Unhide the new AndroidKeyStore API.
Bug: 18088752
Change-Id: I93f87cbb1cd04a4a2e34f3d544d678c92cf052ee
diff --git a/api/current.txt b/api/current.txt
index 66c0447..bec686d 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -28040,6 +28040,43 @@
package android.security {
+ public class CryptoOperationException extends java.lang.RuntimeException {
+ ctor public CryptoOperationException();
+ ctor public CryptoOperationException(java.lang.String);
+ ctor public CryptoOperationException(java.lang.String, java.lang.Throwable);
+ ctor public CryptoOperationException(java.lang.Throwable);
+ }
+
+ public class EcIesParameterSpec implements java.security.spec.AlgorithmParameterSpec {
+ method public int getDemCipherKeySize();
+ method public java.lang.String getDemCipherTransformation();
+ method public java.lang.String getDemMacAlgorithm();
+ method public int getDemMacKeySize();
+ method public java.lang.String getKemKdfAlgorithm();
+ method public int getKemPointFormat();
+ field public static final android.security.EcIesParameterSpec DEFAULT;
+ }
+
+ public static class EcIesParameterSpec.Builder {
+ ctor public EcIesParameterSpec.Builder();
+ method public android.security.EcIesParameterSpec build();
+ method public android.security.EcIesParameterSpec.Builder setDemCipherKeySize(int);
+ method public android.security.EcIesParameterSpec.Builder setDemCipherTransformation(java.lang.String);
+ method public android.security.EcIesParameterSpec.Builder setDemMacAlgorithm(java.lang.String);
+ method public android.security.EcIesParameterSpec.Builder setDemMacKeySize(int);
+ method public android.security.EcIesParameterSpec.Builder setKemKdfAlgorithm(java.lang.String);
+ method public android.security.EcIesParameterSpec.Builder setKemPointFormat(int);
+ }
+
+ public static abstract class EcIesParameterSpec.PointFormat {
+ field public static final int COMPRESSED = 1; // 0x1
+ field public static final int UNCOMPRESSED = 0; // 0x0
+ field public static final int UNSPECIFIED = -1; // 0xffffffff
+ }
+
+ public static abstract class EcIesParameterSpec.PointFormatEnum implements java.lang.annotation.Annotation {
+ }
+
public final class KeyChain {
ctor public KeyChain();
method public static void choosePrivateKeyAlias(android.app.Activity, android.security.KeyChainAliasCallback, java.lang.String[], java.security.Principal[], java.lang.String, int, java.lang.String);
@@ -28066,17 +28103,77 @@
ctor public KeyChainException(java.lang.Throwable);
}
+ public class KeyExpiredException extends android.security.CryptoOperationException {
+ ctor public KeyExpiredException();
+ ctor public KeyExpiredException(java.lang.String);
+ ctor public KeyExpiredException(java.lang.String, java.lang.Throwable);
+ }
+
+ public class KeyGeneratorSpec implements java.security.spec.AlgorithmParameterSpec {
+ method public java.lang.String[] getBlockModes();
+ method public android.content.Context getContext();
+ method public java.lang.String[] getEncryptionPaddings();
+ method public int getKeySize();
+ method public java.util.Date getKeyValidityForConsumptionEnd();
+ method public java.util.Date getKeyValidityForOriginationEnd();
+ method public java.util.Date getKeyValidityStart();
+ method public java.lang.String getKeystoreAlias();
+ method public int getPurposes();
+ method public int getUserAuthenticationValidityDurationSeconds();
+ method public int getUserAuthenticators();
+ method public boolean isEncryptionRequired();
+ method public boolean isInvalidatedOnNewFingerprintEnrolled();
+ method public boolean isRandomizedEncryptionRequired();
+ }
+
+ public static class KeyGeneratorSpec.Builder {
+ ctor public KeyGeneratorSpec.Builder(android.content.Context);
+ method public android.security.KeyGeneratorSpec build();
+ method public android.security.KeyGeneratorSpec.Builder setAlias(java.lang.String);
+ method public android.security.KeyGeneratorSpec.Builder setBlockModes(java.lang.String...);
+ method public android.security.KeyGeneratorSpec.Builder setEncryptionPaddings(java.lang.String...);
+ method public android.security.KeyGeneratorSpec.Builder setEncryptionRequired(boolean);
+ method public android.security.KeyGeneratorSpec.Builder setInvalidatedOnNewFingerprintEnrolled(boolean);
+ method public android.security.KeyGeneratorSpec.Builder setKeySize(int);
+ method public android.security.KeyGeneratorSpec.Builder setKeyValidityEnd(java.util.Date);
+ method public android.security.KeyGeneratorSpec.Builder setKeyValidityForConsumptionEnd(java.util.Date);
+ method public android.security.KeyGeneratorSpec.Builder setKeyValidityForOriginationEnd(java.util.Date);
+ method public android.security.KeyGeneratorSpec.Builder setKeyValidityStart(java.util.Date);
+ method public android.security.KeyGeneratorSpec.Builder setPurposes(int);
+ method public android.security.KeyGeneratorSpec.Builder setRandomizedEncryptionRequired(boolean);
+ method public android.security.KeyGeneratorSpec.Builder setUserAuthenticationValidityDurationSeconds(int);
+ method public android.security.KeyGeneratorSpec.Builder setUserAuthenticators(int);
+ }
+
+ public class KeyNotYetValidException extends android.security.CryptoOperationException {
+ ctor public KeyNotYetValidException();
+ ctor public KeyNotYetValidException(java.lang.String);
+ ctor public KeyNotYetValidException(java.lang.String, java.lang.Throwable);
+ }
+
public final class KeyPairGeneratorSpec implements java.security.spec.AlgorithmParameterSpec {
method public java.security.spec.AlgorithmParameterSpec getAlgorithmParameterSpec();
+ method public java.lang.String[] getBlockModes();
method public android.content.Context getContext();
+ method public java.lang.String[] getDigests();
+ method public java.lang.String[] getEncryptionPaddings();
method public java.util.Date getEndDate();
method public int getKeySize();
method public java.lang.String getKeyType();
+ method public java.util.Date getKeyValidityForConsumptionEnd();
+ method public java.util.Date getKeyValidityForOriginationEnd();
+ method public java.util.Date getKeyValidityStart();
method public java.lang.String getKeystoreAlias();
+ method public int getPurposes();
method public java.math.BigInteger getSerialNumber();
+ method public java.lang.String[] getSignaturePaddings();
method public java.util.Date getStartDate();
method public javax.security.auth.x500.X500Principal getSubjectDN();
+ method public int getUserAuthenticationValidityDurationSeconds();
+ method public int getUserAuthenticators();
method public boolean isEncryptionRequired();
+ method public boolean isInvalidatedOnNewFingerprintEnrolled();
