The Android KeyStore facility is accessed through a {@link KeyGenerator} API using the * {@code AndroidKeyStore} provider. The {@code context} passed in may be used to pop up some UI to * ask the user to unlock or initialize the Android KeyStore facility. * *
After generation, the {@code keyStoreAlias} is used with the * {@link java.security.KeyStore#getEntry(String, java.security.KeyStore.ProtectionParameter)} * interface to retrieve the {@link SecretKey}. */ public class KeyGeneratorSpec implements AlgorithmParameterSpec { private final Context mContext; private final String mKeystoreAlias; private final int mFlags; private final int mKeySize; private final Date mKeyValidityStart; private final Date mKeyValidityForOriginationEnd; private final Date mKeyValidityForConsumptionEnd; private final @KeyStoreKeyProperties.PurposeEnum int mPurposes; private final String[] mEncryptionPaddings; private final String[] mBlockModes; private final boolean mRandomizedEncryptionRequired; private final @KeyStoreKeyProperties.UserAuthenticatorEnum int mUserAuthenticators; private final int mUserAuthenticationValidityDurationSeconds; private final boolean mInvalidatedOnNewFingerprintEnrolled; private KeyGeneratorSpec( Context context, String keyStoreAlias, int flags, int keySize, Date keyValidityStart, Date keyValidityForOriginationEnd, Date keyValidityForConsumptionEnd, @KeyStoreKeyProperties.PurposeEnum int purposes, String[] encryptionPaddings, String[] blockModes, boolean randomizedEncryptionRequired, @KeyStoreKeyProperties.UserAuthenticatorEnum int userAuthenticators, int userAuthenticationValidityDurationSeconds, boolean invalidatedOnNewFingerprintEnrolled) { if (context == null) { throw new IllegalArgumentException("context == null"); } else if (TextUtils.isEmpty(keyStoreAlias)) { throw new IllegalArgumentException("keyStoreAlias must not be empty"); } else if ((userAuthenticationValidityDurationSeconds < 0) && (userAuthenticationValidityDurationSeconds != -1)) { throw new IllegalArgumentException( "userAuthenticationValidityDurationSeconds must not be negative"); } mContext = context; mKeystoreAlias = keyStoreAlias; mFlags = flags; mKeySize = keySize; mKeyValidityStart = keyValidityStart; mKeyValidityForOriginationEnd = keyValidityForOriginationEnd; mKeyValidityForConsumptionEnd = keyValidityForConsumptionEnd; mPurposes = purposes; mEncryptionPaddings = ArrayUtils.cloneIfNotEmpty(ArrayUtils.nullToEmpty(encryptionPaddings)); mBlockModes = ArrayUtils.cloneIfNotEmpty(ArrayUtils.nullToEmpty(blockModes)); mRandomizedEncryptionRequired = randomizedEncryptionRequired; mUserAuthenticators = userAuthenticators; mUserAuthenticationValidityDurationSeconds = userAuthenticationValidityDurationSeconds; mInvalidatedOnNewFingerprintEnrolled = invalidatedOnNewFingerprintEnrolled; } /** * Gets the Android context used for operations with this instance. */ public Context getContext() { return mContext; } /** * Returns the alias that will be used in the {@code java.security.KeyStore} in conjunction with * the {@code AndroidKeyStore}. */ public String getKeystoreAlias() { return mKeystoreAlias; } /** * @hide */ public int getFlags() { return mFlags; } /** * Returns the requested key size or {@code -1} if default size should be used. */ public int getKeySize() { return mKeySize; } /** * Gets the time instant before which the key is not yet valid. * * @return instant or {@code null} if not restricted. */ public Date getKeyValidityStart() { return mKeyValidityStart; } /** * Gets the time instant after which the key is no longer valid for decryption and verification. * * @return instant or {@code null} if not restricted. */ public Date getKeyValidityForConsumptionEnd() { return mKeyValidityForConsumptionEnd; } /** * Gets the time instant after which the key is no longer valid for encryption and signing. * * @return instant or {@code null} if not restricted. */ public Date getKeyValidityForOriginationEnd() { return mKeyValidityForOriginationEnd; } /** * Gets the set of purposes for which the key can be used. */ public @KeyStoreKeyProperties.PurposeEnum int getPurposes() { return mPurposes; } /** * Gets the set of padding schemes with which the key can be used when encrypting/decrypting. */ public String[] getEncryptionPaddings() { return ArrayUtils.cloneIfNotEmpty(mEncryptionPaddings); } /** * Gets the set of block modes with which the key can be used. */ public String[] getBlockModes() { return ArrayUtils.cloneIfNotEmpty(mBlockModes); } /** * Returns {@code true} if