KeyInfo
open class KeyInfo : KeySpec
kotlin.Any | |
↳ | android.security.keystore.KeyInfo |
Information about a key from the Android Keystore system. This class describes whether the key material is available in plaintext outside of secure hardware, whether user authentication is required for using the key and whether this requirement is enforced by secure hardware, the key's origin, what uses the key is authorized for (e.g., only in GCM
mode, or signing only), whether the key should be encrypted at rest, the key's and validity start and end dates.
Instances of this class are immutable.
Example: Symmetric Key
The following example illustrates how to obtain aKeyInfo
describing the provided Android Keystore SecretKey
.
<code>SecretKey key = ...; // Android Keystore key SecretKeyFactory factory = SecretKeyFactory.getInstance(key.getAlgorithm(), "AndroidKeyStore"); KeyInfo keyInfo; try { keyInfo = (KeyInfo) factory.getKeySpec(key, KeyInfo.class); } catch (InvalidKeySpecException e) { // Not an Android KeyStore key. }</code>
Example: Private Key
The following example illustrates how to obtain aKeyInfo
describing the provided Android KeyStore PrivateKey
.
<code>PrivateKey key = ...; // Android KeyStore key KeyFactory factory = KeyFactory.getInstance(key.getAlgorithm(), "AndroidKeyStore"); KeyInfo keyInfo; try { keyInfo = factory.getKeySpec(key, KeyInfo.class); } catch (InvalidKeySpecException e) { // Not an Android KeyStore key. }</code>
Summary
Public methods | |
---|---|
open Array<String!> |
Gets the set of block modes (e.g., |
open Array<String!> |
Gets the set of digest algorithms (e.g., |
open Array<String!> |
Gets the set of padding schemes (e.g., |
open Int |
Gets the size of the key in bits. |
open Date? |
Gets the time instant after which the key is no long valid for decryption and verification. |
open Date? |
Gets the time instant after which the key is no long valid for encryption and signing. |
open Date? |
Gets the time instant before which the key is not yet valid. |
open String! |
Gets the entry alias under which the key is stored in the |
open Int |
Gets the origin of the key. |
open Int |
Gets the set of purposes (e.g., encrypt, decrypt, sign) for which the key can be used. |
open Int |
Returns the remaining number of times the key is allowed to be used or |
open Int |
Returns the security level that the key is protected by. |
open Array<String!> |
Gets the set of padding schemes (e.g., |
open Int |
Gets the acceptable user authentication types for which this key can be authorized to be used. |
open Int |
Gets the duration of time (seconds) for which this key is authorized to be used after the user is successfully authenticated. |
open Boolean |
Returns |
open Boolean |
Returns |
open Boolean |
Returns |
open Boolean |
Returns |
open Boolean |
Returns |
open Boolean |
Returns |
open Boolean |
Returns |
open Boolean |
Returns |
Public methods
getBlockModes
open fun getBlockModes(): Array<String!>
Gets the set of block modes (e.g., GCM
, CBC
) with which the key can be used when encrypting/decrypting. Attempts to use the key with any other block modes will be rejected.
See KeyProperties
.BLOCK_MODE
constants.
getDigests
open fun getDigests(): Array<String!>
Gets the set of digest algorithms (e.g., SHA-256
, SHA-384
) with which the key can be used.
See KeyProperties
.DIGEST
constants.
getEncryptionPaddings
open fun getEncryptionPaddings(): Array<String!>
Gets the set of padding schemes (e.g., PKCS7Padding
, PKCS1Padding
, NoPadding
) with which the key can be used when encrypting/decrypting. Attempts to use the key with any other padding scheme will be rejected.
See KeyProperties
.ENCRYPTION_PADDING
constants.
getKeyValidityForConsumptionEnd
open fun getKeyValidityForConsumptionEnd(): Date?
Gets the time instant after which the key is no long valid for decryption and verification.
Return | |
---|---|
Date? |
instant or null if not restricted. |
getKeyValidityForOriginationEnd
open fun getKeyValidityForOriginationEnd(): Date?
Gets the time instant after which the key is no long valid for encryption and signing.
Return | |
---|---|
Date? |
instant or null if not restricted. |
getKeyValidityStart
open fun getKeyValidityStart(): Date?
Gets the time instant before which the key is not yet valid.
Return | |
---|---|
Date? |
instant or null if not restricted. |
getKeystoreAlias
open fun getKeystoreAlias(): String!
Gets the entry alias under which the key is stored in the AndroidKeyStore
.
getOrigin
open fun getOrigin(): Int
Gets the origin of the key. See KeyProperties
.ORIGIN
constants.
Return | |
---|---|
Int |
Value is android.security.keystore.KeyProperties#ORIGIN_GENERATED , android.security.keystore.KeyProperties#ORIGIN_IMPORTED , or android.security.keystore.KeyProperties#ORIGIN_UNKNOWN |
getPurposes
open fun getPurposes(): Int
Gets the set of purposes (e.g., encrypt, decrypt, sign) for which the key can be used. Attempts to use the key for any other purpose will be rejected.