+ method public boolean isRandomizedEncryptionRequired();
}
public static final class KeyPairGeneratorSpec.Builder {
@@ -28084,23 +28181,110 @@
method public android.security.KeyPairGeneratorSpec build();
method public android.security.KeyPairGeneratorSpec.Builder setAlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec);
method public android.security.KeyPairGeneratorSpec.Builder setAlias(java.lang.String);
+ method public android.security.KeyPairGeneratorSpec.Builder setBlockModes(java.lang.String...);
+ method public android.security.KeyPairGeneratorSpec.Builder setDigests(java.lang.String...);
+ method public android.security.KeyPairGeneratorSpec.Builder setEncryptionPaddings(java.lang.String...);
method public android.security.KeyPairGeneratorSpec.Builder setEncryptionRequired();
method public android.security.KeyPairGeneratorSpec.Builder setEndDate(java.util.Date);
+ method public android.security.KeyPairGeneratorSpec.Builder setInvalidatedOnNewFingerprintEnrolled(boolean);
method public android.security.KeyPairGeneratorSpec.Builder setKeySize(int);
method public android.security.KeyPairGeneratorSpec.Builder setKeyType(java.lang.String) throws java.security.NoSuchAlgorithmException;
+ method public android.security.KeyPairGeneratorSpec.Builder setKeyValidityEnd(java.util.Date);
+ method public android.security.KeyPairGeneratorSpec.Builder setKeyValidityForConsumptionEnd(java.util.Date);
+ method public android.security.KeyPairGeneratorSpec.Builder setKeyValidityForOriginationEnd(java.util.Date);
+ method public android.security.KeyPairGeneratorSpec.Builder setKeyValidityStart(java.util.Date);
+ method public android.security.KeyPairGeneratorSpec.Builder setPurposes(int);
+ method public android.security.KeyPairGeneratorSpec.Builder setRandomizedEncryptionRequired(boolean);
method public android.security.KeyPairGeneratorSpec.Builder setSerialNumber(java.math.BigInteger);
+ method public android.security.KeyPairGeneratorSpec.Builder setSignaturePaddings(java.lang.String...);
method public android.security.KeyPairGeneratorSpec.Builder setStartDate(java.util.Date);
method public android.security.KeyPairGeneratorSpec.Builder setSubject(javax.security.auth.x500.X500Principal);
+ method public android.security.KeyPairGeneratorSpec.Builder setUserAuthenticationValidityDurationSeconds(int);
+ method public android.security.KeyPairGeneratorSpec.Builder setUserAuthenticators(int);
+ }
+
+ public abstract class KeyStoreKeyProperties {
+ }
+
+ public static abstract class KeyStoreKeyProperties.Origin {
+ field public static final int GENERATED = 1; // 0x1
+ field public static final int IMPORTED = 2; // 0x2
+ }
+
+ public static abstract class KeyStoreKeyProperties.OriginEnum implements java.lang.annotation.Annotation {
+ }
+
+ public static abstract class KeyStoreKeyProperties.Purpose {
+ field public static final int DECRYPT = 2; // 0x2
+ field public static final int ENCRYPT = 1; // 0x1
+ field public static final int SIGN = 4; // 0x4
+ field public static final int VERIFY = 8; // 0x8
+ }
+
+ public static abstract class KeyStoreKeyProperties.PurposeEnum implements java.lang.annotation.Annotation {
+ }
+
+ public static abstract class KeyStoreKeyProperties.UserAuthenticator {
+ field public static final int FINGERPRINT_READER = 2; // 0x2
+ field public static final int LOCK_SCREEN = 1; // 0x1
+ }
+
+ public static abstract class KeyStoreKeyProperties.UserAuthenticatorEnum implements java.lang.annotation.Annotation {
+ }
+
+ public class KeyStoreKeySpec implements java.security.spec.KeySpec {
+ method public java.lang.String[] getBlockModes();
+ method public java.lang.String[] getDigests();
+ method public java.lang.String[] getEncryptionPaddings();
+ method public int getKeySize();
+ method public java.util.Date getKeyValidityForConsumptionEnd();
+ method public java.util.Date getKeyValidityForOriginationEnd();
+ method public java.util.Date getKeyValidityStart();
+ method public java.lang.String getKeystoreAlias();
+ method public int getOrigin();
+ method public int getPurposes();
+ method public java.lang.String[] getSignaturePaddings();
+ method public int getTeeEnforcedUserAuthenticators();
+ method public int getUserAuthenticationValidityDurationSeconds();
+ method public int getUserAuthenticators();
+ method public boolean isInvalidatedOnNewFingerprintEnrolled();
+ method public boolean isTeeBacked();
}
public final class KeyStoreParameter implements java.security.KeyStore.ProtectionParameter {
+ method public java.lang.String[] getBlockModes();
+ method public java.lang.String[] getDigests();
+ method public java.lang.String[] getEncryptionPaddings();
+ method public java.util.Date getKeyValidityForConsumptionEnd();
+ method public java.util.Date getKeyValidityForOriginationEnd();
+ method public java.util.Date getKeyValidityStart();
+ method public int getPurposes();
+ method public java.lang.String[] getSignaturePaddings();
+ method public int getUserAuthenticationValidityDurationSeconds();
+ method public int getUserAuthenticators();
+ method public boolean isDigestsSpecified();
method public boolean isEncryptionRequired();
+ method public boolean isInvalidatedOnNewFingerprintEnrolled();
+ method public boolean isRandomizedEncryptionRequired();
}
public static final class KeyStoreParameter.Builder {
ctor public KeyStoreParameter.Builder(android.content.Context);
method public android.security.KeyStoreParameter build();
+ method public android.security.KeyStoreParameter.Builder setBlockModes(java.lang.String...);
+ method public android.security.KeyStoreParameter.Builder setDigests(java.lang.String...);
+ method public android.security.KeyStoreParameter.Builder setEncryptionPaddings(java.lang.String...);
method public android.security.KeyStoreParameter.Builder setEncryptionRequired(boolean);
+ method public android.security.KeyStoreParameter.Builder setInvalidatedOnNewFingerprintEnrolled(boolean);
+ method public android.security.KeyStoreParameter.Builder setKeyValidityEnd(java.util.Date);
+ method public android.security.KeyStoreParameter.Builder setKeyValidityForConsumptionEnd(java.util.Date);
+ method public android.security.KeyStoreParameter.Builder setKeyValidityForOriginationEnd(java.util.Date);
+ method public android.security.KeyStoreParameter.Builder setKeyValidityStart(java.util.Date);
+ method public android.security.KeyStoreParameter.Builder setPurposes(int);
+ method public android.security.KeyStoreParameter.Builder setRandomizedEncryptionRequired(boolean);
+ method public android.security.KeyStoreParameter.Builder setSignaturePaddings(java.lang.String...);
