Document what algorithms Android Keystore supports.

This updates the Android platform SDK documentation to list which algorithms are supported by Android Keystore on which Android platforms. The list is similar in design to the one in SSLSocket and SSLEngine. Bug: 22661043 Change-Id: I08fcf65ca58ead644100b673dceb93c67f34f507
author: Alex Klyubin <klyubin@google.com> 2015-07-22 12:03:19 -0700
committer: Alex Klyubin <klyubin@google.com> 2015-07-22 12:04:39 -0700
commit: 6f023640a3847540cff5282e82844e3d0c59fae1 (patch)
tree: b6598fd89cd055d5af3be2f60acd8e8c28024b9d
parent: ada70be897fb7541129f1ab1f6faa94a80fca986 (diff)
download: frameworks_base-6f023640a3847540cff5282e82844e3d0c59fae1.zip
frameworks_base-6f023640a3847540cff5282e82844e3d0c59fae1.tar.gz
frameworks_base-6f023640a3847540cff5282e82844e3d0c59fae1.tar.bz2
1 files changed, 464 insertions, 3 deletions
diff --git a/docs/html/training/articles/keystore.jd b/docs/html/training/articles/keystore.jd
index 52cb13e..aa1ed0a 100644
--- a/docs/html/training/articles/keystore.jd
+++ b/docs/html/training/articles/keystore.jd
@@ -7,14 +7,15 @@ page.title=Android Keystore System
     <ol>
       <li><a href="#SecurityFeatures">Security Features</a></li>
       <li><a href="#WhichShouldIUse">Choosing Between a Keychain or the Android Keystore Provider</a></li>
-      <li><a href="#UsingAndroidKeyStore">Using Android Keystore Provider
-      </a></li>
+      <li><a href="#UsingAndroidKeyStore">Using Android Keystore Provider</a>
       <ol>
         <li><a href="#GeneratingANewPrivateKey">Generating a New Private Key</a></li>
         <li><a href="#WorkingWithKeyStoreEntries">Working with Keystore Entries</a></li>
         <li><a href="#ListingEntries">Listing Entries</a></li>
         <li><a href="#SigningAndVerifyingData">Signing and Verifying Data</a></li>
       </ol>
+      </li>
+      <li><a href="#SupportedAlgorithms">Supported Algorithms</a></li>
     </ol>
 
     <h2>Blog articles</h2>
@@ -27,6 +28,14 @@ page.title=Android Keystore System
   </div>
 </div>
 
+<style type="text/css">
+  tr.deprecated {
+    background-color: #ccc;
+    color: #999;
+    font-style: italic;
+  }
+</style>
+
 <p>The Android Keystore system lets you store cryptographic keys in a container
   to make it more difficult to extract from the device. Once keys are in the
   keystore, they can be used for cryptographic operations with the key material
@@ -213,4 +222,456 @@ operate in one of the two modes:
   {@link android.hardware.fingerprint.FingerprintManager#hasEnrolledFingerprints() FingerprintManager.hasEnrolledFingerprints}).
   These keys become permanently invalidated once a new fingerprint is enrolled or all fingerprints
   are unenrolled.</li>
-</ul>
-\ No newline at end of file
+</ul>
+
+<h2 id="SupportedAlgorithms">Supported Algorithms</h2>
+
+<ul>
+  <li><a href="#SupportedCiphers">{@code Cipher}</a></li>
+  <li><a href="#SupportedKeyGenerators">{@code KeyGenerator}</a></li>
+  <li><a href="#SupportedKeyFactories">{@code KeyFactory}</a></li>
+  <li><a href="#SupportedKeyPairGenerators">{@code KeyPairGenerator}</a></li>
+  <li><a href="#SupportedMacs">{@code Mac}</a></li>
+  <li><a href="#SupportedSignatures">{@code Signature}</a></li>
+  <li><a href="#SupportedSecretKeyFactories">{@code SecretKeyFactory}</a></li>
+</ul>
+
+<h3 id="SupportedCiphers">Cipher</h3>
+<table>
+  <thead>
+    <tr>
+      <th>Algorithm</th>
+      <th>Supported (API Levels)</th>
+      <th>Notes</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>AES/CBC/NoPadding</td>
+      <td>23+</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>AES/CBC/PKCS7Padding</td>
+      <td>23+</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>AES/CTR/NoPadding</td>
+      <td>23+</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>AES/ECB/NoPadding</td>
+      <td>23+</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>AES/ECB/PKCS7Padding</td>
+      <td>23+</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>AES/GCM/NoPadding</td>
+      <td>23+</td>
+      <td>Only 12-byte long IVs supported.</td>
+    </tr>
+    <tr>
+      <td>RSA/ECB/NoPadding</td>
+      <td>18+</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>RSA/ECB/PKCS1Padding</td>
+      <td>18+</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>RSA/ECB/OAEPWithSHA-1AndMGF1Padding</td>
