diff options
| author | 2018-04-02 18:29:11 -0700 | |
|---|---|---|
| committer | 2018-04-02 18:29:11 -0700 | |
| commit | 5ef26ddf601a912a2765a954fd82d7d2a5a7fbef (patch) | |
| tree | 138e43ccc22bc52e1301c28f1fdfc41da9eb2257 | |
| parent | b9af84ca8dc6c6ffc1051aa66136f19e1f1b73a3 (diff) | |
| parent | 084f9aee9a54a86680feed7cafd56a06ba6f24f8 (diff) | |
Merge ""Unlocked device required" javadoc clarification" into pi-dev
am: 084f9aee9a
Change-Id: Icb6580e3c7ee5a1b5cbacbd99eb769e3f55b5d9a
| -rw-r--r-- | keystore/java/android/security/keystore/KeyGenParameterSpec.java | 11 | ||||
| -rw-r--r-- | keystore/java/android/security/keystore/KeyProtection.java | 11 |
2 files changed, 14 insertions, 8 deletions
diff --git a/keystore/java/android/security/keystore/KeyGenParameterSpec.java b/keystore/java/android/security/keystore/KeyGenParameterSpec.java index f7bda3e46cf5..c0d0fb00b40f 100644 --- a/keystore/java/android/security/keystore/KeyGenParameterSpec.java +++ b/keystore/java/android/security/keystore/KeyGenParameterSpec.java @@ -673,7 +673,9 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu } /** - * Returns {@code true} if the key cannot be used unless the device screen is unlocked. + * Returns {@code true} if the screen must be unlocked for this key to be used for encryption or + * signing. Decryption and signature verification will still be available when the screen is + * locked. * * @see Builder#setUnlockedDeviceRequired(boolean) */ @@ -1289,9 +1291,10 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu /** * Sets whether the keystore requires the screen to be unlocked before allowing decryption - * using this key. If this is set to {@code true}, any attempt to decrypt using this key - * while the screen is locked will fail. A locked device requires a PIN, password, - * fingerprint, or other trusted factor to access. + * using this key. If this is set to {@code true}, any attempt to decrypt or sign using this + * key while the screen is locked will fail. A locked device requires a PIN, password, + * fingerprint, or other trusted factor to access. While the screen is locked, the key can + * still be used for encryption or signature verification. */ @NonNull public Builder setUnlockedDeviceRequired(boolean unlockedDeviceRequired) { diff --git a/keystore/java/android/security/keystore/KeyProtection.java b/keystore/java/android/security/keystore/KeyProtection.java index 5174890b3fd2..4daf30ced7dc 100644 --- a/keystore/java/android/security/keystore/KeyProtection.java +++ b/keystore/java/android/security/keystore/KeyProtection.java @@ -508,7 +508,9 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs { } /** - * Returns {@code true} if the key cannot be used unless the device screen is unlocked. + * Returns {@code true} if the screen must be unlocked for this key to be used for encryption or + * signing. Decryption and signature verification will still be available when the screen is + * locked. * * @see Builder#setUnlockedDeviceRequired(boolean) */ @@ -929,9 +931,10 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs { /** * Sets whether the keystore requires the screen to be unlocked before allowing decryption - * using this key. If this is set to {@code true}, any attempt to decrypt using this key - * while the screen is locked will fail. A locked device requires a PIN, password, - * fingerprint, or other trusted factor to access. + * using this key. If this is set to {@code true}, any attempt to decrypt or sign using this + * key while the screen is locked will fail. A locked device requires a PIN, password, + * fingerprint, or other trusted factor to access. While the screen is locked, the key can + * still be used for encryption or signature verification. */ @NonNull public Builder setUnlockedDeviceRequired(boolean unlockedDeviceRequired) { |