KeyGenParameterSpec

Class Overview

AlgorithmParameterSpec for initializing a KeyPairGenerator or a KeyGenerator of the Android Keystore system. The spec determines authorized uses of the key, such as whether user authentication is required for using the key, what operations are authorized (e.g., signing, but not decryption) and with what parameters (e.g., only with a particular padding scheme or digest), the key's validity start and end dates. Key use authorizations expressed in the spec apply only to secret keys and private keys -- public keys can be used for any supported operations.

To generate an asymmetric key pair or a symmetric key, create an instance of this class using the KeyGenParameterSpec.Builder, initialize a KeyPairGenerator or a KeyGenerator of the desired key type (e.g., EC or AES -- see KeyProperties.KEY_ALGORITHM constants) from the AndroidKeyStore provider with the KeyGenParameterSpec instance, and then generate a key or key pair using generateKey() or generateKeyPair().

The generated key pair or key will be returned by the generator and also stored in the Android Keystore under the alias specified in this spec. To obtain the secret or private key from the Android Keystore use KeyStore.getKey(String, null) or KeyStore.getEntry(String, null). To obtain the public key from the Android Keystore use getCertificate(String) and then getPublicKey().

To help obtain algorithm-specific public parameters of key pairs stored in the Android Keystore, generated private keys implement ECKey or RSAKey interfaces whereas public keys implement ECPublicKey or RSAPublicKey interfaces.

For asymmetric key pairs, a self-signed X.509 certificate will be also generated and stored in the Android Keystore. This is because the KeyStore abstraction does not support storing key pairs without a certificate. The subject, serial number, and validity dates of the certificate can be customized in this spec. The self-signed certificate may be replaced at a later time by a certificate signed by a Certificate Authority (CA).

NOTE: If a private key is not authorized to sign the self-signed certificate, then the certificate will be created with an invalid signature which will not verify. Such a certificate is still useful because it provides access to the public key. To generate a valid signature for the certificate the key needs to be authorized for all of the following:

• PURPOSE_SIGN,
• operation without requiring the user to be authenticated (see setUserAuthenticationRequired(boolean)),
• signing/origination at this moment in time (see setKeyValidityStart(Date) and setKeyValidityForOriginationEnd(Date)),
• suitable digest,
• (RSA keys only) padding scheme SIGNATURE_PADDING_RSA_PKCS1.

NOTE: The key material of the generated symmetric and private keys is not accessible. The key material of the public keys is accessible.

Instances of this class are immutable.

Example: NIST P-256 EC key pair for signing/verification using ECDSA

This example illustrates how to generate a NIST P-256 (aka secp256r1 aka prime256v1) EC key pair in the Android KeyStore system under alias key1 where the private key is authorized to be used only for signing using SHA-256, SHA-384, or SHA-512 digest and only if the user has been authenticated within the last five minutes. The use of public key is unrestricted, thus permitting signature verification using any padding schemes and digests, and without user authentication.

 KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(
         KeyProperties.KEY_ALGORITHM_EC, "AndroidKeyStore");
 keyPairGenerator.initialize(
         new KeyGenParameterSpec.Builder(
                 "key1",
                 KeyProperties.PURPOSE_SIGN)
                 .setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1"))
                 .setDigests(KeyProperties.DIGEST_SHA256,
                         KeyProperties.DIGEST_SHA384,
                         KeyProperties.DIGEST_SHA512)
                 // Only permit the private key to be used if the user authenticated
                 // within the last five minutes.
                 .setUserAuthenticationRequired(true)
                 .setUserAuthenticationValidityDurationSeconds(5 * 60)
                 .build());
 KeyPair keyPair = keyPairGenerator.generateKeyPair();
 Signature signature = Signature.getInstance("SHA256withECDSA");
 signature.initSign(keyPair.getPrivate());
 ...

 // The key pair can also be obtained from the Android Keystore any time as follows:
 KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
 keyStore.load(null);
 PrivateKey privateKey = (PrivateKey) keyStore.getKey("key1", null);
 PublicKey publicKey = keyStore.getCertificate("key1").getPublicKey();
 

Example: RSA key pair for signing/verification using RSA-PSS

This example illustrates how to generate an RSA key pair in the Android KeyStore system under alias key1 authorized to be used only for signing using the RSA-PSS signature padding scheme with SHA-256 or SHA-512 digests. The use of public key is unrestricted, thus permitting signature verification using any padding schemes and digests.

 KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(
         KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore");
 keyPairGenerator.initialize(
         new KeyGenParameterSpec.Builder(
                 "key1",
                 KeyProperties.PURPOSE_SIGN)
                 .setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512)
                 .setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PSS)
                 .build());
 KeyPair keyPair = keyPairGenerator.generateKeyPair();
 Signature signature = Signature.getInstance("SHA256withRSA/PSS");
 signature.initSign(keyPair.getPrivate());
 ...

 // The key pair can also be obtained from the Android Keystore any time as follows:
 KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
 keyStore.load(null);
 PrivateKey privateKey = (PrivateKey) keyStore.getKey("key1", null);
 PublicKey publicKey = keyStore.getCertificate("key1").getPublicKey();
 

Example: RSA key pair for encryption/decryption using RSA OAEP

This example illustrates how to generate an RSA key pair in the Android KeyStore system under alias key1 where the private key is authorized to be used only for decryption using RSA OAEP encryption padding scheme with SHA-256 or SHA-512 digests. The use of public key is unrestricted, thus permitting encryption using any padding schemes and digests.

 KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(
         KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore");
 keyPairGenerator.initialize(
         new KeyGenParameterSpec.Builder(
                 "key1",
                 KeyProperties.PURPOSE_DECRYPT)
                 .setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512)
                 .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_OAEP)
                 .build());
 KeyPair keyPair = keyPairGenerator.generateKeyPair();
 Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
 cipher.init(Cipher.DECRYPT_MODE, keyPair.getPrivate());
 ...

 // The key pair can also be obtained from the Android Keystore any time as follows:
 KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
 keyStore.load(null);
 PrivateKey privateKey = (PrivateKey) keyStore.getKey("key1", null);
 PublicKey publicKey = keyStore.getCertificate("key1").getPublicKey();
 

Example: AES key for encryption/decryption in GCM mode

The following example illustrates how to generate an AES key in the Android KeyStore system under alias key2 authorized to be used only for encryption/decryption in GCM mode with no padding.

 KeyGenerator keyGenerator = KeyGenerator.getInstance(
         KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore");
 keyGenerator.initialize(
         new KeyGenParameterSpec.Builder("key2",
                 KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
                 .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
                 .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
                 .build());
 SecretKey key = keyGenerator.generateKey();

 Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
 cipher.init(Cipher.ENCRYPT_MODE, key);
 ...

 // The key can also be obtained from the Android Keystore any time as follows:
 KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
 keyStore.load(null);
 key = (SecretKey) keyStore.getKey("key2", null);
 

Example: HMAC key for generating a MAC using SHA-256

This example illustrates how to generate an HMAC key in the Android KeyStore system under alias key2 authorized to be used only for generating an HMAC using SHA-256.

 KeyGenerator keyGenerator = KeyGenerator.getInstance(
         KeyProperties.KEY_ALGORITHM_HMAC_SHA256, "AndroidKeyStore");
 keyGenerator.initialize(
         new KeyGenParameterSpec.Builder("key2", KeyProperties.PURPOSE_SIGN).build());
 SecretKey key = keyGenerator.generateKey();
 Mac mac = Mac.getInstance("HmacSHA256");
 mac.init(key);
 ...

 // The key can also be obtained from the Android Keystore any time as follows:
 KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
 keyStore.load(null);
 key = (SecretKey) keyStore.getKey("key2", null);
 

Summary

Nested Classes
class	KeyGenParameterSpec.Builder	Builder of KeyGenParameterSpec instances.

Public Methods
AlgorithmParameterSpec	getAlgorithmParameterSpec() Returns the key algorithm-specific AlgorithmParameterSpec that will be used for creation of the key or null if algorithm-specific defaults should be used.
String[]	getBlockModes() Gets the set of block modes (e.g., GCM, CBC) with which the key can be used when encrypting/decrypting.
Date	getCertificateNotAfter() Returns the end date to be used on the X.509 certificate that will be put in the KeyStore.
Date	getCertificateNotBefore() Returns the start date to be used on the X.509 certificate that will be put in the KeyStore.
BigInteger	getCertificateSerialNumber() Returns the serial number to be used on the X.509 certificate that will be put in the KeyStore.
X500Principal	getCertificateSubject() Returns the subject distinguished name to be used on the X.509 certificate that will be put in the KeyStore.
String[]	getDigests() Returns the set of digest algorithms (e.g., SHA-256, SHA-384 with which the key can be used or null if not specified.
String[]	getEncryptionPaddings() Returns the set of padding schemes (e.g., PKCS7Padding, OEAPPadding, PKCS1Padding, NoPadding) with which the key can be used when encrypting/decrypting.
int	getKeySize() Returns the requested key size.
Date	getKeyValidityForConsumptionEnd() Returns the time instant after which the key is no longer valid for decryption and verification or null if not restricted.
Date	getKeyValidityForOriginationEnd() Returns the time instant after which the key is no longer valid for encryption and signing or null if not restricted.
Date	getKeyValidityStart() Returns the time instant before which the key is not yet valid or null if not restricted.
String	getKeystoreAlias() Returns the alias that will be used in the java.security.KeyStore in conjunction with the AndroidKeyStore.
int	getPurposes() Returns the set of purposes (e.g., encrypt, decrypt, sign) for which the key can be used.
String[]	getSignaturePaddings() Gets the set of padding schemes (e.g., PSS, PKCS#1) with which the key can be used when signing/verifying.
int	getUserAuthenticationValidityDurationSeconds() Gets the duration of time (seconds) for which this key is authorized to be used after the user is successfully authenticated.
boolean	isDigestsSpecified() Returns true if the set of digest algorithms with which the key can be used has been specified.
boolean	isRandomizedEncryptionRequired() Returns true if encryption using this key must be sufficiently randomized to produce different ciphertexts for the same plaintext every time.
boolean	isUserAuthenticationRequired() Returns true if the key is authorized to be used only if the user has been authenticated.

[Expand] Inherited Methods

From class java.lang.Object Object clone() Creates and returns a copy of this Object. boolean equals(Object o) Compares this instance with the specified object and indicates if they are equal. void finalize() Invoked when the garbage collector has detected that this instance is no longer reachable. final Class<?> getClass() Returns the unique instance of Class that represents this object's class. int hashCode() Returns an integer hash code for this object. final void notify() Causes a thread which is waiting on this object's monitor (by means of calling one of the wait() methods) to be woken up. final void notifyAll() Causes all threads which are waiting on this object's monitor (by means of calling one of the wait() methods) to be woken up. String toString() Returns a string containing a concise, human-readable description of this object. final void wait() Causes the calling thread to wait until another thread calls the notify() or notifyAll() method of this object. final void wait(long millis, int nanos) Causes the calling thread to wait until another thread calls the notify() or notifyAll() method of this object or until the specified timeout expires. final void wait(long millis) Causes the calling thread to wait until another thread calls the notify() or notifyAll() method of this object or until the specified timeout expires.