+ method public android.security.KeyStoreParameter.Builder setUserAuthenticationValidityDurationSeconds(int);
+ method public android.security.KeyStoreParameter.Builder setUserAuthenticators(int);
}
public class NetworkSecurityPolicy {
@@ -28108,6 +28292,17 @@
method public boolean isCleartextTrafficPermitted();
}
+ public class NewFingerprintEnrolledException extends android.security.CryptoOperationException {
+ ctor public NewFingerprintEnrolledException();
+ ctor public NewFingerprintEnrolledException(java.lang.String);
+ }
+
+ public class UserNotAuthenticatedException extends android.security.CryptoOperationException {
+ ctor public UserNotAuthenticatedException();
+ ctor public UserNotAuthenticatedException(java.lang.String);
+ ctor public UserNotAuthenticatedException(java.lang.String, java.lang.Throwable);
+ }
+
}
package android.service.carrier {
diff --git a/api/system-current.txt b/api/system-current.txt
index 7694bf5..2cfa9a7 100644
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -30040,6 +30040,43 @@
package android.security {
+ public class CryptoOperationException extends java.lang.RuntimeException {
+ ctor public CryptoOperationException();
+ ctor public CryptoOperationException(java.lang.String);
+ ctor public CryptoOperationException(java.lang.String, java.lang.Throwable);
+ ctor public CryptoOperationException(java.lang.Throwable);
+ }
+
+ public class EcIesParameterSpec implements java.security.spec.AlgorithmParameterSpec {
+ method public int getDemCipherKeySize();
+ method public java.lang.String getDemCipherTransformation();
+ method public java.lang.String getDemMacAlgorithm();
+ method public int getDemMacKeySize();
+ method public java.lang.String getKemKdfAlgorithm();
+ method public int getKemPointFormat();
+ field public static final android.security.EcIesParameterSpec DEFAULT;
+ }
+
+ public static class EcIesParameterSpec.Builder {
+ ctor public EcIesParameterSpec.Builder();
+ method public android.security.EcIesParameterSpec build();
+ method public android.security.EcIesParameterSpec.Builder setDemCipherKeySize(int);
+ method public android.security.EcIesParameterSpec.Builder setDemCipherTransformation(java.lang.String);
+ method public android.security.EcIesParameterSpec.Builder setDemMacAlgorithm(java.lang.String);
+ method public android.security.EcIesParameterSpec.Builder setDemMacKeySize(int);
+ method public android.security.EcIesParameterSpec.Builder setKemKdfAlgorithm(java.lang.String);
+ method public android.security.EcIesParameterSpec.Builder setKemPointFormat(int);
+ }
+
+ public static abstract class EcIesParameterSpec.PointFormat {
+ field public static final int COMPRESSED = 1; // 0x1
+ field public static final int UNCOMPRESSED = 0; // 0x0
+ field public static final int UNSPECIFIED = -1; // 0xffffffff
+ }
+
+ public static abstract class EcIesParameterSpec.PointFormatEnum implements java.lang.annotation.Annotation {
+ }
+
public final class KeyChain {
ctor public KeyChain();
method public static void choosePrivateKeyAlias(android.app.Activity, android.security.KeyChainAliasCallback, java.lang.String[], java.security.Principal[], java.lang.String, int, java.lang.String);
@@ -30066,17 +30103,77 @@
ctor public KeyChainException(java.lang.Throwable);
}
+ public class KeyExpiredException extends android.security.CryptoOperationException {
+ ctor public KeyExpiredException();
+ ctor public KeyExpiredException(java.lang.String);
+ ctor public KeyExpiredException(java.lang.String, java.lang.Throwable);
+ }
+
+ public class KeyGeneratorSpec implements java.security.spec.AlgorithmParameterSpec {
+ method public java.lang.String[] getBlockModes();
+ method public android.content.Context getContext();
+ method public java.lang.String[] getEncryptionPaddings();
+ method public int getKeySize();
+ method public java.util.Date getKeyValidityForConsumptionEnd();
+ method public java.util.Date getKeyValidityForOriginationEnd();
+ method public java.util.Date getKeyValidityStart();
+ method public java.lang.String getKeystoreAlias();
+ method public int getPurposes();
+ method public int getUserAuthenticationValidityDurationSeconds();
+ method public int getUserAuthenticators();
+ method public boolean isEncryptionRequired();
+ method public boolean isInvalidatedOnNewFingerprintEnrolled();
+ method public boolean isRandomizedEncryptionRequired();
+ }
+
+ public static class KeyGeneratorSpec.Builder {
+ ctor public KeyGeneratorSpec.Builder(android.content.Context);
+ method public android.security.KeyGeneratorSpec build();
+ method public android.security.KeyGeneratorSpec.Builder setAlias(java.lang.String);
+ method public android.security.KeyGeneratorSpec.Builder setBlockModes(java.lang.String...);
+ method public android.security.KeyGeneratorSpec.Builder setEncryptionPaddings(java.lang.String...);
+ method public android.security.KeyGeneratorSpec.Builder setEncryptionRequired(boolean);
+ method public android.security.KeyGeneratorSpec.Builder setInvalidatedOnNewFingerprintEnrolled(boolean);
+ method public android.security.KeyGeneratorSpec.Builder setKeySize(int);
+ method public android.security.KeyGeneratorSpec.Builder setKeyValidityEnd(java.util.Date);
+ method public android.security.KeyGeneratorSpec.Builder setKeyValidityForConsumptionEnd(java.util.Date);
+ method public android.security.KeyGeneratorSpec.Builder setKeyValidityForOriginationEnd(java.util.Date);
+ method public android.security.KeyGeneratorSpec.Builder setKeyValidityStart(java.util.Date);
+ method public android.security.KeyGeneratorSpec.Builder setPurposes(int);
+ method public android.security.KeyGeneratorSpec.Builder setRandomizedEncryptionRequired(boolean);
+ method public android.security.KeyGeneratorSpec.Builder setUserAuthenticationValidityDurationSeconds(int);
+ method public android.security.KeyGeneratorSpec.Builder setUserAuthenticators(int);
+ }
+
+ public class KeyNotYetValidException extends android.security.CryptoOperationException {
+ ctor public KeyNotYetValidException();
+ ctor public KeyNotYetValidException(java.lang.String);
+ ctor public KeyNotYetValidException(java.lang.String, java.lang.Throwable);
+ }
+
public final class KeyPairGeneratorSpec implements java.security.spec.AlgorithmParameterSpec {
method public java.security.spec.AlgorithmParameterSpec getAlgorithmParameterSpec();
+ method public java.lang.String[] getBlockModes();
method public android.content.Context getContext();
+ method public java.lang.String[] getDigests();
+ method public java.lang.String[] getEncryptionPaddings();
