android - KeyPairGeneratorSpec deprecated -

August 15, 2011

keypairgeneratorspec deprecated since api 23. how handle warning?

example code:

keypairgenerator kpg = keypairgenerator.getinstance("rsa", "androidkeystore"); kpg.initialize(new keypairgeneratorspec.builder(context).build());

per documentation, should use keygenparameterspec instead. example (for rsa signing key):

keypairgenerator kpg = keypairgenerator.getinstance(         keyproperties.key_algorithm_rsa, "androidkeystore"); kpg.initialize(new keygenparameterspec.builder(         "mykey", keyproperties.purpose_sign)         .setdigests(keyproperties.digest_sha256)         .setsignaturepaddings(keyproperties.signature_padding_rsa_pss)         .build());

the additional options set digest , padding mode required. because, following crypto security practices, androidkeystore locks down ways key can used (signing vs decryption, digest , padding modes, etc.) specified set. if try use key in way didn't specify when created it, fail. failure enforced secure hardware, if device has it, if attacker roots device key can still used in defined ways.

keygenparameterspec supports creating ecdsa, aes , hmac keys, , allows place other restrictions on how keys can used. example, if use setuserauthenticationrequired method, impossible use key unless user around authenticate themselves.

Search This Blog

Color

android - KeyPairGeneratorSpec deprecated -

Comments

Post a Comment

Popular posts from this blog

javascript - jQuery: Add class depending on URL in the best way -

caching - How to check if a url path exists in the service worker cache -

Redirect to a HTTPS version using .htaccess -