Package com.google.crypto.tink.integration.android

Class AndroidKeystoreKmsClient

  • All Implemented Interfaces:
    KmsClient
    public final class AndroidKeystoreKmsClient
extends java.lang.Object
implements KmsClient
    An implementation of KmsClient for Android Keystore.

    We don't recommend using this class. Instead, directly use AndroidKeystore.

    This class requires Android M (API level 23) or newer.

    Since:
    1.0.0

    • Field Detail

      • PREFIX

        public static final java.lang.String PREFIX
        The prefix of all keys stored in Android Keystore.
        See Also:
        Constant Field Values

    • Constructor Detail

      • AndroidKeystoreKmsClient

        @RequiresApi(23)
public AndroidKeystoreKmsClient()
                         throws java.security.GeneralSecurityException
        Throws:
        java.security.GeneralSecurityException

    • Method Detail

      • doesSupport

        @RequiresApi(23)
public boolean doesSupport​(java.lang.String uri)
        Specified by:
        doesSupport in interface KmsClient
        Returns:
        true either if keyUri is not null and equal to uri, or keyUri is null and uri starts with PREFIX.

      • withCredentials

        @RequiresApi(23)
public KmsClient withCredentials​(java.lang.String unused)
                          throws java.security.GeneralSecurityException
        Initializes a KmsClient for Android Keystore.

        Note that Android Keystore doesn't need credentials, thus the credential path is unused.

        Specified by:
        withCredentials in interface KmsClient
        Throws:
        java.security.GeneralSecurityException

      • withDefaultCredentials

        @RequiresApi(23)
public KmsClient withDefaultCredentials()
                                 throws java.security.GeneralSecurityException
        Initializes a KmsClient for Android Keystore.

        Note that Android Keystore does not use credentials.

        Specified by:
        withDefaultCredentials in interface KmsClient
        Throws:
        java.security.GeneralSecurityException

      • getAead

        public Aead getAead​(java.lang.String uri)
             throws java.security.GeneralSecurityException
        Returns an Aead backed by a key in Android Keystore specified by uri.

        Since Android Keystore is somewhat unreliable, a self-test is done against the key. This will incur a small performance penalty.

        Specified by:
        getAead in interface KmsClient
        Throws:
        java.security.GeneralSecurityException - if the URI is not supported or invalid

      • deleteKey

        public void deleteKey​(java.lang.String keyUri)
               throws java.security.GeneralSecurityException
        Deletes a key in Android Keystore.
        Throws:
        java.security.GeneralSecurityException

      • getOrGenerateNewAeadKey

        @RequiresApi(23)
public static Aead getOrGenerateNewAeadKey​(java.lang.String keyUri)
                                    throws java.security.GeneralSecurityException,
                                           java.io.IOException
        Generates a new key in Android Keystore, if it doesn't exist.

        Generates AES256-GCM keys.

        Throws:
        java.security.GeneralSecurityException
        java.io.IOException

      • generateNewAeadKey

        @RequiresApi(23)
public static void generateNewAeadKey​(java.lang.String keyUri)
                               throws java.security.GeneralSecurityException
        Generates a new key in Android Keystore.

        Generates AES256-GCM keys.

        Throws:
        java.security.GeneralSecurityException