method public java.util.Date getEndDate();
method public int getKeySize();
method public java.lang.String getKeyType();
+ method public java.util.Date getKeyValidityForConsumptionEnd();
+ method public java.util.Date getKeyValidityForOriginationEnd();
+ method public java.util.Date getKeyValidityStart();
method public java.lang.String getKeystoreAlias();
+ method public int getPurposes();
method public java.math.BigInteger getSerialNumber();
+ method public java.lang.String[] getSignaturePaddings();
method public java.util.Date getStartDate();
method public javax.security.auth.x500.X500Principal getSubjectDN();
+ method public int getUserAuthenticationValidityDurationSeconds();
+ method public int getUserAuthenticators();
method public boolean isEncryptionRequired();
+ method public boolean isInvalidatedOnNewFingerprintEnrolled();
+ method public boolean isRandomizedEncryptionRequired();
}
public static final class KeyPairGeneratorSpec.Builder {
@@ -30084,23 +30181,110 @@
method public android.security.KeyPairGeneratorSpec build();
method public android.security.KeyPairGeneratorSpec.Builder setAlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec);
method public android.security.KeyPairGeneratorSpec.Builder setAlias(java.lang.String);
+ method public android.security.KeyPairGeneratorSpec.Builder setBlockModes(java.lang.String...);
+ method public android.security.KeyPairGeneratorSpec.Builder setDigests(java.lang.String...);
+ method public android.security.KeyPairGeneratorSpec.Builder setEncryptionPaddings(java.lang.String...);
method public android.security.KeyPairGeneratorSpec.Builder setEncryptionRequired();
method public android.security.KeyPairGeneratorSpec.Builder setEndDate(java.util.Date);
+ method public android.security.KeyPairGeneratorSpec.Builder setInvalidatedOnNewFingerprintEnrolled(boolean);
method public android.security.KeyPairGeneratorSpec.Builder setKeySize(int);
method public android.security.KeyPairGeneratorSpec.Builder setKeyType(java.lang.String) throws java.security.NoSuchAlgorithmException;
+ method public android.security.KeyPairGeneratorSpec.Builder setKeyValidityEnd(java.util.Date);
+ method public android.security.KeyPairGeneratorSpec.Builder setKeyValidityForConsumptionEnd(java.util.Date);
+ method public android.security.KeyPairGeneratorSpec.Builder setKeyValidityForOriginationEnd(java.util.Date);
+ method public android.security.KeyPairGeneratorSpec.Builder setKeyValidityStart(java.util.Date);
+ method public android.security.KeyPairGeneratorSpec.Builder setPurposes(int);
+ method public android.security.KeyPairGeneratorSpec.Builder setRandomizedEncryptionRequired(boolean);
method public android.security.KeyPairGeneratorSpec.Builder setSerialNumber(java.math.BigInteger);
+ method public android.security.KeyPairGeneratorSpec.Builder setSignaturePaddings(java.lang.String...);
method public android.security.KeyPairGeneratorSpec.Builder setStartDate(java.util.Date);
method public android.security.KeyPairGeneratorSpec.Builder setSubject(javax.security.auth.x500.X500Principal);
+ method public android.security.KeyPairGeneratorSpec.Builder setUserAuthenticationValidityDurationSeconds(int);
+ method public android.security.KeyPairGeneratorSpec.Builder setUserAuthenticators(int);
+ }
+
+ public abstract class KeyStoreKeyProperties {
+ }
+
+ public static abstract class KeyStoreKeyProperties.Origin {
+ field public static final int GENERATED = 1; // 0x1
+ field public static final int IMPORTED = 2; // 0x2
+ }
+
+ public static abstract class KeyStoreKeyProperties.OriginEnum implements java.lang.annotation.Annotation {
+ }
+
+ public static abstract class KeyStoreKeyProperties.Purpose {
+ field public static final int DECRYPT = 2; // 0x2
+ field public static final int ENCRYPT = 1; // 0x1
+ field public static final int SIGN = 4; // 0x4
+ field public static final int VERIFY = 8; // 0x8
+ }
+
+ public static abstract class KeyStoreKeyProperties.PurposeEnum implements java.lang.annotation.Annotation {
+ }
+
+ public static abstract class KeyStoreKeyProperties.UserAuthenticator {
+ field public static final int FINGERPRINT_READER = 2; // 0x2
+ field public static final int LOCK_SCREEN = 1; // 0x1
+ }
+
+ public static abstract class KeyStoreKeyProperties.UserAuthenticatorEnum implements java.lang.annotation.Annotation {
+ }
+
+ public class KeyStoreKeySpec implements java.security.spec.KeySpec {
+ method public java.lang.String[] getBlockModes();
+ method public java.lang.String[] getDigests();
+ method public java.lang.String[] getEncryptionPaddings();
+ method public int getKeySize();
+ method public java.util.Date getKeyValidityForConsumptionEnd();
+ method public java.util.Date getKeyValidityForOriginationEnd();
+ method public java.util.Date getKeyValidityStart();
+ method public java.lang.String getKeystoreAlias();
+ method public int getOrigin();
+ method public int getPurposes();
+ method public java.lang.String[] getSignaturePaddings();
+ method public int getTeeEnforcedUserAuthenticators();
+ method public int getUserAuthenticationValidityDurationSeconds();
+ method public int getUserAuthenticators();
+ method public boolean isInvalidatedOnNewFingerprintEnrolled();
+ method public boolean isTeeBacked();
}
public final class KeyStoreParameter implements java.security.KeyStore.ProtectionParameter {
+ method public java.lang.String[] getBlockModes();
+ method public java.lang.String[] getDigests();
+ method public java.lang.String[] getEncryptionPaddings();
+ method public java.util.Date getKeyValidityForConsumptionEnd();
+ method public java.util.Date getKeyValidityForOriginationEnd();
+ method public java.util.Date getKeyValidityStart();
+ method public int getPurposes();
+ method public java.lang.String[] getSignaturePaddings();
+ method public int getUserAuthenticationValidityDurationSeconds();
+ method public int getUserAuthenticators();
+ method public boolean isDigestsSpecified();
method public boolean isEncryptionRequired();
+ method public boolean isInvalidatedOnNewFingerprintEnrolled();
+ method public boolean isRandomizedEncryptionRequired();
}
public static final class KeyStoreParameter.Builder {
ctor public KeyStoreParameter.Builder(android.content.Context);
method public android.security.KeyStoreParameter build();
+ method public android.security.KeyStoreParameter.Builder setBlockModes(java.lang.String...);
+ method public android.security.KeyStoreParameter.Builder setDigests(java.lang.String...);
+ method public android.security.KeyStoreParameter.Builder setEncryptionPaddings(java.lang.String...);
