Reputation: 4044
What is keys which do not require encryption in KeyStore Provider?
I want to store my secret keys using Android KeyStore Provider (on Android 6 and above). But I can't understand one thing: is the keys will be deleted when user change settings of lock screen?
In changes list to Android 6 described:
Keys which do not require encryption at rest will no longer be deleted when secure lock screen is disabled or reset (for example, by the user or a Device Administrator). Keys which require encryption at rest will be deleted during these events.
But what is the keys which do not require encryption? Is it mean that I should choose between store keys unsafely (without encryption) or it will be erased when user changes settings?
Upvotes: 1
Views: 121
Answers (1)
Reputation: 3260
Keys that require user authentication are generated using setAuthenticationRequired on the KeyGenParameterSpec on API 23+:
KeyGenParameterSpec
.Builder(...)
.setUserAuthenticationRequired(requiresAuth)
...
.build()
and using setEncryptionRequired on the KeyPairGeneratorSpec on API 19-22:
specBuilder = KeyPairGeneratorSpec.Builder(context)
if (requiresAuth) {
specBuilder.setEncryptionRequired()
}
Upvotes: 1
Related Questions
- Android KeyStore Initialization
- How the Android Keystore system can be secure?
- KeyStore vs KeyChain
- Android Central Keystore
- Android KeyStore Encrypt and Decrypt Data
- Securely Storing Keys in Android Keystore
- Is the KeyStore encrypted by default?
- Android KeyStore System - Saving a KeyPair?
- KeyStore Android
- Android Keystore, secure value of key