diff options
| author | Alex Klyubin <klyubin@google.com> | 2015-06-22 22:27:36 +0000 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2015-06-22 22:27:38 +0000 |
| commit | bf224d93cca7a7db1d65762bab41fb8a65e2b1fe (patch) | |
| tree | ef302b13292577d38a90a5dbaab9aa3623fb9efc /keystore/java | |
| parent | 15d8a2bc77a027abdf1813eeba4d1917efff5ee2 (diff) | |
| parent | 3867709fb3840fa26072fef66ba7121a0e41871f (diff) | |
| download | frameworks_base-bf224d93cca7a7db1d65762bab41fb8a65e2b1fe.zip frameworks_base-bf224d93cca7a7db1d65762bab41fb8a65e2b1fe.tar.gz frameworks_base-bf224d93cca7a7db1d65762bab41fb8a65e2b1fe.tar.bz2 | |
Merge "Document that RSA OAEP requires digest authorization." into mnc-dev
Diffstat (limited to 'keystore/java')
| -rw-r--r-- | keystore/java/android/security/keystore/KeyGenParameterSpec.java | 9 | ||||
| -rw-r--r-- | keystore/java/android/security/keystore/KeyProtection.java | 11 |
2 files changed, 11 insertions, 9 deletions
diff --git a/keystore/java/android/security/keystore/KeyGenParameterSpec.java b/keystore/java/android/security/keystore/KeyGenParameterSpec.java index 1732db9..3d23399 100644 --- a/keystore/java/android/security/keystore/KeyGenParameterSpec.java +++ b/keystore/java/android/security/keystore/KeyGenParameterSpec.java @@ -634,11 +634,12 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { /** * Sets the set of digests algorithms (e.g., {@code SHA-256}, {@code SHA-384}) with which - * the key can be used when signing/verifying. Attempts to use the key with any other digest - * algorithm will be rejected. + * the key can be used. Attempts to use the key with any other digest algorithm will be + * rejected. * - * <p>This must be specified for keys which are used for signing/verification. For HMAC - * keys, the set of digests defaults to the digest associated with the key algorithm (e.g., + * <p>This must be specified for signing/verification keys and RSA encryption/decryption + * keys used with RSA OAEP padding scheme because these operations involve a digest. For + * HMAC keys, the default is the digest associated with the key algorithm (e.g., * {@code SHA-256} for key algorithm {@code HmacSHA256}). * * <p>For private keys used for TLS/SSL client or server authentication it is usually diff --git a/keystore/java/android/security/keystore/KeyProtection.java b/keystore/java/android/security/keystore/KeyProtection.java index b7a2a0b..5b4b3e7 100644 --- a/keystore/java/android/security/keystore/KeyProtection.java +++ b/keystore/java/android/security/keystore/KeyProtection.java @@ -417,12 +417,13 @@ public final class KeyProtection implements ProtectionParameter { /** * Sets the set of digest algorithms (e.g., {@code SHA-256}, {@code SHA-384}) with which the - * key can be used when signing/verifying or generating MACs. Attempts to use the key with - * any other digest algorithm will be rejected. + * key can be used. Attempts to use the key with any other digest algorithm will be + * rejected. * - * <p>For HMAC keys, the default is the digest algorithm specified in - * {@link Key#getAlgorithm()}. For asymmetric signing keys the set of digest algorithms - * must be specified. + * <p>This must be specified for signing/verification keys and RSA encryption/decryption + * keys used with RSA OAEP padding scheme because these operations involve a digest. For + * HMAC keys, the default is the digest specified in {@link Key#getAlgorithm()} (e.g., + * {@code SHA-256} for key algorithm {@code HmacSHA256}). * * <p>For private keys used for TLS/SSL client or server authentication it is usually * necessary to authorize the use of no digest ({@link KeyProperties#DIGEST_NONE}). This is |