method public android.security.KeyStoreParameter.Builder setEncryptionRequired(boolean);
+ method public android.security.KeyStoreParameter.Builder setInvalidatedOnNewFingerprintEnrolled(boolean);
+ method public android.security.KeyStoreParameter.Builder setKeyValidityEnd(java.util.Date);
+ method public android.security.KeyStoreParameter.Builder setKeyValidityForConsumptionEnd(java.util.Date);
+ method public android.security.KeyStoreParameter.Builder setKeyValidityForOriginationEnd(java.util.Date);
+ method public android.security.KeyStoreParameter.Builder setKeyValidityStart(java.util.Date);
+ method public android.security.KeyStoreParameter.Builder setPurposes(int);
+ method public android.security.KeyStoreParameter.Builder setRandomizedEncryptionRequired(boolean);
+ method public android.security.KeyStoreParameter.Builder setSignaturePaddings(java.lang.String...);
+ method public android.security.KeyStoreParameter.Builder setUserAuthenticationValidityDurationSeconds(int);
+ method public android.security.KeyStoreParameter.Builder setUserAuthenticators(int);
}
public class NetworkSecurityPolicy {
@@ -30108,6 +30292,17 @@
method public boolean isCleartextTrafficPermitted();
}
+ public class NewFingerprintEnrolledException extends android.security.CryptoOperationException {
+ ctor public NewFingerprintEnrolledException();
+ ctor public NewFingerprintEnrolledException(java.lang.String);
+ }
+
+ public class UserNotAuthenticatedException extends android.security.CryptoOperationException {
+ ctor public UserNotAuthenticatedException();
+ ctor public UserNotAuthenticatedException(java.lang.String);
+ ctor public UserNotAuthenticatedException(java.lang.String, java.lang.Throwable);
+ }
+
}
package android.service.carrier {
diff --git a/docs/html/training/articles/keystore.jd b/docs/html/training/articles/keystore.jd
index bbbda67..a4fc2d2 100644
--- a/docs/html/training/articles/keystore.jd
+++ b/docs/html/training/articles/keystore.jd
@@ -26,11 +26,10 @@
</div>
</div>
-<p>The Android Keystore system lets you store private keys
- in a container to make it more difficult to extract from the
- device. Once keys are in the keystore, they can be used for
- cryptographic operations with the private key material remaining
- non-exportable.</p>
+<p>The Android Keystore system lets you store cryptographic keys in a container
+ to make it more difficult to extract from the device. Once keys are in the
+ keystore, they can be used for cryptographic operations with the key material
+ remaining non-exportable.</p>
<p>The Keystore system is used by the {@link
android.security.KeyChain} API as well as the Android
@@ -59,7 +58,8 @@
<p>
To use this feature, you use the standard {@link java.security.KeyStore}
-and {@link java.security.KeyPairGenerator} classes along with the
+and {@link java.security.KeyPairGenerator} or
+{@link javax.crypto.KeyGenerator} classes along with the
{@code AndroidKeyStore} provider introduced in Android 4.3 (API level 18).</p>
<p>{@code AndroidKeyStore} is registered as a {@link
@@ -67,7 +67,9 @@
java.security.KeyStore#getInstance(String) KeyStore.getInstance(type)}
method and as a provider for use with the {@link
java.security.KeyPairGenerator#getInstance(String, String)
- KeyPairGenerator.getInstance(algorithm, provider)} method.</p>
+ KeyPairGenerator.getInstance(algorithm, provider)} and {@link
+ javax.crypto.KeyGenerator#getInstance(String, String)
+ KeyGenerator.getInstance(algorithm, provider)} methods.</p>
<h3 id="GeneratingANewPrivateKey">Generating a New Private Key</h3>
@@ -81,6 +83,11 @@
{@sample development/samples/ApiDemos/src/com/example/android/apis/security/KeyStoreUsage.java generate}
+<h3 id="GeneratingANewSecretKey">Generating a New Secret Key</h3>
+
+<p>To generate the key, use a {@link javax.crypto.KeyGenerator} with
+ {@link android.security.KeyGeneratorSpec}.
+
<h3 id="WorkingWithKeyStoreEntries">Working with Keystore Entries</h3>
<p>Using the {@code AndroidKeyStore} provider takes place through
diff --git a/keystore/java/android/security/CryptoOperationException.java b/keystore/java/android/security/CryptoOperationException.java
index 00c142f..1c9d005 100644
--- a/keystore/java/android/security/CryptoOperationException.java
+++ b/keystore/java/android/security/CryptoOperationException.java
@@ -25,8 +25,6 @@
* permitted to throw a checked exception during operation. Because crypto operations can fail
* for a variety of reasons after initialization, this base class provides type-safety for unchecked
* exceptions that may be thrown in those cases.
- *
- * @hide
*/
public class CryptoOperationException extends RuntimeException {
diff --git a/keystore/java/android/security/EcIesParameterSpec.java b/keystore/java/android/security/EcIesParameterSpec.java
index 0f19812..3826679 100644
--- a/keystore/java/android/security/EcIesParameterSpec.java
+++ b/keystore/java/android/security/EcIesParameterSpec.java
@@ -46,8 +46,6 @@
* MAC algorithm specified by {@link #getDemMacAlgorithm()} (e.g., {@code HmacSHA1} for standard
* DEM1).</li>
* </ul>
- *
- * @hide
*/
public class EcIesParameterSpec implements AlgorithmParameterSpec {
@@ -124,6 +122,8 @@
/**
* Returns KEM EC curve name (e.g., {@code secp256r1}) or {@code null} if not specified.
+ *
+ * @hide
*/
public String getKemCurveName() {
return mKemCurveName;
@@ -200,6 +200,8 @@
* Sets KEM EC curve name. For example, {@code P-256} or {@code secp256r1}.
*
* <p>NOTE: Only curves with cofactor of {@code 1} are supported.
+ *
+ * @hide
*/
public Builder setKemCurveName(String name) {
mKemCurveName = name;
diff --git a/keystore/java/android/security/KeyExpiredException.java b/keystore/java/android/security/KeyExpiredException.java
index 35a5acc..a02dc33 100644
--- a/keystore/java/android/security/KeyExpiredException.java
+++ b/keystore/java/android/security/KeyExpiredException.java
@@ -19,8 +19,6 @@
/**
* Indicates that a cryptographic operation failed because the employed key's validity end date
* is in the past.
- *
- * @hide
*/
public class KeyExpiredException extends CryptoOperationException {
diff --git a/keystore/java/android/security/KeyGeneratorSpec.java b/keystore/java/android/security/KeyGeneratorSpec.java
index 22db83e..7ecc47e 100644
--- a/keystore/java/android/security/KeyGeneratorSpec.java
+++ b/keystore/java/android/security/KeyGeneratorSpec.java
@@ -37,15 +37,13 @@
* <p>After generation, the {@code keyStoreAlias} is used with the
* {@link java.security.KeyStore#getEntry(String, java.security.KeyStore.ProtectionParameter)}
* interface to retrieve the {@link SecretKey}.
