diff options
| author | Alex Klyubin <klyubin@google.com> | 2015-05-08 15:25:48 -0700 |
|---|---|---|
| committer | Alex Klyubin <klyubin@google.com> | 2015-05-08 15:56:59 -0700 |
| commit | 5418393c58d1d80fe37a209ab931f6d56bd46a86 (patch) | |
| tree | f44684be6f62629d0aa78a0761c444d1ff9896de /keystore/java/android/security/KeyStoreParameter.java | |
| parent | b2fa5f3160cfc9b1703c6970649a926370971ea9 (diff) | |
| download | frameworks_base-5418393c58d1d80fe37a209ab931f6d56bd46a86.zip frameworks_base-5418393c58d1d80fe37a209ab931f6d56bd46a86.tar.gz frameworks_base-5418393c58d1d80fe37a209ab931f6d56bd46a86.tar.bz2 | |
Document when encrypted AndroidKeyStore keys are wiped.
This also drops the boolean parameter from
KeyGeneratorSpec.Builder.setEncryptionRequired to match the already
launched KeyPairGeneratorSpec.Builder.setEncryptionRequired.
Bug: 18088752
Change-Id: I91a3e8c77958971b1bda8329319f1a0d8043b669
Diffstat (limited to 'keystore/java/android/security/KeyStoreParameter.java')
| -rw-r--r-- | keystore/java/android/security/KeyStoreParameter.java | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/keystore/java/android/security/KeyStoreParameter.java b/keystore/java/android/security/KeyStoreParameter.java index ea5ca71..7332332 100644 --- a/keystore/java/android/security/KeyStoreParameter.java +++ b/keystore/java/android/security/KeyStoreParameter.java @@ -305,7 +305,7 @@ public final class KeyStoreParameter implements ProtectionParameter { * * <pre class="prettyprint"> * KeyStoreParameter params = new KeyStoreParameter.Builder(mContext) - * .setEncryptionRequired() + * .setEncryptionRequired(true) * .build(); * </pre> */ @@ -338,12 +338,15 @@ public final class KeyStoreParameter implements ProtectionParameter { } /** - * Indicates that this {@link java.security.KeyStore} entry must be encrypted at rest. This - * will protect the entry with the secure lock screen credential (e.g., password, PIN, or - * pattern). + * Sets whether this {@link java.security.KeyStore} entry must be encrypted at rest. + * Encryption at rest will protect the entry with the secure lock screen credential (e.g., + * password, PIN, or pattern). * * <p>Note that enabling this feature requires that the secure lock screen (e.g., password, - * PIN, pattern) is set up. Otherwise setting the {@code KeyStore} entry will fail. + * PIN, pattern) is set up, otherwise setting the {@code KeyStore} entry will fail. + * Moreover, this entry will be deleted when the secure lock screen is disabled or reset + * (e.g., by the user or a Device Administrator). Finally, this entry cannot be used until + * the user unlocks the secure lock screen after boot. * * @see KeyguardManager#isDeviceSecure() */ |