diff options
| -rw-r--r-- | api/current.txt | 2 | ||||
| -rw-r--r-- | api/system-current.txt | 2 | ||||
| -rw-r--r-- | keystore/java/android/security/KeyChain.java | 15 | ||||
| -rw-r--r-- | keystore/java/android/security/KeyStore.java | 2 |
4 files changed, 18 insertions, 3 deletions
diff --git a/api/current.txt b/api/current.txt index 49e226874efd..b433d2a289b5 100644 --- a/api/current.txt +++ b/api/current.txt @@ -28393,7 +28393,7 @@ package android.security { method public static android.content.Intent createInstallIntent(); method public static java.security.cert.X509Certificate[] getCertificateChain(android.content.Context, java.lang.String) throws java.lang.InterruptedException, android.security.KeyChainException; method public static java.security.PrivateKey getPrivateKey(android.content.Context, java.lang.String) throws java.lang.InterruptedException, android.security.KeyChainException; - method public static boolean isBoundKeyAlgorithm(java.lang.String); + method public static deprecated boolean isBoundKeyAlgorithm(java.lang.String); method public static boolean isKeyAlgorithmSupported(java.lang.String); field public static final java.lang.String ACTION_STORAGE_CHANGED = "android.security.STORAGE_CHANGED"; field public static final java.lang.String EXTRA_CERTIFICATE = "CERT"; diff --git a/api/system-current.txt b/api/system-current.txt index 3e8b065c62ff..cc7deef9635e 100644 --- a/api/system-current.txt +++ b/api/system-current.txt @@ -30426,7 +30426,7 @@ package android.security { method public static android.content.Intent createInstallIntent(); method public static java.security.cert.X509Certificate[] getCertificateChain(android.content.Context, java.lang.String) throws java.lang.InterruptedException, android.security.KeyChainException; method public static java.security.PrivateKey getPrivateKey(android.content.Context, java.lang.String) throws java.lang.InterruptedException, android.security.KeyChainException; - method public static boolean isBoundKeyAlgorithm(java.lang.String); + method public static deprecated boolean isBoundKeyAlgorithm(java.lang.String); method public static boolean isKeyAlgorithmSupported(java.lang.String); field public static final java.lang.String ACTION_STORAGE_CHANGED = "android.security.STORAGE_CHANGED"; field public static final java.lang.String EXTRA_CERTIFICATE = "CERT"; diff --git a/keystore/java/android/security/KeyChain.java b/keystore/java/android/security/KeyChain.java index 817b7c953828..059d8e6dbf00 100644 --- a/keystore/java/android/security/KeyChain.java +++ b/keystore/java/android/security/KeyChain.java @@ -29,11 +29,13 @@ import android.os.Looper; import android.os.Process; import android.os.RemoteException; import android.os.UserHandle; +import android.security.keystore.KeyInfo; import android.security.keystore.KeyProperties; import java.io.ByteArrayInputStream; import java.io.Closeable; import java.security.InvalidKeyException; +import java.security.KeyFactory; import java.security.Principal; import java.security.PrivateKey; import java.security.cert.Certificate; @@ -442,7 +444,20 @@ public final class KeyChain { * imported or generated. This can be used to tell if there is special * hardware support that can be used to bind keys to the device in a way * that makes it non-exportable. + * + * @deprecated Whether the key is bound to the secure hardware is known only + * once the key has been imported. To find out, use: + * <pre>{@code + * PrivateKey key = ...; // private key from KeyChain + * + * KeyFactory keyFactory = + * KeyFactory.getInstance(key.getAlgorithm(), "AndroidKeyStore"); + * KeyInfo keyInfo = keyFactory.getKeySpec(key, KeyInfo.class); + * if (keyInfo.isInsideSecureHardware()) { + * // The key is bound to the secure hardware of this Android + * }}</pre> */ + @Deprecated public static boolean isBoundKeyAlgorithm( @NonNull @KeyProperties.KeyAlgorithmEnum String algorithm) { if (!isKeyAlgorithmSupported(algorithm)) { diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java index 367257ab9bee..ad348f8fdf75 100644 --- a/keystore/java/android/security/KeyStore.java +++ b/keystore/java/android/security/KeyStore.java @@ -383,7 +383,7 @@ public class KeyStore { } } - // TODO remove this when it's removed from Settings + // TODO: remove this when it's removed from Settings public boolean isHardwareBacked() { return isHardwareBacked("RSA"); } |