- *
- * @hide
*/
public class KeyGeneratorSpec implements AlgorithmParameterSpec {
private final Context mContext;
private final String mKeystoreAlias;
private final int mFlags;
- private final Integer mKeySize;
+ private final int mKeySize;
private final Date mKeyValidityStart;
private final Date mKeyValidityForOriginationEnd;
private final Date mKeyValidityForConsumptionEnd;
@@ -61,7 +59,7 @@
Context context,
String keyStoreAlias,
int flags,
- Integer keySize,
+ int keySize,
Date keyValidityStart,
Date keyValidityForOriginationEnd,
Date keyValidityForConsumptionEnd,
@@ -122,9 +120,9 @@
}
/**
- * Gets the requested key size or {@code null} if the default size should be used.
+ * Returns the requested key size or {@code -1} if default size should be used.
*/
- public Integer getKeySize() {
+ public int getKeySize() {
return mKeySize;
}
@@ -216,8 +214,6 @@
* authenticators protecting access to this key.
*
* @see #getUserAuthenticators()
- *
- * @hide
*/
public boolean isInvalidatedOnNewFingerprintEnrolled() {
return mInvalidatedOnNewFingerprintEnrolled;
@@ -234,7 +230,7 @@
private final Context mContext;
private String mKeystoreAlias;
private int mFlags;
- private Integer mKeySize;
+ private int mKeySize = -1;
private Date mKeyValidityStart;
private Date mKeyValidityForOriginationEnd;
private Date mKeyValidityForConsumptionEnd;
@@ -460,8 +456,6 @@
* <p>By default, enrolling a new fingerprint does not invalidate the key.
*
* @see #setUserAuthenticators(Set)
- *
- * @hide
*/
public Builder setInvalidatedOnNewFingerprintEnrolled(boolean invalidated) {
mInvalidatedOnNewFingerprintEnrolled = invalidated;
diff --git a/keystore/java/android/security/KeyNotYetValidException.java b/keystore/java/android/security/KeyNotYetValidException.java
index f1c2cac..964cd7e 100644
--- a/keystore/java/android/security/KeyNotYetValidException.java
+++ b/keystore/java/android/security/KeyNotYetValidException.java
@@ -19,8 +19,6 @@
/**
* Indicates that a cryptographic operation failed because the employed key's validity start date
* is in the future.
- *
- * @hide
*/
public class KeyNotYetValidException extends CryptoOperationException {
diff --git a/keystore/java/android/security/KeyPairGeneratorSpec.java b/keystore/java/android/security/KeyPairGeneratorSpec.java
index ed2d856..e297d26 100644
--- a/keystore/java/android/security/KeyPairGeneratorSpec.java
+++ b/keystore/java/android/security/KeyPairGeneratorSpec.java
@@ -311,8 +311,6 @@
* Gets the time instant before which the key pair is not yet valid.
*
* @return instant or {@code null} if not restricted.
- *
- * @hide
*/
public Date getKeyValidityStart() {
return mKeyValidityStart;
@@ -323,8 +321,6 @@
* verification.
*
* @return instant or {@code null} if not restricted.
- *
- * @hide
*/
public Date getKeyValidityForConsumptionEnd() {
return mKeyValidityForConsumptionEnd;
@@ -334,8 +330,6 @@
* Gets the time instant after which the key pair is no longer valid for encryption and signing.
*
* @return instant or {@code null} if not restricted.
- *
- * @hide
*/
public Date getKeyValidityForOriginationEnd() {
return mKeyValidityForOriginationEnd;
@@ -343,8 +337,6 @@
/**
* Gets the set of purposes for which the key can be used.
- *
- * @hide
*/
public @KeyStoreKeyProperties.PurposeEnum int getPurposes() {
return mPurposes;
@@ -352,8 +344,6 @@
/**
* Gets the set of digest algorithms with which the key can be used.
- *
- * @hide
*/
public String[] getDigests() {
return ArrayUtils.cloneIfNotEmpty(mDigests);
@@ -361,8 +351,6 @@
/**
* Gets the set of padding schemes with which the key can be used when encrypting/decrypting.
- *
- * @hide
*/
public String[] getEncryptionPaddings() {
return ArrayUtils.cloneIfNotEmpty(mEncryptionPaddings);
@@ -370,8 +358,6 @@
/**
* Gets the set of padding schemes with which the key can be used when signing/verifying.
- *
- * @hide
*/
public String[] getSignaturePaddings() {
return ArrayUtils.cloneIfNotEmpty(mSignaturePaddings);
@@ -379,8 +365,6 @@
/**
* Gets the set of block modes with which the key can be used.
- *
- * @hide
*/
public String[] getBlockModes() {
return ArrayUtils.cloneIfNotEmpty(mBlockModes);
@@ -394,8 +378,6 @@
* weaknesses due to which ciphertext may leak information about plaintext. For example, if a
* given plaintext always produces the same ciphertext, an attacker may see the repeated
* ciphertexts and be able to deduce something about the plaintext.
- *
- * @hide
*/
public boolean isRandomizedEncryptionRequired() {
return mRandomizedEncryptionRequired;
@@ -409,8 +391,6 @@
* restricted.
*
* @return user authenticators or {@code 0} if the key can be used without user authentication.
- *
- * @hide
*/
public @KeyStoreKeyProperties.UserAuthenticatorEnum int getUserAuthenticators() {
return mUserAuthenticators;
@@ -425,8 +405,6 @@
*
* @return duration in seconds or {@code -1} if not restricted. {@code 0} means authentication
* is required for every use of the key.
- *
- * @hide
*/
public int getUserAuthenticationValidityDurationSeconds() {
return mUserAuthenticationValidityDurationSeconds;
@@ -438,8 +416,6 @@
* authenticators protecting access to this key.
*
* @see #getUserAuthenticators()
- *
- * @hide
*/
public boolean isInvalidatedOnNewFingerprintEnrolled() {
return mInvalidatedOnNewFingerprintEnrolled;
@@ -642,8 +618,6 @@
* <p>By default, the key is valid at any instant.
*
* @see #setKeyValidityEnd(Date)
- *
- * @hide
*/
public Builder setKeyValidityStart(Date startDate) {
mKeyValidityStart = startDate;
@@ -658,8 +632,6 @@
* @see #setKeyValidityStart(Date)
* @see #setKeyValidityForConsumptionEnd(Date)
* @see #setKeyValidityForOriginationEnd(Date)
- *
- * @hide
*/
public Builder setKeyValidityEnd(Date endDate) {
setKeyValidityForOriginationEnd(endDate);
@@ -673,8 +645,6 @@
* <p>By default, the key is valid at any instant.
*
* @see #setKeyValidityForConsumptionEnd(Date)
- *
- * @hide
*/
public Builder setKeyValidityForOriginationEnd(Date endDate) {
mKeyValidityForOriginationEnd = endDate;
@@ -688,8 +658,6 @@
* <p>By default, the key is valid at any instant.
*
* @see #setKeyValidityForOriginationEnd(Date)
- *
- * @hide
*/
public Builder setKeyValidityForConsumptionEnd(Date endDate) {
mKeyValidityForConsumptionEnd = endDate;
@@ -700,8 +668,6 @@
* Sets the set of purposes for which the key can be used.
