Loading keystore/java/android/security/keystore/KeyGenParameterSpec.java +17 −22 Original line number Original line Diff line number Diff line Loading @@ -596,10 +596,10 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { } } /** /** * Returns {@code true} if the key will remain authorized while the device is on the user's * Returns {@code true} if the key will remain authorized only until the device is removed from * body, even after the validity duration has expired. This option has no effect on keys that * the user's body, up to the validity duration. This option has no effect on keys that don't * don't have an authentication validity duration, and has no effect if the device lacks a * have an authentication validity duration, and has no effect if the device lacks an on-body * secure on-body sensor. * sensor. * * * <p>Authorization applies only to secret key and private key operations. Public key operations * <p>Authorization applies only to secret key and private key operations. Public key operations * are not restricted. * are not restricted. Loading Loading @@ -1104,26 +1104,21 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { } } /** /** * Sets whether the key is authorized for use after the authentication validity period is * Sets whether the key will remain authorized only until the device is removed from the * expired (see {@link #setUserAuthenticationValidityDurationSeconds} and {@link * user's body up to the limit of the authentication validity period (see * #setUserAuthenticationRequired}) if the device has a secure on-body sensor and if the * {@link #setUserAuthenticationValidityDurationSeconds} and * device has not been removed from the user's body since the last successful * {@link #setUserAuthenticationRequired}). Once the device has been removed from the * authentication. * user's body, the key will be considered unauthorized and the user will need to * * re-authenticate to use it. For keys without an authentication validity period this * <p>On devices that do not have a secure on-body sensor, creating a key with this * parameter has no effect. * parameter set to {@code true} will have no effect; the private or secret key will no * * longer be authorized for use after the validity period ends, and a fresh authentication * <p>Similarly, on devices that do not have an on-body sensor, this parameter will have no * will be required to use it again. * effect; the device will always be considered to be "on-body" and the key will therefore * * remain authorized until the validity period ends. * <p>Note that "secure" on-body sensors are required by Android to have a secure path to * * the secure hardware, but the sensors themselves may not be difficult to fool. It is * @param remainsValid if {@code true}, and if the device supports on-body detection, key * recommended that this feature be used to increase slightly the security of keys which * will be invalidated when the device is removed from the user's body or when the * would otherwise have to allow unauthenticated access, or have a very long validity * authentication validity expires, whichever occurs first. * period. Keys that require high assurance of user authorization should not use this * feature and should set a short validity period. * * @param remainsValid if {@code true}, and if the device supports secure on-body detection, * key will remain valid after authentication validity duration has expired. */ */ @NonNull @NonNull public Builder setUserAuthenticationValidWhileOnBody(boolean remainsValid) { public Builder setUserAuthenticationValidWhileOnBody(boolean remainsValid) { Loading keystore/java/android/security/keystore/KeyInfo.java +4 −4 Original line number Original line Diff line number Diff line Loading @@ -285,10 +285,10 @@ public class KeyInfo implements KeySpec { } } /** /** * Returns {@code true} if this key will remain usable after its specified validity duration * Returns {@code true} if this key will become unusable when the device is removed from the * for as long as the device remains on the user's body. This is possible only for keys with * user's body. This is possible only for keys with a specified validity duration, and only on * a specified validity duration. Always returns {@code false} on devices that lack a secure * devices with an on-body sensor. Always returns {@code false} on devices that lack an on-body * on-body sensor. * sensor. */ */ public boolean isUserAuthenticationValidWhileOnBody() { public boolean isUserAuthenticationValidWhileOnBody() { return mUserAuthenticationValidWhileOnBody; return mUserAuthenticationValidWhileOnBody; Loading keystore/java/android/security/keystore/KeyProtection.java +18 −24 Original line number Original line Diff line number Diff line Loading @@ -407,10 +407,9 @@ public final class KeyProtection implements ProtectionParameter { } } /** /** * Returns {@code true} if the key will remain authorized while the device is on the user's * Returns {@code true} if the key will be de-authorized when the device is removed from the * body, even after the validity duration has expired. This option has no effect on keys that * user's body. This option has no effect on keys that don't have an authentication validity * don't have an authentication validity duration, and has no effect if the device lacks a * duration, and has no effect if the device lacks an on-body sensor. * secure on-body sensor. * * * <p>Authorization applies only to secret key and private key