KeyGenParameterSpec
instead.@Deprecated public final class KeyPairGeneratorSpec extends Object implements AlgorithmParameterSpec
KeyPairGenerator
that works with
Android KeyStore
facility. The Android KeyStore facility is accessed through a
KeyPairGenerator
API using the AndroidKeyStore
provider. The context
passed in may be used to pop up some UI to ask
the user to unlock or initialize the Android KeyStore facility.
After generation, the keyStoreAlias
is used with the
KeyStore.getEntry(String, java.security.KeyStore.ProtectionParameter)
interface to retrieve the PrivateKey
and its associated
Certificate
chain.
The KeyPair generator will create a self-signed certificate with the subject
as its X.509v3 Subject Distinguished Name and as its X.509v3 Issuer
Distinguished Name along with the other parameters specified with the
KeyPairGeneratorSpec.Builder
.
The self-signed X.509 certificate may be replaced at a later time by a certificate signed by a real Certificate Authority.
Modifier and Type | Class and Description |
---|---|
static class |
KeyPairGeneratorSpec.Builder
Deprecated.
Use
KeyGenParameterSpec.Builder instead. |
Constructor and Description |
---|
KeyPairGeneratorSpec(Context context,
String keyStoreAlias,
String keyType,
int keySize,
AlgorithmParameterSpec spec,
X500Principal subjectDN,
BigInteger serialNumber,
Date startDate,
Date endDate,
int flags)
Deprecated.
Parameter specification for the "
AndroidKeyPairGenerator "
instance of the KeyPairGenerator API. |
Modifier and Type | Method and Description |
---|---|
AlgorithmParameterSpec |
getAlgorithmParameterSpec()
Deprecated.
Returns the
AlgorithmParameterSpec that will be used for creation
of the key pair. |
Context |
getContext()
Deprecated.
Gets the Android context used for operations with this instance.
|
Date |
getEndDate()
Deprecated.
Gets the end date to be used on the X.509 certificate that will be put in
the
KeyStore . |
int |
getFlags()
Deprecated.
|
int |
getKeySize()
Deprecated.
Returns the key size specified by this parameter.
|
String |
getKeystoreAlias()
Deprecated.
Returns the alias that will be used in the
java.security.KeyStore
in conjunction with the AndroidKeyStore . |
String |
getKeyType()
Deprecated.
Returns the type of key pair (e.g.,
EC , RSA ) to be generated. |
BigInteger |
getSerialNumber()
Deprecated.
Gets the serial number to be used on the X.509 certificate that will be
put in the
KeyStore . |
Date |
getStartDate()
Deprecated.
Gets the start date to be used on the X.509 certificate that will be put
in the
KeyStore . |
X500Principal |
getSubjectDN()
Deprecated.
Gets the subject distinguished name to be used on the X.509 certificate
that will be put in the
KeyStore . |
boolean |
isEncryptionRequired()
Deprecated.
Returns
true if the key must be encrypted at rest. |
public KeyPairGeneratorSpec(Context context, String keyStoreAlias, String keyType, int keySize, AlgorithmParameterSpec spec, X500Principal subjectDN, BigInteger serialNumber, Date startDate, Date endDate, int flags)
AndroidKeyPairGenerator
"
instance of the KeyPairGenerator
API. The
context
passed in may be used to pop up some UI to ask the user
to unlock or initialize the Android keystore facility.
After generation, the keyStoreAlias
is used with the
KeyStore.getEntry(String, java.security.KeyStore.ProtectionParameter)
interface to retrieve the PrivateKey
and its associated
Certificate
chain.
The KeyPair generator will create a self-signed certificate with the
properties of subjectDN
as its X.509v3 Subject Distinguished Name
and as its X.509v3 Issuer Distinguished Name, using the specified
serialNumber
, and the validity date starting at startDate
and ending at endDate
.
context
- Android context for the activitykeyStoreAlias
- name to use for the generated key in the Android
keystorekeyType
- key algorithm to use (RSA, DSA, EC)keySize
- size of key to generatespec
- the underlying key type parameterssubjectDN
- X.509 v3 Subject Distinguished NameserialNumber
- X509 v3 certificate serial numberstartDate
- the start of the self-signed certificate validity periodendDate
- the end date of the self-signed certificate validity
periodIllegalArgumentException
- when any argument is null
or
endDate
is before startDate
.public Context getContext()
public String getKeystoreAlias()
java.security.KeyStore
in conjunction with the AndroidKeyStore
.public String getKeyType()
EC
, RSA
) to be generated. See
KeyProperties
.KEY_ALGORITHM
constants.public int getKeySize()
public AlgorithmParameterSpec getAlgorithmParameterSpec()
AlgorithmParameterSpec
that will be used for creation
of the key pair.public X500Principal getSubjectDN()
KeyStore
.public BigInteger getSerialNumber()
KeyStore
.public Date getStartDate()
KeyStore
.public Date getEndDate()
KeyStore
.public int getFlags()
public boolean isEncryptionRequired()
true
if the key must be encrypted at rest. This will protect the key pair
with the secure lock screen credential (e.g., password, PIN, or pattern).
Note that encrypting the key at rest requires that the secure lock screen (e.g., password, PIN, pattern) is set up, otherwise key generation will fail. Moreover, this key will be deleted when the secure lock screen is disabled or reset (e.g., by the user or a Device Administrator). Finally, this key cannot be used until the user unlocks the secure lock screen after boot.
KeyguardManager.isDeviceSecure()