Stay organized with collections
Save and categorize content based on your preferences.
KeyStoreParameter
class KeyStoreParameter : KeyStore.ProtectionParameter
This provides the optional parameters that can be specified for KeyStore entries that work with Android KeyStore facility. The Android KeyStore facility is accessed through a java.security.KeyStore API using the AndroidKeyStore provider. The context passed in may be used to pop up some UI to ask the user to unlock or initialize the Android KeyStore facility.
Any entries placed in the KeyStore may be retrieved later. Note that there is only one logical instance of the KeyStore per application UID so apps using the sharedUid facility will also share a KeyStore.
Keys may be generated using the KeyPairGenerator facility with a KeyPairGeneratorSpec to specify the entry's alias. A self-signed X.509 certificate will be attached to generated entries, but that may be replaced at a later time by a certificate signed by a real Certificate Authority.
Summary
Public methods
isEncryptionRequired
fun isEncryptionRequired(): Boolean
Deprecated: Data at rest encryption is enabled by default. If extra binding to the lockscreen credential is desired, use .Builder#setUserAuthenticationRequired(boolean). This flag will be ignored from Android S.
Returns true if the java.security.KeyStore entry must be encrypted at rest. This will protect the entry with the secure lock screen credential (e.g., password, PIN, or pattern).
Note that encrypting the key at rest requires that the secure lock screen (e.g., password, PIN, pattern) is set up, otherwise key generation will fail. Moreover, this key will be deleted when the secure lock screen is disabled or reset (e.g., by the user or a Device Administrator). Finally, this key cannot be used until the user unlocks the secure lock screen after boot.
Content and code samples on this page are subject to the licenses described in the Content License. Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
Last updated 2025-02-10 UTC.
[null,null,["Last updated 2025-02-10 UTC."],[],[],null,["# KeyStoreParameter\n\nAdded in [API level 18](https://developer.android.com/guide/topics/manifest/uses-sdk-element.html#ApiLevels) \nDeprecated in [API level 23](https://developer.android.com/guide/topics/manifest/uses-sdk-element.html#ApiLevels)\n\nKeyStoreParameter\n=================\n\n*** ** * ** ***\n\nKotlin \\|[Java](/reference/android/security/KeyStoreParameter \"View this page in Java\") \n\n```\nclass KeyStoreParameter : KeyStore.ProtectionParameter\n```\n\n|---|-----------------------------------------|\n| [kotlin.Any](https://kotlinlang.org/api/latest/jvm/stdlib/kotlin/-any/index.html) ||\n| ↳ | [android.security.KeyStoreParameter](#) |\n\n*** ** * ** ***\n\n| **This class was deprecated in API level 23.**\n|\n| Use [KeyProtection](/reference/kotlin/android/security/keystore/KeyProtection) instead.\n\nThis provides the optional parameters that can be specified for `KeyStore` entries that work with [Android KeyStore facility](https://developer.android.com/training/articles/keystore.html). The Android KeyStore facility is accessed through a [java.security.KeyStore](../../java/security/KeyStore.html#) API using the `AndroidKeyStore` provider. The `context` passed in may be used to pop up some UI to ask the user to unlock or initialize the Android KeyStore facility.\n\nAny entries placed in the `KeyStore` may be retrieved later. Note that there is only one logical instance of the `KeyStore` per application UID so apps using the `sharedUid` facility will also share a `KeyStore`.\n\nKeys may be generated using the [KeyPairGenerator](../../java/security/KeyPairGenerator.html#) facility with a [KeyPairGeneratorSpec](/reference/kotlin/android/security/KeyPairGeneratorSpec) to specify the entry's `alias`. A self-signed X.509 certificate will be attached to generated entries, but that may be replaced at a later time by a certificate signed by a real Certificate Authority.\n\nSummary\n-------\n\n| Nested classes ||\n|---|---------------------------------------------------------------------------------------------------------------------------|\n| | [Builder](/reference/kotlin/android/security/KeyStoreParameter.Builder) Builder class for [KeyStoreParameter](#) objects. |\n\n| Public methods ||\n|------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| [Boolean](https://kotlinlang.org/api/latest/jvm/stdlib/kotlin/-boolean/index.html) | [isEncryptionRequired](#isEncryptionRequired())`()` Returns `true` if the [java.security.KeyStore](../../java/security/KeyStore.html#) entry must be encrypted at rest. |\n\nPublic methods\n--------------\n\n### isEncryptionRequired\n\nAdded in [API level 18](https://developer.android.com/guide/topics/manifest/uses-sdk-element.html#ApiLevels) \n\n```\nfun isEncryptionRequired(): Boolean\n```\n\n**Deprecated:** *Data at rest encryption is enabled by default. If extra binding to the lockscreen credential is desired, use [.Builder#setUserAuthenticationRequired(boolean)](/reference/kotlin/android/security/keystore/KeyGenParameterSpec). This flag will be ignored from Android S.*\n\nReturns `true` if the [java.security.KeyStore](../../java/security/KeyStore.html#) entry must be encrypted at rest. This will protect the entry with the secure lock screen credential (e.g., password, PIN, or pattern).\n\nNote that encrypting the key at rest requires that the secure lock screen (e.g., password, PIN, pattern) is set up, otherwise key generation will fail. Moreover, this key will be deleted when the secure lock screen is disabled or reset (e.g., by the user or a Device Administrator). Finally, this key cannot be used until the user unlocks the secure lock screen after boot. \n**See Also**\n\n- [android.app.KeyguardManager#isDeviceSecure()](../app/KeyguardManager.html#isDeviceSecure())"]]
