallback)

Summary

Public constructors
CryptoObject(signature: Signature)

Create from a Signature object.

Create from a Cipher object.

Create from a Mac object.

Create from a IdentityCredential object.

Create from a PresentationSession object.

CryptoObject(operationHandle: Long)

Create from an operation handle.

Public methods
Cipher?

Get Cipher object.

IdentityCredential?

Get IdentityCredential object.

Mac?

Get Mac object.

Long

Returns the operationHandle associated with this object or 0 if none.

PresentationSession?

Get PresentationSession object.

Signature?

Get Signature object.

Public constructors

CryptoObject

Added in API level 28
CryptoObject(signature: Signature)

Create from a Signature object.

Parameters
signature Signature: a Signature object. This value cannot be null.

CryptoObject

Added in API level 28
CryptoObject(cipher: Cipher)

Create from a Cipher object.

Parameters
cipher Cipher: a Cipher object. This value cannot be null.

CryptoObject

Added in API level 28
CryptoObject(mac: Mac)

Create from a Mac object.

Parameters
mac Mac: a Mac object. This value cannot be null.

CryptoObject

Added in API level 30
CryptoObject(credential: IdentityCredential)

Deprecated: Use PresentationSession instead of IdentityCredential.

Create from a IdentityCredential object.

Parameters
credential IdentityCredential: a IdentityCredential object. This value cannot be null.

CryptoObject

Added in API level 33
CryptoObject(session: PresentationSession)

Create from a PresentationSession object.

Parameters
session PresentationSession: a PresentationSession object. This value cannot be null.

CryptoObject

Added in API level 35
CryptoObject(operationHandle: Long)

Create from an operation handle.

Parameters
operationHandle Long: the operation handle associated with this object.

Public methods

getCipher

Added in API level 28
fun getCipher(): Cipher?

Get Cipher object.

Return
Cipher? Cipher object or null if this doesn't contain one.

getIdentityCredential

Added in API level 30
Deprecated in API level 33
fun getIdentityCredential(): IdentityCredential?

Deprecated: Use PresentationSession instead of IdentityCredential.

Get IdentityCredential object.

Return
IdentityCredential? IdentityCredential object or null if this doesn't contain one.

getMac

Added in API level 28
fun getMac(): Mac?

Get Mac object.

Return
Mac? Mac object or null if this doesn't contain one.

getOperationHandle

Added in API level 35
fun getOperationHandle(): Long

Returns the operationHandle associated with this object or 0 if none. The operationHandle is the underlying identifier associated with the CryptoObject.

The operationHandle can be used to reconstruct a CryptoObject instance. This is useful for any cross-process communication as the CryptoObject class is not android.os.Parcelable. Hence, if the CryptoObject is constructed in one process, and needs to be propagated to another process, before calling the BiometricPrompt#authenticate(CryptoObject, CancellationSignal, Executor, API in the second process, the recommendation is to retrieve the operationHandle using this API, and then reconstruct the CryptoObjectusing the constructor that takes in an operationHandle, and pass that in to the authenticate API mentioned above.

getPresentationSession

Added in API level 33
fun getPresentationSession(): PresentationSession?

Get PresentationSession object.

Return
PresentationSession? PresentationSession object or null if this doesn't contain one.

getSignature

Added in API level 28
fun getSignature(): Signature?

Get Signature object.

Return
Signature? Signature object or null if this doesn't contain one.