See KeyProperties
.PURPOSE
flags.
getRemainingUsageCount
open fun getRemainingUsageCount(): Int
Returns the remaining number of times the key is allowed to be used or KeyProperties.UNRESTRICTED_USAGE_COUNT
if there's no restriction on the number of times the key can be used. Note that this gives a best effort count and need not be accurate (as there might be usages happening in parallel and the count maintained here need not be in sync with the usage).
getSecurityLevel
open fun getSecurityLevel(): Int
Returns the security level that the key is protected by. KeyProperties.SecurityLevelEnum.TRUSTED_ENVIRONMENT
and KeyProperties.SecurityLevelEnum.STRONGBOX
indicate that the key material resides in secure hardware. Key material of such keys is available in plaintext only inside the secure hardware and is not exposed outside of it.
See KeyProperties
.SecurityLevelEnum
constants.
getSignaturePaddings
open fun getSignaturePaddings(): Array<String!>
Gets the set of padding schemes (e.g., PSS
, PKCS#1
) with which the key can be used when signing/verifying. Attempts to use the key with any other padding scheme will be rejected.
See KeyProperties
.SIGNATURE_PADDING
constants.
Return | |
---|---|
Array<String!> |
This value cannot be null . Value is android.security.keystore.KeyProperties#SIGNATURE_PADDING_RSA_PKCS1 , or android.security.keystore.KeyProperties#SIGNATURE_PADDING_RSA_PSS |
getUserAuthenticationType
open fun getUserAuthenticationType(): Int
Gets the acceptable user authentication types for which this key can be authorized to be used. This has effect only if user authentication is required (see isUserAuthenticationRequired()
).
This authorization applies only to secret key and private key operations. Public key operations are not restricted.
Return | |
---|---|
Int |
integer representing the accepted forms of user authentication for this key Value is either 0 or a combination of android.security.keystore.KeyProperties#AUTH_BIOMETRIC_STRONG , and android.security.keystore.KeyProperties#AUTH_DEVICE_CREDENTIAL |
See Also
getUserAuthenticationValidityDurationSeconds
open fun getUserAuthenticationValidityDurationSeconds(): Int
Gets the duration of time (seconds) for which this key is authorized to be used after the user is successfully authenticated. This has effect only if user authentication is required (see isUserAuthenticationRequired()
).
This authorization applies only to secret key and private key operations. Public key operations are not restricted.
Return | |
---|---|
Int |
duration in seconds or -1 if authentication is required for every use of the key. |
See Also
isInsideSecureHardware
open funisInsideSecureHardware(): Boolean
Deprecated: This method is superseded by @see getSecurityLevel.
Returns true
if the key resides inside secure hardware (e.g., Trusted Execution Environment (TEE) or Secure Element (SE)). Key material of such keys is available in plaintext only inside the secure hardware and is not exposed outside of it.
isInvalidatedByBiometricEnrollment
open fun isInvalidatedByBiometricEnrollment(): Boolean
Returns true
if the key will be invalidated by enrollment of a new fingerprint or removal of all fingerprints.
isTrustedUserPresenceRequired
open fun isTrustedUserPresenceRequired(): Boolean
Returns true
if the key can only be only be used if a test for user presence has succeeded since Signature.initSign() has been called.
isUnlockedDeviceRequired
open fun isUnlockedDeviceRequired(): Boolean
Returns true
if the key is authorized to be used only while the device is unlocked.
This authorization applies only to secret key and private key operations. Public key operations are not restricted.
isUserAuthenticationRequired
open fun isUserAuthenticationRequired(): Boolean
Returns true
if the key is authorized to be used only if the user has been authenticated.
This authorization applies only to secret key and private key operations. Public key operations are not restricted.
isUserAuthenticationRequirementEnforcedBySecureHardware
open fun isUserAuthenticationRequirementEnforcedBySecureHardware(): Boolean
Returns true
if the requirement that this key can only be used if the user has been authenticated is enforced by secure hardware (e.g., Trusted Execution Environment (TEE) or Secure Element (SE)).
See Also
isUserAuthenticationValidWhileOnBody
open fun isUserAuthenticationValidWhileOnBody(): Boolean
Returns true
if this key will become unusable when the device is removed from the user's body. This is possible only for keys with a specified validity duration, and only on devices with an on-body sensor. Always returns false
on devices that lack an on-body sensor.
isUserConfirmationRequired
open fun isUserConfirmationRequired(): Boolean
Returns true
if the key is authorized to be used only for messages confirmed by the user. Confirmation is separate from user authentication (see isUserAuthenticationRequired()
). Keys can be created that require confirmation but not user authentication, or user authentication but not confirmation, or both. Confirmation verifies that some user with physical possession of the device has approved a displayed message. User authentication verifies that the correct user is present and has authenticated.
This authorization applies only to secret key and private key operations. Public key operations are not restricted.