Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2fd15b0b authored by Eran Messeri's avatar Eran Messeri
Browse files

Update documentation regarding auth-bound keys. 

When a key requires user authentication and one of the authentication
methods permitted is the device's screen lock credentials, the
root SID is added as an authenticator, and change of biometrics
enrollment will not invalidate the key.

Bug: 275900161
Test: m docs
Change-Id: I180f28883a5ac62e8bfa0b0596396085ff676637
parent 3e77c6f3

keystore/java/android/security/keystore/KeyGenParameterSpec.java

+3 −1
Original line number Diff line number Diff line
@@ -1335,7 +1335,9 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu 
         * the key, it is also irreversibly invalidated once a new biometric is enrolled or once\

         * no more biometrics are enrolled, unless {@link

         * #setInvalidatedByBiometricEnrollment(boolean)} is used to allow validity after

         * enrollment. Attempts to initialize cryptographic operations using such keys will throw

         * enrollment, or {@code KeyProperties.AUTH_DEVICE_CREDENTIAL} is specified as part of

         * the parameters to {@link #setUserAuthenticationParameters}.

         * Attempts to initialize cryptographic operations using such keys will throw

         * {@link KeyPermanentlyInvalidatedException}.</li>

         * </ul>

         *