Most visited

Recently visited

Added in API level 18
Deprecated since API level 23

KeyPairGeneratorSpec

public final class KeyPairGeneratorSpec
extends Object implements AlgorithmParameterSpec

java.lang.Object
   ↳ android.security.KeyPairGeneratorSpec


This class was deprecated in API level 23.
Use KeyGenParameterSpec instead.

This provides the required parameters needed for initializing the KeyPairGenerator that works with Android KeyStore facility. The Android KeyStore facility is accessed through a KeyPairGenerator API using the AndroidKeyStore provider. The context passed in may be used to pop up some UI to ask the user to unlock or initialize the Android KeyStore facility.

After generation, the keyStoreAlias is used with the getEntry(String, java.security.KeyStore.ProtectionParameter) interface to retrieve the PrivateKey and its associated Certificate chain.

The KeyPair generator will create a self-signed certificate with the subject as its X.509v3 Subject Distinguished Name and as its X.509v3 Issuer Distinguished Name along with the other parameters specified with the KeyPairGeneratorSpec.Builder.

The self-signed X.509 certificate may be replaced at a later time by a certificate signed by a real Certificate Authority.

Summary

Nested classes

class KeyPairGeneratorSpec.Builder

This class was deprecated in API level 23. Use KeyGenParameterSpec.Builder instead.  

Public methods

AlgorithmParameterSpec getAlgorithmParameterSpec()

Returns the AlgorithmParameterSpec that will be used for creation of the key pair.

Context getContext()

Gets the Android context used for operations with this instance.

Date getEndDate()

Gets the end date to be used on the X.509 certificate that will be put in the KeyStore.

int getKeySize()

Returns the key size specified by this parameter.

String getKeyType()

Returns the type of key pair (e.g., EC, RSA) to be generated.

String getKeystoreAlias()

Returns the alias that will be used in the java.security.KeyStore in conjunction with the AndroidKeyStore.

BigInteger getSerialNumber()

Gets the serial number to be used on the X.509 certificate that will be put in the KeyStore.

Date getStartDate()

Gets the start date to be used on the X.509 certificate that will be put in the KeyStore.

X500Principal getSubjectDN()

Gets the subject distinguished name to be used on the X.509 certificate that will be put in the KeyStore.

boolean isEncryptionRequired()

Returns true if the key must be encrypted at rest.

Inherited methods

From class java.lang.Object

Public methods

getAlgorithmParameterSpec

Added in API level 19
AlgorithmParameterSpec getAlgorithmParameterSpec ()

Returns the AlgorithmParameterSpec that will be used for creation of the key pair.

Returns
AlgorithmParameterSpec

getContext

Added in API level 18
Context getContext ()

Gets the Android context used for operations with this instance.

Returns
Context

getEndDate

Added in API level 18
Date getEndDate ()

Gets the end date to be used on the X.509 certificate that will be put in the KeyStore.

Returns
Date

getKeySize

Added in API level 19
int getKeySize ()

Returns the key size specified by this parameter. For instance, for RSA this will return the modulus size and for EC it will return the field size.

Returns
int

getKeyType

Added in API level 19
String getKeyType ()

Returns the type of key pair (e.g., EC, RSA) to be generated. See KeyProperties.KEY_ALGORITHM constants.

Returns
String

getKeystoreAlias

Added in API level 18
String getKeystoreAlias ()

Returns the alias that will be used in the java.security.KeyStore in conjunction with the AndroidKeyStore.

Returns
String

getSerialNumber

Added in API level 18
BigInteger getSerialNumber ()

Gets the serial number to be used on the X.509 certificate that will be put in the KeyStore.

Returns
BigInteger

getStartDate

Added in API level 18
Date getStartDate ()

Gets the start date to be used on the X.509 certificate that will be put in the KeyStore.

Returns
Date

getSubjectDN

Added in API level 18
X500Principal getSubjectDN ()

Gets the subject distinguished name to be used on the X.509 certificate that will be put in the KeyStore.

Returns
X500Principal

isEncryptionRequired

Added in API level 18
boolean isEncryptionRequired ()

Returns true if the key must be encrypted at rest. This will protect the key pair with the secure lock screen credential (e.g., password, PIN, or pattern).

Note that encrypting the key at rest requires that the secure lock screen (e.g., password, PIN, pattern) is set up, otherwise key generation will fail. Moreover, this key will be deleted when the secure lock screen is disabled or reset (e.g., by the user or a Device Administrator). Finally, this key cannot be used until the user unlocks the secure lock screen after boot.

Returns
boolean

See also:

Hooray!