Google is committed to advancing racial equity for Black communities. See how.
Added in API level 18
Deprecated in API level 23

KeyPairGeneratorSpec

class KeyPairGeneratorSpec : AlgorithmParameterSpec
kotlin.Any
   ↳ android.security.KeyPairGeneratorSpec

This provides the required parameters needed for initializing the KeyPairGenerator that works with Android KeyStore facility. The Android KeyStore facility is accessed through a java.security.KeyPairGenerator API using the AndroidKeyStore provider. The context passed in may be used to pop up some UI to ask the user to unlock or initialize the Android KeyStore facility.

After generation, the keyStoreAlias is used with the java.security.KeyStore#getEntry(String, java.security.KeyStore.ProtectionParameter) interface to retrieve the PrivateKey and its associated Certificate chain.

The KeyPair generator will create a self-signed certificate with the subject as its X.509v3 Subject Distinguished Name and as its X.509v3 Issuer Distinguished Name along with the other parameters specified with the Builder.

The self-signed X.509 certificate may be replaced at a later time by a certificate signed by a real Certificate Authority.

Summary

Nested classes

Builder class for KeyPairGeneratorSpec objects.

Public methods
AlgorithmParameterSpec

Returns the AlgorithmParameterSpec that will be used for creation of the key pair.
Context!

Gets the Android context used for operations with this instance.
Date

Gets the end date to be used on the X.
Int

Returns the key size specified by this parameter.
String?

Returns the type of key pair (e.g.,

String!

Returns the alias that will be used in the java.security.KeyStore in conjunction with the AndroidKeyStore.
BigInteger

Gets the serial number to be used on the X.
Date

Gets the start date to be used on the X.
X500Principal

Gets the subject distinguished name to be used on the X.
Boolean

Returns true if the key must be encrypted at rest.

Public methods

getAlgorithmParameterSpec

Added in API level 19
Deprecated in API level 23
fun getAlgorithmParameterSpec(): AlgorithmParameterSpec

Deprecated.

Returns the AlgorithmParameterSpec that will be used for creation of the key pair.

Return
AlgorithmParameterSpec This value cannot be null.

getContext

Added in API level 18
Deprecated in API level 23
fun getContext(): Context!

Deprecated.

Gets the Android context used for operations with this instance.

getEndDate

Added in API level 18
Deprecated in API level 23
fun getEndDate(): Date

Deprecated.

Gets the end date to be used on the X.509 certificate that will be put in the java.security.KeyStore.

Return
Date This value cannot be null.

getKeySize

Added in API level 19
Deprecated in API level 23
fun getKeySize(): Int

Deprecated.

Returns the key size specified by this parameter. For instance, for RSA this will return the modulus size and for EC it will return the field size.

getKeyType

Added in API level 19
Deprecated in API level 23
fun getKeyType(): String?

Deprecated.

Returns the type of key pair (e.g., EC, RSA) to be generated. See KeyProperties.KEY_ALGORITHM constants.

Return
String? This value may be null. Value is android.security.keystore.KeyProperties#KEY_ALGORITHM_RSA, android.security.keystore.KeyProperties#KEY_ALGORITHM_EC, android.security.keystore.KeyProperties#KEY_ALGORITHM_AES, android.security.keystore.KeyProperties#KEY_ALGORITHM_HMAC_SHA1, android.security.keystore.KeyProperties#KEY_ALGORITHM_HMAC_SHA224, android.security.keystore.KeyProperties#KEY_ALGORITHM_HMAC_SHA256, android.security.keystore.KeyProperties#KEY_ALGORITHM_HMAC_SHA384, or android.security.keystore.KeyProperties#KEY_ALGORITHM_HMAC_SHA512

getKeystoreAlias

Added in API level 18
Deprecated in API level 23
fun getKeystoreAlias(): String!

Deprecated.

Returns the alias that will be used in the java.security.KeyStore in conjunction with the AndroidKeyStore.

getSerialNumber

Added in API level 18
Deprecated in API level 23
fun getSerialNumber(): BigInteger

Deprecated.

Gets the serial number to be used on the X.509 certificate that will be put in the java.security.KeyStore.

Return
BigInteger This value cannot be null.

getStartDate

Added in API level 18
Deprecated in API level 23
fun getStartDate(): Date

Deprecated.

Gets the start date to be used on the X.509 certificate that will be put in the java.security.KeyStore.

Return
Date This value cannot be null.

getSubjectDN

Added in API level 18
Deprecated in API level 23
fun getSubjectDN(): X500Principal

Deprecated.

Gets the subject distinguished name to be used on the X.509 certificate that will be put in the java.security.KeyStore.

Return
X500Principal This value cannot be null.

isEncryptionRequired

Added in API level 18
Deprecated in API level 23
fun isEncryptionRequired(): Boolean

Deprecated.

Returns true if the key must be encrypted at rest. This will protect the key pair with the secure lock screen credential (e.g., password, PIN, or pattern).

Note that encrypting the key at rest requires that the secure lock screen (e.g., password, PIN, pattern) is set up, otherwise key generation will fail. Moreover, this key will be deleted when the secure lock screen is disabled or reset (e.g., by the user or a Device Administrator). Finally, this key cannot be used until the user unlocks the secure lock screen after boot.