+      <td>23+</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>RSA/ECB/OAEPWithSHA-224AndMGF1Padding</td>
+      <td>23+</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>RSA/ECB/OAEPWithSHA-256AndMGF1Padding</td>
+      <td>23+</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>RSA/ECB/OAEPWithSHA-384AndMGF1Padding</td>
+      <td>23+</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>RSA/ECB/OAEPWithSHA-512AndMGF1Padding</td>
+      <td>23+</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>RSA/ECB/OAEPPadding</td>
+      <td>23+</td>
+      <td></td>
+    </tr>
+  </tbody>
+</table>
+
+<h3 id="SupportedKeyGenerators">KeyGenerator</h3>
+<table>
+  <thead>
+    <tr>
+      <th>Algorithm</th>
+      <th>Supported (API Levels)</th>
+      <th>Notes</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>AES</td>
+      <td>23+</td>
+      <td>Supported sizes: 128, 192, 256</td>
+    </tr>
+    <tr>
+      <td>HmacSHA1</td>
+      <td>23+</td>
+      <td>
+        <ul>
+          <li>Supported sizes: 8--1024 (inclusive), must be multiple of 8</li>
+          <li>Default size: 160</li>
+        <ul>
+      </td>
+    </tr>
+    <tr>
+      <td>HmacSHA224</td>
+      <td>23+</td>
+      <td>
+        <ul>
+          <li>Supported sizes: 8--1024 (inclusive), must be multiple of 8</li>
+          <li>Default size: 224</li>
+        <ul>
+      </td>
+    </tr>
+    <tr>
+      <td>HmacSHA256</td>
+      <td>23+</td>
+      <td>
+        <ul>
+          <li>Supported sizes: 8--1024 (inclusive), must be multiple of 8</li>
+          <li>Default size: 256</li>
+        <ul>
+      </td>
+    </tr>
+    <tr>
+      <td>HmacSHA384</td>
+      <td>23+</td>
+      <td>
+        <ul>
+          <li>Supported sizes: 8--1024 (inclusive), must be multiple of 8</li>
+          <li>Default size: 384</li>
+        <ul>
+      </td>
+    </tr>
+    <tr>
+      <td>HmacSHA512</td>
+      <td>23+</td>
+      <td>
+        <ul>
+          <li>Supported sizes: 8--1024 (inclusive), must be multiple of 8</li>
+          <li>Default size: 512</li>
+        <ul>
+      </td>
+    </tr>
+  </tbody>
+</table>
+
+<h3 id="SupportedKeyFactories">KeyFactory</h3>
+<table>
+  <thead>
+    <tr>
+      <th>Algorithm</th>
+      <th>Supported (API Levels)</th>
+      <th>Notes</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>EC</td>
+      <td>23+</td>
+      <td>Supported key specs: {@link android.security.keystore.KeyInfo} (private key only),
+        {@link java.security.spec.ECPublicKeySpec} (public key only),
+        {@link java.security.spec.X509EncodedKeySpec} (public key only)
+      </td>
+    </tr>
+    <tr>
+      <td>RSA</td>
+      <td>23+</td>
+      <td>Supported key specs: {@link android.security.keystore.KeyInfo} (private key only),
+        {@link java.security.spec.RSAPublicKeySpec} (public key only),
+        {@link java.security.spec.X509EncodedKeySpec} (public key only)
+      </td>
+    </tr>
+  </tbody>
+</table>
+
+<h3 id="SupportedKeyStoreKeys">KeyStore</h3>
+KeyStore supports the same key types as
+<a href="#SupportedKeyPairGenerators">{@code KeyPairGenerator}</a> and
+<a href="#SupportedKeyGenerators">{@code KeyGenerator}</a>.
+
+<h3 id="SupportedKeyPairGenerators">KeyPairGenerator</h3>
+<table>
+  <thead>
+    <tr>
+      <th>Algorithm</th>
+      <th>Supported (API Levels)</th>
+      <th>Notes</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr class="deprecated">
+      <td>DSA</td>
+      <td>19&ndash;22</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>EC</td>
+      <td>23+</td>
+      <td>
+        <ul>
+          <li>Supported sizes: 224, 256, 384, 521</li>
+          <li>Supported named curves: P-224 (secp256r1), P-256 (aka secp256r1 and prime256v1), P-384
+            (aka secp384r1), P-521 (aka secp521r1)</li>
+        </ul>
+
+        <p>Prior to API Level 23, EC keys can be generated using KeyPairGenerator of algorithm "RSA"
+        initialized {@link android.security.KeyPairGeneratorSpec} whose key type is set to "EC"
+        using {@link android.security.KeyPairGeneratorSpec.Builder#setKeyType(String)}. EC curve
+        name cannot be specified using this method -- a NIST P-curve is automatically chosen based
+        on the requested key size.
