diff options
Diffstat (limited to 'keystore/java')
-rw-r--r-- | keystore/java/android/security/KeyChain.java | 15 | ||||
-rw-r--r-- | keystore/java/android/security/KeyStore.java | 2 |
2 files changed, 16 insertions, 1 deletions
diff --git a/keystore/java/android/security/KeyChain.java b/keystore/java/android/security/KeyChain.java index 817b7c9..059d8e6 100644 --- a/keystore/java/android/security/KeyChain.java +++ b/keystore/java/android/security/KeyChain.java @@ -29,11 +29,13 @@ import android.os.Looper; import android.os.Process; import android.os.RemoteException; import android.os.UserHandle; +import android.security.keystore.KeyInfo; import android.security.keystore.KeyProperties; import java.io.ByteArrayInputStream; import java.io.Closeable; import java.security.InvalidKeyException; +import java.security.KeyFactory; import java.security.Principal; import java.security.PrivateKey; import java.security.cert.Certificate; @@ -442,7 +444,20 @@ public final class KeyChain { * imported or generated. This can be used to tell if there is special * hardware support that can be used to bind keys to the device in a way * that makes it non-exportable. + * + * @deprecated Whether the key is bound to the secure hardware is known only + * once the key has been imported. To find out, use: + * <pre>{@code + * PrivateKey key = ...; // private key from KeyChain + * + * KeyFactory keyFactory = + * KeyFactory.getInstance(key.getAlgorithm(), "AndroidKeyStore"); + * KeyInfo keyInfo = keyFactory.getKeySpec(key, KeyInfo.class); + * if (keyInfo.isInsideSecureHardware()) { + * // The key is bound to the secure hardware of this Android + * }}</pre> */ + @Deprecated public static boolean isBoundKeyAlgorithm( @NonNull @KeyProperties.KeyAlgorithmEnum String algorithm) { if (!isKeyAlgorithmSupported(algorithm)) { diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java index 367257a..ad348f8 100644 --- a/keystore/java/android/security/KeyStore.java +++ b/keystore/java/android/security/KeyStore.java @@ -383,7 +383,7 @@ public class KeyStore { } } - // TODO remove this when it's removed from Settings + // TODO: remove this when it's removed from Settings public boolean isHardwareBacked() { return isHardwareBacked("RSA"); } |