Added in API level 33

Summary: Constants | Methods | Inherited Methods

KeyStoreException

Kotlin |Java

public class KeyStoreException
extends Exception

java.lang.Object
↳	java.lang.Throwable
	↳	java.lang.Exception
		↳	android.security.KeyStoreException

Exception containing information about the failure at the Keystore / KeyMint layer while generating or using a key. The public error codes indicate the cause of the error and the methods indicate whether it's a system/key issue and whether re-trying the operation (with the same key or a new key) is likely to succeed.

Summary

Constants
`int`	`ERROR_ATTESTATION_CHALLENGE_TOO_LARGE` The attestation challenge specified is too large.
`int`	`ERROR_ATTESTATION_KEYS_UNAVAILABLE` There are no keys available for attestation.
`int`	`ERROR_ID_ATTESTATION_FAILURE` The error related to inclusion of device identifiers in the attestation record.
`int`	`ERROR_INCORRECT_USAGE` The feature the caller is trying to use is not compatible with the parameters used to generate the key.
`int`	`ERROR_INTERNAL_SYSTEM_ERROR` An internal system error - refer to `isTransientFailure()` to determine whether re-trying the operation is likely to yield different results.
`int`	`ERROR_KEYMINT_FAILURE` General error in the KeyMint layer.
`int`	`ERROR_KEYSTORE_FAILURE` Failure in the Keystore layer.
`int`	`ERROR_KEYSTORE_UNINITIALIZED` Indicating that `load()` has not been called on the Keystore instance, or an attempt has been made to generate an authorization bound key while the user has not set a lock screen knowledge factor (LSKF).
`int`	`ERROR_KEY_CORRUPTED` The key is corrupted and could not be recovered.
`int`	`ERROR_KEY_DOES_NOT_EXIST` The key the operation refers to doesn't exist.
`int`	`ERROR_KEY_NOT_TEMPORALLY_VALID` The key is not currently valid: Either at has expired or it will be valid for use in the future.
`int`	`ERROR_KEY_OPERATION_EXPIRED` The crypto object the caller has been using held a reference to a KeyMint operation that has been evacuated (likely due to other concurrent operations taking place).
`int`	`ERROR_OTHER` This error code is for mapping errors that the caller will not know about.
`int`	`ERROR_PERMISSION_DENIED` The caller has requested key parameters or operation which are only available to system or privileged apps.
`int`	`ERROR_UNIMPLEMENTED` The feature the caller is trying to use is not implemented by the underlying KeyMint implementation.
`int`	`ERROR_USER_AUTHENTICATION_REQUIRED` Indicating the key could not be used because the user needs to authenticate first.
`int`	`RETRY_AFTER_NEXT_REBOOT` Re-try the operation that led to this error when the device has a software update downloaded and on the next reboot.
`int`	`RETRY_NEVER` Never re-try the operation that led to this error, since it's a permanent error.
`int`	`RETRY_WHEN_CONNECTIVITY_AVAILABLE` Re-try the operation that led to this error when the device regains connectivity.
`int`	`RETRY_WITH_EXPONENTIAL_BACKOFF` Re-try the operation that led to this error with an exponential back-off delay.

Public methods
`int`	`getNumericErrorCode()` Returns one of the error codes exported by the class.
`int`	`getRetryPolicy()` Returns the re-try policy for transient failures.
`boolean`	`isSystemError()` Indicates whether the error related to the Keystore/KeyMint implementation and not a specific key.
`boolean`	`isTransientFailure()` Returns true if the failure is a transient failure - that is, performing the same operation again at a late time is likely to succeed.
`boolean`	`requiresUserAuthentication()` Indicates whether the failure is due to the device being locked.
`String`	`toString()` Returns a short description of this throwable.

Inherited methods

From class


        
          java.lang.Throwable

`final void`	`addSuppressed(Throwable exception)` Appends the specified exception to the exceptions that were suppressed in order to deliver this exception.
`Throwable`	`fillInStackTrace()` Fills in the execution stack trace.
`Throwable`	`getCause()` Returns the cause of this throwable or `null` if the cause is nonexistent or unknown.
`String`	`getLocalizedMessage()` Creates a localized description of this throwable.
`String`	`getMessage()` Returns the detail message string of this throwable.
`StackTraceElement[]`	`getStackTrace()` Provides programmatic access to the stack trace information printed by `printStackTrace()`.
`final Throwable[]`	`getSuppressed()` Returns an array containing all of the exceptions that were suppressed, typically by the `try`-with-resources statement, in order to deliver this exception.
`Throwable`	`initCause(Throwable cause)` Initializes the cause of this throwable to the specified value.
`void`	`printStackTrace()` Prints this throwable and its backtrace to the standard error stream.
`void`	`printStackTrace(PrintWriter s)` Prints this throwable and its backtrace to the specified print writer.
`void`	`printStackTrace(PrintStream s)` Prints this throwable and its backtrace to the specified print stream.
`void`	`setStackTrace(StackTraceElement[] stackTrace)` Sets the stack trace elements that will be returned by `getStackTrace()` and printed by `printStackTrace()` and related methods.
`String`	`toString()` Returns a short description of this throwable.

