summaryrefslogtreecommitdiffstats
path: root/keystore
diff options
context:
space:
mode:
authorAlex Klyubin <klyubin@google.com>2015-06-15 17:43:45 +0000
committerAndroid (Google) Code Review <android-gerrit@google.com>2015-06-15 17:43:47 +0000
commit6ef3d7d283e1e8b7ea848e25306f7696b349c038 (patch)
tree151853876463b14c1878538ad1beb199cef31e16 /keystore
parent31104fbb7e109e9fe34a09878e4901761fa39f5d (diff)
parentacb7efd0d6dbde2506bb333e400a281f422df3fc (diff)
downloadframeworks_base-6ef3d7d283e1e8b7ea848e25306f7696b349c038.zip
frameworks_base-6ef3d7d283e1e8b7ea848e25306f7696b349c038.tar.gz
frameworks_base-6ef3d7d283e1e8b7ea848e25306f7696b349c038.tar.bz2
Merge "Document when self-signed certs have invalid signature." into mnc-dev
Diffstat (limited to 'keystore')
-rw-r--r--keystore/java/android/security/keystore/KeyGenParameterSpec.java8
-rw-r--r--keystore/java/android/security/keystore/KeyProperties.java2
2 files changed, 9 insertions, 1 deletions
diff --git a/keystore/java/android/security/keystore/KeyGenParameterSpec.java b/keystore/java/android/security/keystore/KeyGenParameterSpec.java
index 47aab74..4c0631f 100644
--- a/keystore/java/android/security/keystore/KeyGenParameterSpec.java
+++ b/keystore/java/android/security/keystore/KeyGenParameterSpec.java
@@ -59,6 +59,14 @@ import javax.security.auth.x500.X500Principal;
* of the certificate can be customized in this spec. The self-signed certificate may be replaced at
* a later time by a certificate signed by a Certificate Authority (CA).
*
+ * <p>NOTE: If a private key is not authorized to sign the self-signed certificate, then the
+ * certificate will be created with an invalid signature which will not verify. Such a certificate
+ * is still useful because it provides access to the public key. To generate a valid
+ * signature for the certificate the key needs to be authorized for
+ * {@link KeyProperties#PURPOSE_SIGN}, a suitable digest or {@link KeyProperties#DIGEST_NONE}, and
+ * {@link KeyProperties#SIGNATURE_PADDING_RSA_PKCS1} or
+ * {@link KeyProperties#ENCRYPTION_PADDING_NONE}.
+ *
* <p>NOTE: The key material of the generated symmetric and private keys is not accessible. The key
* material of the public keys is accessible.
*
diff --git a/keystore/java/android/security/keystore/KeyProperties.java b/keystore/java/android/security/keystore/KeyProperties.java
index 403e814..f9fe176 100644
--- a/keystore/java/android/security/keystore/KeyProperties.java
+++ b/keystore/java/android/security/keystore/KeyProperties.java
@@ -370,7 +370,7 @@ public abstract class KeyProperties {
* No encryption padding.
*
* <p><b>NOTE</b>: If a key is authorized to be used with no padding, then it can be used with
- * any padding scheme.
+ * any padding scheme, both for encryption and signing.
*/
public static final String ENCRYPTION_PADDING_NONE = "NoPadding";