operations. Public key operations * <p>Authorization applies only to secret key and private key operations. Public key operations * are not restricted. * are not restricted. Loading Loading @@ -728,26 +727,21 @@ public final class KeyProtection implements ProtectionParameter { } } /** /** * Sets whether the key is authorized for use after the authentication validity period is * Sets whether the key will remain authorized only until the device is removed from the * expired (see {@link #setUserAuthenticationValidityDurationSeconds} and {@link * user's body up to the limit of the authentication validity period (see * #setUserAuthenticationRequired}) if the device has a secure on-body sensor and if the * {@link #setUserAuthenticationValidityDurationSeconds} and * device has not been removed from the user's body since the last successful * {@link #setUserAuthenticationRequired}). Once the device has been removed from the * authentication. * user's body, the key will be considered unauthorized and the user will need to * * re-authenticate to use it. For keys without an authentication validity period this * <p>On devices that do not have a secure on-body sensor, creating a key with this * parameter has no effect. * parameter set to {@code true} will have no effect; the private or secret key will no * * longer be authorized for use after the validity period ends, and a fresh authentication * <p>Similarly, on devices that do not have an on-body sensor, this parameter will have no * will be required to use it again. * effect; the device will always be considered to be "on-body" and the key will therefore * * remain authorized until the validity period ends. * <p>Note that "secure" on-body sensors are required by Android to have a secure path to * * the secure hardware, but the sensors themselves may not be difficult to fool. It is * @param remainsValid if {@code true}, and if the device supports on-body detection, key * recommended that this feature be used to increase slightly the security of keys which * will be invalidated when the device is removed from the user's body or when the * would otherwise have to allow unauthenticated access, or have a very long validity * authentication validity expires, whichever occurs first. * period. Keys that require high assurance of user authorization should not use this * feature and should set a short validity period. * * @param remainsValid if {@code true}, and if the device supports secure on-body detection, * key will remain valid after authentication validity duration has expired. */ */ @NonNull @NonNull public Builder setUserAuthenticationValidWhileOnBody(boolean remainsValid) { public Builder setUserAuthenticationValidWhileOnBody(boolean remainsValid) { Loading Loading
keystore/java/android/security/keystore/KeyGenParameterSpec.java +17 −22 Original line number Original line Diff line number Diff line Loading @@ -596,10 +596,10 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { } } /** /** * Returns {@code true} if the key will remain authorized while the device is on the user's * Returns {@code true} if the key will remain authorized only until the device is removed from * body, even after the validity duration has expired. This option has no effect on keys that * the user's body, up to the validity duration. This option has no effect on keys that don't * don't have an authentication validity duration, and has no effect if the device lacks a * have an authentication validity duration, and has no effect if the device lacks an on-body * secure on-body sensor. * sensor. * * * <p>Authorization applies only to secret key and private key operations. Public key operations * <p>Authorization applies only to secret key and private key operations. Public key operations * are not restricted. * are not restricted. Loading Loading @@ -1104,26 +1104,21 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { } } /** /** * Sets whether the key is authorized for use after the authentication validity period is * Sets whether the key will remain authorized only until the device is removed from the * expired (see {@link #setUserAuthenticationValidityDurationSeconds} and {@link * user's body up to the limit of the authentication validity period (see * #setUserAuthenticationRequired}) if the device has a secure on-body sensor and if the * {@link #setUserAuthenticationValidityDurationSeconds} and * device has not been removed from the user's body since the last successful * {@link #setUserAuthenticationRequired}). Once the device has been removed from the * authentication. * user's body, the key will be considered unauthorized and the user will need to * * re-authenticate to use it. For keys without an authentication validity period this * <p>On devices that do not have a secure on-body sensor, creating a key with this * parameter has no effect. * parameter set to {@code true} will have no effect; the private or secret key will no * * longer be authorized for use after the validity period ends, and a fresh authentication * <p>Similarly, on devices that do not have an on-body sensor, this parameter will have no * will be required to use it again. * effect; the device will always be considered to be "on-body" and the key will therefore * * remain authorized until the validity period ends. * <p>Note that "secure" on-body sensors are required by Android to have a secure path to * * the secure hardware, but the sensors themselves may not be difficult to fool. It is * @param