*
* <p>This must be specified for all keys. There is no default.
- *
- * @hide
*/
public Builder setPurposes(@KeyStoreKeyProperties.PurposeEnum int purposes) {
mPurposes = purposes;
@@ -713,8 +679,6 @@
* to use the key with any other digest will be rejected.
*
* <p>This must be specified for keys which are used for signing/verification.
- *
- * @hide
*/
public Builder setDigests(String... digests) {
mDigests = ArrayUtils.cloneIfNotEmpty(digests);
@@ -727,8 +691,6 @@
* rejected.
*
* <p>This must be specified for keys which are used for encryption/decryption.
- *
- * @hide
*/
public Builder setEncryptionPaddings(String... paddings) {
mEncryptionPaddings = ArrayUtils.cloneIfNotEmpty(paddings);
@@ -741,8 +703,6 @@
* rejected.
*
* <p>This must be specified for RSA keys which are used for signing/verification.
- *
- * @hide
*/
public Builder setSignaturePaddings(String... paddings) {
mSignaturePaddings = ArrayUtils.cloneIfNotEmpty(paddings);
@@ -754,8 +714,6 @@
* Attempts to use the key with any other block modes will be rejected.
*
* <p>This must be specified for encryption/decryption keys.
- *
- * @hide
*/
public Builder setBlockModes(String... blockModes) {
mBlockModes = ArrayUtils.cloneIfNotEmpty(blockModes);
@@ -781,8 +739,6 @@
* <li>If you are using RSA encryption without padding, consider switching to padding
* schemes which offer {@code IND-CPA}, such as PKCS#1 or OAEP.</li>
* </ul>
- *
- * @hide
*/
public Builder setRandomizedEncryptionRequired(boolean required) {
mRandomizedEncryptionRequired = required;
@@ -802,8 +758,6 @@
* without user authentication.
*
* @see #setUserAuthenticationValidityDurationSeconds(int)
- *
- * @hide
*/
public Builder setUserAuthenticators(
@KeyStoreKeyProperties.UserAuthenticatorEnum int userAuthenticators) {
@@ -824,8 +778,6 @@
* every use of the key.
*
* @see #setUserAuthenticators(int)
- *
- * @hide
*/
public Builder setUserAuthenticationValidityDurationSeconds(int seconds) {
mUserAuthenticationValidityDurationSeconds = seconds;
@@ -840,8 +792,6 @@
* <p>By default, enrolling a new fingerprint does not invalidate the key.
*
* @see #setUserAuthenticators(Set)
- *
- * @hide
*/
public Builder setInvalidatedOnNewFingerprintEnrolled(boolean invalidated) {
mInvalidatedOnNewFingerprintEnrolled = invalidated;
diff --git a/keystore/java/android/security/KeyStoreKeyGeneratorSpi.java b/keystore/java/android/security/KeyStoreKeyGeneratorSpi.java
index 3b28045..72c485a 100644
--- a/keystore/java/android/security/KeyStoreKeyGeneratorSpi.java
+++ b/keystore/java/android/security/KeyStoreKeyGeneratorSpi.java
@@ -133,7 +133,7 @@
throw new IllegalStateException("Digest algorithm must be specified for HMAC key");
}
}
- int keySizeBits = (spec.getKeySize() != null) ? spec.getKeySize() : mDefaultKeySizeBits;
+ int keySizeBits = (spec.getKeySize() != -1) ? spec.getKeySize() : mDefaultKeySizeBits;
args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, keySizeBits);
@KeyStoreKeyProperties.PurposeEnum int purposes = spec.getPurposes();
int[] keymasterBlockModes = KeymasterUtils.getKeymasterBlockModesFromJcaBlockModes(
diff --git a/keystore/java/android/security/KeyStoreKeyProperties.java b/keystore/java/android/security/KeyStoreKeyProperties.java
index 7f3f1a4..b1f330f 100644
--- a/keystore/java/android/security/KeyStoreKeyProperties.java
+++ b/keystore/java/android/security/KeyStoreKeyProperties.java
@@ -27,8 +27,6 @@
/**
* Properties of {@code AndroidKeyStore} keys.
- *
- * @hide
*/
public abstract class KeyStoreKeyProperties {
private KeyStoreKeyProperties() {}
diff --git a/keystore/java/android/security/KeyStoreKeySpec.java b/keystore/java/android/security/KeyStoreKeySpec.java
index 2ff1a64..a89e4dd 100644
--- a/keystore/java/android/security/KeyStoreKeySpec.java
+++ b/keystore/java/android/security/KeyStoreKeySpec.java
@@ -22,8 +22,6 @@
/**
* Information about a key from the <a href="{@docRoot}training/articles/keystore.html">Android
* KeyStore</a>.
- *
- * @hide
*/
public class KeyStoreKeySpec implements KeySpec {
private final String mKeystoreAlias;
diff --git a/keystore/java/android/security/KeyStoreParameter.java b/keystore/java/android/security/KeyStoreParameter.java
index a04bc6c..c24b74f 100644
--- a/keystore/java/android/security/KeyStoreParameter.java
+++ b/keystore/java/android/security/KeyStoreParameter.java
@@ -108,7 +108,6 @@
* Gets the time instant before which the key is not yet valid.
*
* @return instant or {@code null} if not restricted.
- * @hide
*/
public Date getKeyValidityStart() {
return mKeyValidityStart;
@@ -118,8 +117,6 @@
* Gets the time instant after which the key is no long valid for decryption and verification.
*
* @return instant or {@code null} if not restricted.
- *
- * @hide
*/
public Date getKeyValidityForConsumptionEnd() {
return mKeyValidityForConsumptionEnd;
@@ -129,8 +126,6 @@
* Gets the time instant after which the key is no long valid for encryption and signing.
*
* @return instant or {@code null} if not restricted.
- *
- * @hide
*/
public Date getKeyValidityForOriginationEnd() {
return mKeyValidityForOriginationEnd;
@@ -138,8 +133,6 @@
/**
* Gets the set of purposes for which the key can be used.
- *
- * @hide
*/
public @KeyStoreKeyProperties.PurposeEnum int getPurposes() {
return mPurposes;
@@ -147,8 +140,6 @@
/**
* Gets the set of padding schemes with which the key can be used when encrypting/decrypting.
- *
- * @hide
*/
public String[] getEncryptionPaddings() {
return ArrayUtils.cloneIfNotEmpty(mEncryptionPaddings);
@@ -157,8 +148,6 @@
/**
* Gets the set of padding schemes with which the key can be used when signing or verifying
* signatures.
- *
- * @hide
*/
public String[] getSignaturePaddings() {
return ArrayUtils.cloneIfNotEmpty(mSignaturePaddings);
@@ -170,8 +159,6 @@
* @throws IllegalStateException if this set has not been specified.
*
* @see #isDigestsSpecified()
- *
- * @hide
*/
public String[] getDigests() {
if (mDigests == null) {
@@ -185,8 +172,6 @@
* specified.
