Package com.google.crypto.tink.integration.android

Class AndroidKeystore

  • public final class AndroidKeystore
extends java.lang.Object
    API to store and use AEAD keys in the Android Keystore.

    Android Keystore is only supported on Android M (API level 23) or newer.

    Warning: This API is not thread-safe.

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static void deleteKey​(java.lang.String alias)
      Deletes a key in Android Keystore if it exists.
      static void generateNewAes256GcmKey​(java.lang.String alias)
      Generates a new 256-bit AES-GCM key in Android Keystore, with the given alias.
      static void generateNewKeyWithSpec​(android.security.keystore.KeyGenParameterSpec spec)
      Generates a new key in Android Keystore with the given KeyGenParameterSpec.
      static Aead getAead​(java.lang.String alias)
      Returns an Aead backed by a key in Android Keystore specified by alias.
      static boolean hasKey​(java.lang.String alias)
      Returns true if there is a key in Android Keystore.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Method Detail

      • generateNewAes256GcmKey

        @RequiresApi(23)
public static void generateNewAes256GcmKey​(java.lang.String alias)
                                    throws java.security.GeneralSecurityException
        Generates a new 256-bit AES-GCM key in Android Keystore, with the given alias.

        Warning: Existing keys with the same alias will be overwritten.

        Throws:
        java.security.GeneralSecurityException

      • generateNewKeyWithSpec

        @RequiresApi(23)
public static void generateNewKeyWithSpec​(android.security.keystore.KeyGenParameterSpec spec)
                                   throws java.security.GeneralSecurityException
        Generates a new key in Android Keystore with the given KeyGenParameterSpec.

        This can be used to generate keys with Android Keystore specific properties. It is the user's responsibility to ensure that the values in the KeyGenParameterSpec are correctly set.

        Warning: Existing keys with the same alias will be overwritten.

        Throws:
        java.security.GeneralSecurityException

      • getAead

        public static Aead getAead​(java.lang.String alias)
                    throws java.security.GeneralSecurityException
        Returns an Aead backed by a key in Android Keystore specified by alias.

        Warning: Android Keystore can only handle a limited number of requests in parallel. If too many calls are made at the same time, both encrypt or decrypt may fail with a GeneralSecurityException. But if you avoid calling keystore from many threads at the same time, then such failures are unlikely and retrying is not necessary.

        See KeyStore2 for more information.

        If decryption throws a BadPaddingException (which includes AEADBadTagException), then the ciphertext is not decryptable and retrying will not help.

        Throws:
        java.security.GeneralSecurityException

      • deleteKey

        public static void deleteKey​(java.lang.String alias)
                      throws java.security.GeneralSecurityException
        Deletes a key in Android Keystore if it exists.
        Throws:
        java.security.GeneralSecurityException

      • hasKey

        public static boolean hasKey​(java.lang.String alias)
                      throws java.security.GeneralSecurityException
        Returns true if there is a key in Android Keystore.
        Throws:
        java.security.GeneralSecurityException