remainsValid if {@code true}, and if the device supports on-body detection, key * recommended that this feature be used to increase slightly the security of keys which * will be invalidated when the device is removed from the user's body or when the * would otherwise have to allow unauthenticated access, or have a very long validity * authentication validity expires, whichever occurs first. * period. Keys that require high assurance of user authorization should not use this * feature and should set a short validity period. * * @param remainsValid if {@code true}, and if the device supports secure on-body detection, * key will remain valid after authentication validity duration has expired. */ */ @NonNull @NonNull public Builder setUserAuthenticationValidWhileOnBody(boolean remainsValid) { public Builder setUserAuthenticationValidWhileOnBody(boolean remainsValid) { Loading
keystore/java/android/security/keystore/KeyInfo.java +4 −4 Original line number Original line Diff line number Diff line Loading @@ -285,10 +285,10 @@ public class KeyInfo implements KeySpec { } } /** /** * Returns {@code true} if this key will remain usable after its specified validity duration * Returns {@code true} if this key will become unusable when the device is removed from the * for as long as the device remains on the user's body. This is possible only for keys with * user's body. This is possible only for keys with a specified validity duration, and only on * a specified validity duration. Always returns {@code false} on devices that lack a secure * devices with an on-body sensor. Always returns {@code false} on devices that lack an on-body * on-body sensor. * sensor. */ */ public boolean isUserAuthenticationValidWhileOnBody() { public boolean isUserAuthenticationValidWhileOnBody() { return mUserAuthenticationValidWhileOnBody; return mUserAuthenticationValidWhileOnBody; Loading
keystore/java/android/security/keystore/KeyProtection.java +18 −24 Original line number Original line Diff line number Diff line Loading @@ -407,10 +407,9 @@ public final class KeyProtection implements ProtectionParameter { } } /** /** * Returns {@code true} if the key will remain authorized while the device is on the user's * Returns {@code true} if the key will be de-authorized when the device is removed from the * body, even after the validity duration has expired. This option has no effect on keys that * user's body. This option has no effect on keys that don't have an authentication validity * don't have an authentication validity duration, and has no effect if the device lacks a * duration, and has no effect if the device lacks an on-body sensor. * secure on-body sensor. * * * <p>Authorization applies only to secret key and private key operations. Public key operations * <p>Authorization applies only to secret key and private key operations. Public key operations * are not restricted. * are not restricted. Loading Loading @@ -728,26 +727,21 @@ public final class KeyProtection implements ProtectionParameter { } } /** /** * Sets whether the key is authorized for use after the authentication validity period is * Sets whether the key will remain authorized only until the device is removed from the * expired (see {@link #setUserAuthenticationValidityDurationSeconds} and {@link * user's body up to the limit of the authentication validity period (see * #setUserAuthenticationRequired}) if the device has a secure on-body sensor and if the * {@link #setUserAuthenticationValidityDurationSeconds} and * device has not been removed from the user's body since the last successful * {@link #setUserAuthenticationRequired}). Once the device has been removed from the * authentication. * user's body, the key will be considered unauthorized and the user will need to * * re-authenticate to use it. For keys without an authentication validity period this * <p>On devices that do not have a secure on-body sensor, creating a key with this * parameter has no effect. * parameter set to {@code true} will have no effect; the private or secret key will no * * longer be authorized for use after the validity period ends, and a fresh authentication * <p>Similarly, on devices that do not have an on-body sensor, this parameter will have no * will be required to use it again. * effect; the device will always be considered to be "on-body" and the key will therefore * * remain authorized until the validity period ends. * <p>Note that "secure" on-body sensors are required by Android to have a secure path to * * the secure hardware, but the sensors themselves may not be difficult to fool. It is * @param remainsValid if {@code true}, and if the device supports on-body detection, key * recommended that this feature be used to increase slightly the security of keys which * will be invalidated when the device is removed from the user's body or when the * would otherwise have to allow unauthenticated access, or have a very long validity * authentication validity expires, whichever occurs first. * period. Keys that require high assurance of user authorization should not use this * feature and should set a short validity period. * * @param remainsValid if {@code true}, and if the device supports secure on-body detection, * key will remain valid after authentication validity duration has expired. */ */ @NonNull @NonNull public Builder setUserAuthenticationValidWhileOnBody(boolean remainsValid) { public Builder setUserAuthenticationValidWhileOnBody(boolean remainsValid) { Loading
