diff options
| author | Alex Klyubin <klyubin@google.com> | 2015-06-15 17:43:45 +0000 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2015-06-15 17:43:47 +0000 |
| commit | 6ef3d7d283e1e8b7ea848e25306f7696b349c038 (patch) | |
| tree | 151853876463b14c1878538ad1beb199cef31e16 /keystore | |
| parent | 31104fbb7e109e9fe34a09878e4901761fa39f5d (diff) | |
| parent | acb7efd0d6dbde2506bb333e400a281f422df3fc (diff) | |
| download | frameworks_base-6ef3d7d283e1e8b7ea848e25306f7696b349c038.zip frameworks_base-6ef3d7d283e1e8b7ea848e25306f7696b349c038.tar.gz frameworks_base-6ef3d7d283e1e8b7ea848e25306f7696b349c038.tar.bz2 | |
Merge "Document when self-signed certs have invalid signature." into mnc-dev
Diffstat (limited to 'keystore')
| -rw-r--r-- | keystore/java/android/security/keystore/KeyGenParameterSpec.java | 8 | ||||
| -rw-r--r-- | keystore/java/android/security/keystore/KeyProperties.java | 2 |
2 files changed, 9 insertions, 1 deletions
diff --git a/keystore/java/android/security/keystore/KeyGenParameterSpec.java b/keystore/java/android/security/keystore/KeyGenParameterSpec.java index 47aab74..4c0631f 100644 --- a/keystore/java/android/security/keystore/KeyGenParameterSpec.java +++ b/keystore/java/android/security/keystore/KeyGenParameterSpec.java @@ -59,6 +59,14 @@ import javax.security.auth.x500.X500Principal; * of the certificate can be customized in this spec. The self-signed certificate may be replaced at * a later time by a certificate signed by a Certificate Authority (CA). * + * <p>NOTE: If a private key is not authorized to sign the self-signed certificate, then the + * certificate will be created with an invalid signature which will not verify. Such a certificate + * is still useful because it provides access to the public key. To generate a valid + * signature for the certificate the key needs to be authorized for + * {@link KeyProperties#PURPOSE_SIGN}, a suitable digest or {@link KeyProperties#DIGEST_NONE}, and + * {@link KeyProperties#SIGNATURE_PADDING_RSA_PKCS1} or + * {@link KeyProperties#ENCRYPTION_PADDING_NONE}. + * * <p>NOTE: The key material of the generated symmetric and private keys is not accessible. The key * material of the public keys is accessible. * diff --git a/keystore/java/android/security/keystore/KeyProperties.java b/keystore/java/android/security/keystore/KeyProperties.java index 403e814..f9fe176 100644 --- a/keystore/java/android/security/keystore/KeyProperties.java +++ b/keystore/java/android/security/keystore/KeyProperties.java @@ -370,7 +370,7 @@ public abstract class KeyProperties { * No encryption padding. * * <p><b>NOTE</b>: If a key is authorized to be used with no padding, then it can be used with - * any padding scheme. + * any padding scheme, both for encryption and signing. */ public static final String ENCRYPTION_PADDING_NONE = "NoPadding"; |