+      </td>
+    </tr>
+    <tr>
+      <td>RSA</td>
+      <td>18+</td>
+      <td>
+        <ul>
+          <li>Supported sizes: 512, 768, 1024, 2048, 3072, 4096</li>
+          <li>Supported public exponents: 3, 65537</li>
+          <li>Default public exponent: 65537</li>
+        </ul>
+      </td>
+    </tr>
+  </tbody>
+</table>
+
+<h3 id="SupportedMacs">Mac</h3>
+<table>
+  <thead>
+    <tr>
+      <th>Algorithm</th>
+      <th>Supported (API Levels)</th>
+      <th>Notes</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>HmacSHA1</td>
+      <td>23+</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>HmacSHA224</td>
+      <td>23+</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>HmacSHA256</td>
+      <td>23+</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>HmacSHA384</td>
+      <td>23+</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>HmacSHA512</td>
+      <td>23+</td>
+      <td></td>
+    </tr>
+  </tbody>
+</table>
+
+<h3 id="SupportedSignatures">Signature</h3>
+<table>
+  <thead>
+    <tr>
+      <th>Algorithm</th>
+      <th>Supported (API Levels)</th>
+      <th>Notes</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>MD5withRSA</td>
+      <td>18+</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>NONEwithECDSA</td>
+      <td>23+</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>NONEwithRSA</td>
+      <td>18+</td>
+      <td></td>
+    </tr>
+    <tr class="deprecated">
+      <td>SHA1withDSA</td>
+      <td>19&ndash;22</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>SHA1withECDSA</td>
+      <td>19+</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>SHA1withRSA</td>
+      <td>18+</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>SHA1withRSA/PSS</td>
+      <td>23+</td>
+      <td></td>
+    </tr>
+    <tr class="deprecated">
+      <td>SHA224withDSA</td>
+      <td>20&ndash;22</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>SHA224withECDSA</td>
+      <td>20+</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>SHA224withRSA</td>
+      <td>20+</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>SHA224withRSA/PSS</td>
+      <td>23+</td>
+      <td></td>
+    </tr>
+    <tr class="deprecated">
+      <td>SHA256withDSA</td>
+      <td>19&ndash;22</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>SHA256withECDSA</td>
+      <td>19+</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>SHA256withRSA</td>
+      <td>18+</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>SHA256withRSA/PSS</td>
+      <td>23+</td>
+      <td></td>
+    </tr>
+    <tr class="deprecated">
+      <td>SHA384withDSA</td>
+      <td>19&ndash;22</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>SHA384withECDSA</td>
+      <td>19+</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>SHA384withRSA</td>
+      <td>18+</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>SHA384withRSA/PSS</td>
+      <td>23+</td>
+      <td></td>
+    </tr>
+    <tr class="deprecated">
+      <td>SHA512withDSA</td>
+      <td>19&ndash;22</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>SHA512withECDSA</td>
+      <td>19+</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>SHA512withRSA</td>
+      <td>18+</td>
+      <td></td>
+    </tr>
+    <tr>
+      <td>SHA512withRSA/PSS</td>
+      <td>23+</td>
+      <td></td>
+    </tr>
+  </tbody>
+</table>
+
+<h3 id="SupportedSecretKeyFactories">SecretKeyFactory</h3>
+<table>
+  <thead>
+    <tr>
+      <th>Algorithm</th>
+      <th>Supported (API Levels)</th>
+      <th>Notes</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>AES</td>
+      <td>23+</td>
+      <td>Supported key specs: {@link android.security.keystore.KeyInfo}</td>
+    </tr>
+    <tr>
+      <td>HmacSHA1</td>
+      <td>23+</td>
+      <td>Supported key specs: {@link android.security.keystore.KeyInfo}</td>
+    </tr>
+    <tr>
+      <td>HmacSHA224</td>
+      <td>23+</td>
+      <td>Supported key specs: {@link android.security.keystore.KeyInfo}</td>
+    </tr>
+    <tr>
+      <td>HmacSHA256</td>
+      <td>23+</td>
+      <td>Supported key specs: {@link android.security.keystore.KeyInfo}</td>
+    </tr>
+    <tr>
+      <td>HmacSHA384</td>
+      <td>23+</td>
+      <td>Supported key specs: {@link android.security.keystore.KeyInfo}</td>
+    </tr>
+    <tr>
+      <td>HmacSHA512</td>
+      <td>23+</td>
+      <td>Supported key specs: {@link android.security.keystore.KeyInfo}</td>
+    </tr>
+  </tbody>
+</table>
+\ No newline at end of file
author	Alex Klyubin <klyubin@google.com>	2015-07-22 12:03:19 -0700
committer	Alex Klyubin <klyubin@google.com>	2015-07-22 12:04:39 -0700
commit	6f023640a3847540cff5282e82844e3d0c59fae1 (patch)
tree	b6598fd89cd055d5af3be2f60acd8e8c28024b9d
parent	ada70be897fb7541129f1ab1f6faa94a80fca986 (diff)
download	frameworks_base-6f023640a3847540cff5282e82844e3d0c59fae1.zip frameworks_base-6f023640a3847540cff5282e82844e3d0c59fae1.tar.gz frameworks_base-6f023640a3847540cff5282e82844e3d0c59fae1.tar.bz2