encryption using this key must be sufficiently randomized to produce * different ciphertexts for the same plaintext every time. The formal cryptographic property * being required is indistinguishability under chosen-plaintext attack ({@code * IND-CPA}). This property is important because it mitigates several classes of * weaknesses due to which ciphertext may leak information about plaintext. For example, if a * given plaintext always produces the same ciphertext, an attacker may see the repeated * ciphertexts and be able to deduce something about the plaintext. */ public boolean isRandomizedEncryptionRequired() { return mRandomizedEncryptionRequired; } /** * Gets the set of user authenticators which protect access to this key. The key can only be * used iff the user has authenticated to at least one of these user authenticators. * * @return user authenticators or {@code 0} if the key can be used without user authentication. */ public @KeyStoreKeyProperties.UserAuthenticatorEnum int getUserAuthenticators() { return mUserAuthenticators; } /** * Gets the duration of time (seconds) for which this key can be used after the user * successfully authenticates to one of the associated user authenticators. * * @return duration in seconds or {@code -1} if not restricted. {@code 0} means authentication * is required for every use of the key. */ public int getUserAuthenticationValidityDurationSeconds() { return mUserAuthenticationValidityDurationSeconds; } /** * Returns {@code true} if this key must be permanently invalidated once a new fingerprint is * enrolled. This constraint only has effect if fingerprint reader is one of the user * authenticators protecting access to this key. * * @see #getUserAuthenticators() */ public boolean isInvalidatedOnNewFingerprintEnrolled() { return mInvalidatedOnNewFingerprintEnrolled; } /** * Returns {@code true} if the key must be encrypted in the {@link java.security.KeyStore}. */ public boolean isEncryptionRequired() { return (mFlags & KeyStore.FLAG_ENCRYPTED) != 0; } public static class Builder { private final Context mContext; private String mKeystoreAlias; private int mFlags; private int mKeySize = -1; private Date mKeyValidityStart; private Date mKeyValidityForOriginationEnd; private Date mKeyValidityForConsumptionEnd; private @KeyStoreKeyProperties.PurposeEnum int mPurposes; private String[] mEncryptionPaddings; private String[] mBlockModes; private boolean mRandomizedEncryptionRequired = true; private @KeyStoreKeyProperties.UserAuthenticatorEnum int mUserAuthenticators; private int mUserAuthenticationValidityDurationSeconds = -1; private boolean mInvalidatedOnNewFingerprintEnrolled; /** * Creates a new instance of the {@code Builder} with the given {@code context}. The * {@code context} passed in may be used to pop up some UI to ask the user to unlock or * initialize the Android KeyStore facility. */ public Builder(Context context) { if (context == null) { throw new NullPointerException("context == null"); } mContext = context; } /** * Sets the alias to be used to retrieve the key later from a {@link java.security.KeyStore} * instance using the {@code AndroidKeyStore} provider. * *
The alias must be provided. There is no default. */ public Builder setAlias(String alias) { if (alias == null) { throw new NullPointerException("alias == null"); } mKeystoreAlias = alias; return this; } /** * Sets the size (in bits) of the key to be generated. * *
By default, the key size will be determines based on the key algorithm. For example, * for {@code HmacSHA256}, the key size will default to {@code 256}. */ public Builder setKeySize(int keySize) { mKeySize = keySize; return this; } /** * Indicates that this key must be encrypted at rest on storage. Note that enabling this * will require that the user enable a strong lock screen (e.g., PIN, password) before * creating or using the generated key is successful. */ public Builder setEncryptionRequired(boolean required) { if (required) { mFlags |= KeyStore.FLAG_ENCRYPTED; } else { mFlags &= ~KeyStore.FLAG_ENCRYPTED; } return this; } /** * Sets the time instant before which the key is not yet valid. * *
By default, the key is valid at any instant. * * @see #setKeyValidityEnd(Date) */ public Builder setKeyValidityStart(Date startDate) { mKeyValidityStart = startDate; return this; } /** * Sets the time instant after which the key is no longer valid. * *
