Added in API level 18
Deprecated in API level 23

KeyPairGeneratorSpec.Builder


public static final class KeyPairGeneratorSpec.Builder
extends Object

java.lang.Object
   ↳ android.security.KeyPairGeneratorSpec.Builder


This class was deprecated in API level 23.
Use KeyGenParameterSpec.Builder instead.

Builder class for KeyPairGeneratorSpec objects.

This will build a parameter spec for use with the Android KeyStore facility.

The required fields must be filled in with the builder.

Example:

 Calendar start = Calendar.getInstance();
 Calendar end = Calendar.getInstance();
 end.add(Calendar.YEAR, 1);

 KeyPairGeneratorSpec spec =
         new KeyPairGeneratorSpec.Builder(mContext).setAlias("myKey")
                 .setSubject(new X500Principal("CN=myKey")).setSerialNumber(BigInteger.valueOf(1337))
                 .setStartDate(start.getTime()).setEndDate(end.getTime()).build();
 

Summary

Public constructors

Builder(Context context)

Creates a new instance of the Builder with the given context.

Public methods

KeyPairGeneratorSpec build()

Builds the instance of the KeyPairGeneratorSpec.

KeyPairGeneratorSpec.Builder setAlgorithmParameterSpec(AlgorithmParameterSpec spec)

Sets the algorithm-specific key generation parameters.

KeyPairGeneratorSpec.Builder setAlias(String alias)

Sets the alias to be used to retrieve the key later from a KeyStore instance using the AndroidKeyStore provider.

KeyPairGeneratorSpec.Builder setEncryptionRequired()

This method is deprecated. Data at rest encryption is enabled by default. If extra binding to the lockscreen credential is desired, use KeyGenParameterSpec.Builder#setUserAuthenticationRequired(boolean). This flag will be ignored from Android S.

KeyPairGeneratorSpec.Builder setEndDate(Date endDate)

Sets the end of the validity period for the self-signed certificate of the generated key pair.

KeyPairGeneratorSpec.Builder setKeySize(int keySize)

Sets the key size for the keypair to be created.

KeyPairGeneratorSpec.Builder setKeyType(String keyType)

Sets the type of key pair (e.g., EC, RSA) of the key pair to be generated.

KeyPairGeneratorSpec.Builder setSerialNumber(BigInteger serialNumber)

Sets the serial number used for the self-signed certificate of the generated key pair.

KeyPairGeneratorSpec.Builder setStartDate(Date startDate)

Sets the start of the validity period for the self-signed certificate of the generated key pair.

KeyPairGeneratorSpec.Builder setSubject(X500Principal subject)

Sets the subject used for the self-signed certificate of the generated key pair.

Inherited methods

Public constructors

Builder

Added in API level 18
public Builder (Context context)

Creates a new instance of the Builder with the given context. The context passed in may be used to pop up some UI to ask the user to unlock or initialize the Android KeyStore facility.

Parameters
context Context: This value cannot be null.

Public methods

build

Added in API level 18
public KeyPairGeneratorSpec build ()

Builds the instance of the KeyPairGeneratorSpec.

Returns
KeyPairGeneratorSpec built instance of KeyPairGeneratorSpec This value cannot be null.

Throws
IllegalArgumentException if a required field is missing

setAlgorithmParameterSpec

Added in API level 19
Deprecated in API level 23
public KeyPairGeneratorSpec.Builder setAlgorithmParameterSpec (AlgorithmParameterSpec spec)

Sets the algorithm-specific key generation parameters. For example, for RSA keys this may be an instance of RSAKeyGenParameterSpec.

Parameters
spec AlgorithmParameterSpec: This value cannot be null.

Returns
KeyPairGeneratorSpec.Builder

setAlias

Added in API level 18
public KeyPairGeneratorSpec.Builder setAlias (String alias)

Sets the alias to be used to retrieve the key later from a KeyStore instance using the AndroidKeyStore provider.

Parameters
alias String: This value cannot be null.

Returns
KeyPairGeneratorSpec.Builder This value cannot be null.

setEncryptionRequired

Added in API level 18
public KeyPairGeneratorSpec.Builder setEncryptionRequired ()

This method is deprecated.
Data at rest encryption is enabled by default. If extra binding to the lockscreen credential is desired, use KeyGenParameterSpec.Builder#setUserAuthenticationRequired(boolean). This flag will be ignored from Android S.

Indicates that this key pair must be encrypted at rest. This will protect the key pair with the secure lock screen credential (e.g., password, PIN, or pattern).

Note that this feature requires that the secure lock screen (e.g., password, PIN, pattern) is set up, otherwise key pair generation will fail. Moreover, this key pair will be deleted when the secure lock screen is disabled or reset (e.g., by the user or a Device Administrator). Finally, this key pair cannot be used until the user unlocks the secure lock screen after boot.

Returns
KeyPairGeneratorSpec.Builder This value cannot be null.

setEndDate

Added in API level 18
public KeyPairGeneratorSpec.Builder setEndDate (Date endDate)

Sets the end of the validity period for the self-signed certificate of the generated key pair.

Parameters
endDate Date: This value cannot be null.

Returns
KeyPairGeneratorSpec.Builder This value cannot be null.

setKeySize

Added in API level 19
Deprecated in API level 23
public KeyPairGeneratorSpec.Builder setKeySize (int keySize)

Sets the key size for the keypair to be created. For instance, for a key type of RSA this will set the modulus size and for a key type of EC it will select a curve with a matching field size.

Parameters
keySize int

Returns
KeyPairGeneratorSpec.Builder This value cannot be null.

setKeyType

Added in API level 19
Deprecated in API level 23
public KeyPairGeneratorSpec.Builder setKeyType (String keyType)

Sets the type of key pair (e.g., EC, RSA) of the key pair to be generated. See KeyProperties.KEY_ALGORITHM constants.

Parameters
keyType String: This value cannot be null. Value is KeyProperties.KEY_ALGORITHM_RSA, KeyProperties.KEY_ALGORITHM_EC, android.security.keystore.KeyProperties.KEY_ALGORITHM_XDH, KeyProperties.KEY_ALGORITHM_AES, KeyProperties.KEY_ALGORITHM_HMAC_SHA1, KeyProperties.KEY_ALGORITHM_HMAC_SHA224, KeyProperties.KEY_ALGORITHM_HMAC_SHA256, KeyProperties.KEY_ALGORITHM_HMAC_SHA384, or KeyProperties.KEY_ALGORITHM_HMAC_SHA512

Returns
KeyPairGeneratorSpec.Builder This value cannot be null.

Throws
NoSuchAlgorithmException

setSerialNumber

Added in API level 18
public KeyPairGeneratorSpec.Builder setSerialNumber (BigInteger serialNumber)

Sets the serial number used for the self-signed certificate of the generated key pair.

Parameters
serialNumber BigInteger: This value cannot be null.

Returns
KeyPairGeneratorSpec.Builder This value cannot be null.

setStartDate

Added in API level 18
public KeyPairGeneratorSpec.Builder setStartDate (Date startDate)

Sets the start of the validity period for the self-signed certificate of the generated key pair.

Parameters
startDate Date: This value cannot be null.

Returns
KeyPairGeneratorSpec.Builder This value cannot be null.

setSubject

Added in API level 18
public KeyPairGeneratorSpec.Builder setSubject (X500Principal subject)

Sets the subject used for the self-signed certificate of the generated key pair.

Parameters
subject X500Principal: This value cannot be null.

Returns
KeyPairGeneratorSpec.Builder This value cannot be null.