*
* @see #getDigests()
- *
- * @hide
*/
public boolean isDigestsSpecified() {
return mDigests != null;
@@ -194,8 +179,6 @@
/**
* Gets the set of block modes with which the key can be used.
- *
- * @hide
*/
public String[] getBlockModes() {
return ArrayUtils.cloneIfNotEmpty(mBlockModes);
@@ -209,8 +192,6 @@
* weaknesses due to which ciphertext may leak information about plaintext. For example, if a
* given plaintext always produces the same ciphertext, an attacker may see the repeated
* ciphertexts and be able to deduce something about the plaintext.
- *
- * @hide
*/
public boolean isRandomizedEncryptionRequired() {
return mRandomizedEncryptionRequired;
@@ -221,8 +202,6 @@
* used iff the user has authenticated to at least one of these user authenticators.
*
* @return user authenticators or {@code 0} if the key can be used without user authentication.
- *
- * @hide
*/
public @KeyStoreKeyProperties.UserAuthenticatorEnum int getUserAuthenticators() {
return mUserAuthenticators;
@@ -234,8 +213,6 @@
*
* @return duration in seconds or {@code -1} if not restricted. {@code 0} means authentication
* is required for every use of the key.
- *
- * @hide
*/
public int getUserAuthenticationValidityDurationSeconds() {
return mUserAuthenticationValidityDurationSeconds;
@@ -247,8 +224,6 @@
* authenticators protecting access to this key.
*
* @see #getUserAuthenticators()
- *
- * @hide
*/
public boolean isInvalidatedOnNewFingerprintEnrolled() {
return mInvalidatedOnNewFingerprintEnrolled;
@@ -321,8 +296,6 @@
* <p>By default, the key is valid at any instant.
*
* @see #setKeyValidityEnd(Date)
- *
- * @hide
*/
public Builder setKeyValidityStart(Date startDate) {
mKeyValidityStart = startDate;
@@ -337,8 +310,6 @@
* @see #setKeyValidityStart(Date)
* @see #setKeyValidityForConsumptionEnd(Date)
* @see #setKeyValidityForOriginationEnd(Date)
- *
- * @hide
*/
public Builder setKeyValidityEnd(Date endDate) {
setKeyValidityForOriginationEnd(endDate);
@@ -352,8 +323,6 @@
* <p>By default, the key is valid at any instant.
*
* @see #setKeyValidityForConsumptionEnd(Date)
- *
- * @hide
*/
public Builder setKeyValidityForOriginationEnd(Date endDate) {
mKeyValidityForOriginationEnd = endDate;
@@ -367,8 +336,6 @@
* <p>By default, the key is valid at any instant.
*
* @see #setKeyValidityForOriginationEnd(Date)
- *
- * @hide
*/
public Builder setKeyValidityForConsumptionEnd(Date endDate) {
mKeyValidityForConsumptionEnd = endDate;
@@ -379,8 +346,6 @@
* Sets the set of purposes for which the key can be used.
*
* <p>This must be specified for all keys. There is no default.
- *
- * @hide
*/
public Builder setPurposes(@KeyStoreKeyProperties.PurposeEnum int purposes) {
mPurposes = purposes;
@@ -393,8 +358,6 @@
* rejected.
*
* <p>This must be specified for keys which are used for encryption/decryption.
- *
- * @hide
*/
public Builder setEncryptionPaddings(String... paddings) {
mEncryptionPaddings = ArrayUtils.cloneIfNotEmpty(paddings);
@@ -407,8 +370,6 @@
* rejected.
*
* <p>This must be specified for RSA keys which are used for signing/verification.
- *
- * @hide
*/
public Builder setSignaturePaddings(String... paddings) {
mSignaturePaddings = ArrayUtils.cloneIfNotEmpty(paddings);
@@ -422,8 +383,6 @@
*
* <p>For HMAC keys, the default is the digest specified in {@link Key#getAlgorithm()}. For
* asymmetric signing keys this constraint must be specified.
- *
- * @hide
*/
public Builder setDigests(String... digests) {
mDigests = ArrayUtils.cloneIfNotEmpty(digests);
@@ -435,8 +394,6 @@
* Attempts to use the key with any other block modes will be rejected.
*
* <p>This must be specified for encryption/decryption keys.
- *
- * @hide
*/
public Builder setBlockModes(String... blockModes) {
mBlockModes = ArrayUtils.cloneIfNotEmpty(blockModes);
@@ -476,8 +433,6 @@
* <li>If you are using RSA encryption without padding, consider switching to padding
* schemes which offer {@code IND-CPA}, such as PKCS#1 or OAEP.</li>
* </ul>
- *
- * @hide
*/
public Builder setRandomizedEncryptionRequired(boolean required) {
mRandomizedEncryptionRequired = required;
@@ -494,8 +449,6 @@
* without user authentication.
*
* @see #setUserAuthenticationValidityDurationSeconds(int)
- *
- * @hide
*/
public Builder setUserAuthenticators(
@KeyStoreKeyProperties.UserAuthenticatorEnum int userAuthenticators) {
@@ -513,8 +466,6 @@
* every use of the key.
*
* @see #setUserAuthenticators(int)
- *
- * @hide
*/
public Builder setUserAuthenticationValidityDurationSeconds(int seconds) {
mUserAuthenticationValidityDurationSeconds = seconds;
@@ -529,8 +480,6 @@
* <p>By default, enrolling a new fingerprint does not invalidate the key.
*
* @see #setUserAuthenticators(Set)
- *
- * @hide
*/
public Builder setInvalidatedOnNewFingerprintEnrolled(boolean invalidated) {
mInvalidatedOnNewFingerprintEnrolled = invalidated;
diff --git a/keystore/java/android/security/NewFingerprintEnrolledException.java b/keystore/java/android/security/NewFingerprintEnrolledException.java
index 6da4a2a..806b214 100644
--- a/keystore/java/android/security/NewFingerprintEnrolledException.java
+++ b/keystore/java/android/security/NewFingerprintEnrolledException.java
@@ -19,8 +19,6 @@
/**
* Indicates that a cryptographic operation could not be performed because the key used by the
* operation is permanently invalid because a new fingerprint was enrolled.
- *
- * @hide
*/
public class NewFingerprintEnrolledException extends CryptoOperationException {
diff --git a/keystore/java/android/security/UserNotAuthenticatedException.java b/keystore/java/android/security/UserNotAuthenticatedException.java
index e6342ef..f5f5f41 100644
--- a/keystore/java/android/security/UserNotAuthenticatedException.java
+++ b/keystore/java/android/security/UserNotAuthenticatedException.java
@@ -19,8 +19,6 @@
/**
* Indicates that a cryptographic operation could not be performed because the user has not been
* authenticated recently enough.
- *
- * @hide
*/
public class UserNotAuthenticatedException extends CryptoOperationException {