By default, the key is valid at any instant. * * @see #setKeyValidityStart(Date) * @see #setKeyValidityForConsumptionEnd(Date) * @see #setKeyValidityForOriginationEnd(Date) */ public Builder setKeyValidityEnd(Date endDate) { setKeyValidityForOriginationEnd(endDate); setKeyValidityForConsumptionEnd(endDate); return this; } /** * Sets the time instant after which the key is no longer valid for encryption and signing. * *
By default, the key is valid at any instant. * * @see #setKeyValidityForConsumptionEnd(Date) */ public Builder setKeyValidityForOriginationEnd(Date endDate) { mKeyValidityForOriginationEnd = endDate; return this; } /** * Sets the time instant after which the key is no longer valid for decryption and * verification. * *
By default, the key is valid at any instant. * * @see #setKeyValidityForOriginationEnd(Date) */ public Builder setKeyValidityForConsumptionEnd(Date endDate) { mKeyValidityForConsumptionEnd = endDate; return this; } /** * Sets the set of purposes for which the key can be used. * *
This must be specified for all keys. There is no default. */ public Builder setPurposes(@KeyStoreKeyProperties.PurposeEnum int purposes) { mPurposes = purposes; return this; } /** * Sets the set of padding schemes with which the key can be used when * encrypting/decrypting. Attempts to use the key with any other padding scheme will be * rejected. * *
This must be specified for keys which are used for encryption/decryption. */ public Builder setEncryptionPaddings(String... paddings) { mEncryptionPaddings = ArrayUtils.cloneIfNotEmpty(paddings); return this; } /** * Sets the set of block modes with which the key can be used when encrypting/decrypting. * Attempts to use the key with any other block modes will be rejected. * *
This must be specified for encryption/decryption keys. */ public Builder setBlockModes(String... blockModes) { mBlockModes = ArrayUtils.cloneIfNotEmpty(blockModes); return this; } /** * Sets whether encryption using this key must be sufficiently randomized to produce * different ciphertexts for the same plaintext every time. The formal cryptographic * property being required is indistinguishability under chosen-plaintext attack * ({@code IND-CPA}). This property is important because it mitigates several classes * of weaknesses due to which ciphertext may leak information about plaintext. For example, * if a given plaintext always produces the same ciphertext, an attacker may see the * repeated ciphertexts and be able to deduce something about the plaintext. * *
By default, {@code IND-CPA} is required. * *
When {@code IND-CPA} is required: *
Before disabling this requirement, consider the following approaches instead: *
By default, the key can be used without user authentication. * * @param userAuthenticators user authenticators or empty list if this key can be accessed * without user authentication. * * @see #setUserAuthenticationValidityDurationSeconds(int) */ public Builder setUserAuthenticators( @KeyStoreKeyProperties.UserAuthenticatorEnum int userAuthenticators) { mUserAuthenticators = userAuthenticators; return this; } /** * Sets the duration of time (seconds) for which this key can be used after the user * successfully authenticates to one of the associated user authenticators. * *
By default, the user needs to authenticate for every use of the key. * * @param seconds duration in seconds or {@code 0} if the user needs to authenticate for * every use of the key. * * @see #setUserAuthenticators(int) */ public Builder setUserAuthenticationValidityDurationSeconds(int seconds) { mUserAuthenticationValidityDurationSeconds = seconds; return this; } /** * Sets whether this key must be invalidated (permanently) once a new fingerprint is * enrolled. This only has effect if fingerprint reader is one of the user authenticators * protecting access to the key. * *
By default, enrolling a new fingerprint does not invalidate the key. * * @see #setUserAuthenticators(Set) */ public Builder setInvalidatedOnNewFingerprintEnrolled(boolean invalidated) { mInvalidatedOnNewFingerprintEnrolled = invalidated; return this; } /** * Builds a new instance instance of {@code KeyGeneratorSpec}. * * @throws IllegalArgumentException if a required field is missing or violates a constraint. */ public KeyGeneratorSpec build() { return new KeyGeneratorSpec(mContext, mKeystoreAlias, mFlags, mKeySize, mKeyValidityStart, mKeyValidityForOriginationEnd, mKeyValidityForConsumptionEnd, mPurposes, mEncryptionPaddings, mBlockModes, mRandomizedEncryptionRequired, mUserAuthenticators, mUserAuthenticationValidityDurationSeconds, mInvalidatedOnNewFingerprintEnrolled); } } }