Added in API level 18
Deprecated in API level 23

KeyPairGeneratorSpec

class KeyPairGeneratorSpec : AlgorithmParameterSpec
kotlin.Any
   ↳ android.security.KeyPairGeneratorSpec

This provides the required parameters needed for initializing the KeyPairGenerator that works with Android KeyStore facility. The Android KeyStore facility is accessed through a java.security.KeyPairGenerator API using the AndroidKeyStore provider. The context passed in may be used to pop up some UI to ask the user to unlock or initialize the Android KeyStore facility.

After generation, the keyStoreAlias is used with the java.security.KeyStore#getEntry(String, java.security.KeyStore.ProtectionParameter) interface to retrieve the PrivateKey and its associated Certificate chain.

The KeyPair generator will create a self-signed certificate with the subject as its X.509v3 Subject Distinguished Name and as its X.509v3 Issuer Distinguished Name along with the other parameters specified with the Builder.

The self-signed X.509 certificate may be replaced at a later time by a certificate signed by a real Certificate Authority.

Summary

Nested classes

Builder class for KeyPairGeneratorSpec objects.

Public methods
AlgorithmParameterSpec

Returns the AlgorithmParameterSpec that will be used for creation of the key pair.

Context!

Gets the Android context used for operations with this instance.

Date

Gets the end date to be used on the X.

Int

Returns the key size specified by this parameter.

String?

Returns the type of key pair (e.g.,

String!

Returns the alias that will be used in the java.security.KeyStore in conjunction with the AndroidKeyStore.

BigInteger

Gets the serial number to be used on the X.

Date

Gets the start date to be used on the X.

X500Principal

Gets the subject distinguished name to be used on the X.

Boolean

Returns true if the key must be encrypted at rest.

Public methods

getAlgorithmParameterSpec

Added in API level 19
Deprecated in API level 23
fun getAlgorithmParameterSpec(): AlgorithmParameterSpec

Deprecated: Deprecated in Java.

Returns the AlgorithmParameterSpec that will be used for creation of the key pair.

Return
AlgorithmParameterSpec This value cannot be null.

getContext

Added in API level 18
fun getContext(): Context!

Deprecated: Deprecated in Java.

Gets the Android context used for operations with this instance.

getEndDate

Added in API level 18
fun getEndDate(): Date

Deprecated: Deprecated in Java.

Gets the end date to be used on the X.509 certificate that will be put in the java.security.KeyStore.

Return
Date This value cannot be null.

getKeySize

Added in API level 19
Deprecated in API level 23
fun getKeySize(): Int

Deprecated: Deprecated in Java.

Returns the key size specified by this parameter. For instance, for RSA this will return the modulus size and for EC it will return the field size.

getKeystoreAlias

Added in API level 18
fun getKeystoreAlias(): String!

Deprecated: Deprecated in Java.

Returns the alias that will be used in the java.security.KeyStore in conjunction with the AndroidKeyStore.

getSerialNumber

Added in API level 18
fun getSerialNumber(): BigInteger

Deprecated: Deprecated in Java.

Gets the serial number to be used on the X.509 certificate that will be put in the java.security.KeyStore.

Return
BigInteger This value cannot be null.

getStartDate

Added in API level 18
fun getStartDate(): Date

Deprecated: Deprecated in Java.

Gets the start date to be used on the X.509 certificate that will be put in the java.security.KeyStore.

Return
Date This value cannot be null.

getSubjectDN

Added in API level 18
fun getSubjectDN(): X500Principal

Deprecated: Deprecated in Java.

Gets the subject distinguished name to be used on the X.509 certificate that will be put in the java.security.KeyStore.

Return
X500Principal This value cannot be null.

isEncryptionRequired

Added in API level 18
fun isEncryptionRequired(): Boolean

Deprecated: Encryption at rest is on by default. If extra binding to the lockscreen screen credential is desired use KeyGenParameterSpec.Builder#setUserAuthenticationRequired(boolean). This flag will be ignored from Android S.

Returns true if the key must be encrypted at rest. This will protect the key pair with the secure lock screen credential (e.g., password, PIN, or pattern).

Note that encrypting the key at rest requires that the secure lock screen (e.g., password, PIN, pattern) is set up, otherwise key generation will fail. Moreover, this key will be deleted when the secure lock screen is disabled or reset (e.g., by the user or a Device Administrator). Finally, this key cannot be used until the user unlocks the secure lock screen after boot.