From class


        
          java.lang.Object

`Object`	`clone()` Creates and returns a copy of this object.
`boolean`	`equals(Object obj)` Indicates whether some other object is "equal to" this one.
`void`	`finalize()` Called by the garbage collector on an object when garbage collection determines that there are no more references to the object.
`final Class<?>`	`getClass()` Returns the runtime class of this `Object`.
`int`	`hashCode()` Returns a hash code value for the object.
`final void`	`notify()` Wakes up a single thread that is waiting on this object's monitor.
`final void`	`notifyAll()` Wakes up all threads that are waiting on this object's monitor.
`String`	`toString()` Returns a string representation of the object.
`final void`	`wait(long timeoutMillis, int nanos)` Causes the current thread to wait until it is awakened, typically by being notified or interrupted, or until a certain amount of real time has elapsed.
`final void`	`wait(long timeoutMillis)` Causes the current thread to wait until it is awakened, typically by being notified or interrupted, or until a certain amount of real time has elapsed.
`final void`	`wait()` Causes the current thread to wait until it is awakened, typically by being notified or interrupted.

Constants

ERROR_ATTESTATION_CHALLENGE_TOO_LARGE

Added in API level 33

public static final int ERROR_ATTESTATION_CHALLENGE_TOO_LARGE

The attestation challenge specified is too large.

Constant Value: 9 (0x00000009)

ERROR_ATTESTATION_KEYS_UNAVAILABLE

Added in API level 33

public static final int ERROR_ATTESTATION_KEYS_UNAVAILABLE

There are no keys available for attestation. This error is returned only on devices that rely solely on remotely-provisioned keys (see Remote Key Provisioning).

On such a device, if the caller requests key generation and includes an attestation challenge (indicating key attestation is required), the error will be returned in one of the following cases:

The pool of remotely-provisioned keys has been exhausted.
The device is not registered with the key provisioning server.

This error is a transient one if the pool of remotely-provisioned keys has been exhausted. However, if the device is not registered with the server, or the key provisioning server refuses key issuance, this is a permanent error.

Constant Value: 16 (0x00000010)

ERROR_ID_ATTESTATION_FAILURE

Added in API level 33

public static final int ERROR_ID_ATTESTATION_FAILURE

The error related to inclusion of device identifiers in the attestation record.

Constant Value: 8 (0x00000008)

ERROR_INCORRECT_USAGE

Added in API level 33

public static final int ERROR_INCORRECT_USAGE

The feature the caller is trying to use is not compatible with the parameters used to generate the key. For example, trying to use a key generated for a different signature algorithm, or a digest not specified during key creation. Another case is the attempt to generate a symmetric AES key and requesting key attestation.

Constant Value: 13 (0x0000000d)

ERROR_INTERNAL_SYSTEM_ERROR

Added in API level 33

public static final int ERROR_INTERNAL_SYSTEM_ERROR

An internal system error - refer to isTransientFailure() to determine whether re-trying the operation is likely to yield different results.

Constant Value: 4 (0x00000004)

ERROR_KEYMINT_FAILURE

Added in API level 33

public static final int ERROR_KEYMINT_FAILURE

General error in the KeyMint layer.

Constant Value: 10 (0x0000000a)

ERROR_KEYSTORE_FAILURE

Added in API level 33

public static final int ERROR_KEYSTORE_FAILURE

Failure in the Keystore layer.

Constant Value: 11 (0x0000000b)

ERROR_KEYSTORE_UNINITIALIZED

Added in API level 33

public static final int ERROR_KEYSTORE_UNINITIALIZED

Indicating that load() has not been called on the Keystore instance, or an attempt has been made to generate an authorization bound key while the user has not set a lock screen knowledge factor (LSKF). Instruct the user to set an LSKF and retry.

Constant Value: 3 (0x00000003)

ERROR_KEY_CORRUPTED

Added in API level 33

public static final int ERROR_KEY_CORRUPTED

The key is corrupted and could not be recovered.

Constant Value: 7 (0x00000007)

ERROR_KEY_DOES_NOT_EXIST

Added in API level 33

public static final int ERROR_KEY_DOES_NOT_EXIST

The key the operation refers to doesn't exist.

Constant Value: 6 (0x00000006)

ERROR_KEY_NOT_TEMPORALLY_VALID

Added in API level 33

public static final int ERROR_KEY_NOT_TEMPORALLY_VALID

The key is not currently valid: Either at has expired or it will be valid for use in the future.

Constant Value: 14 (0x0000000e)

ERROR_KEY_OPERATION_EXPIRED

Added in API level 33

public static final int ERROR_KEY_OPERATION_EXPIRED

The crypto object the caller has been using held a reference to a KeyMint operation that has been evacuated (likely due to other concurrent operations taking place). The caller should re-create the crypto object and try again.

Constant Value: 15 (0x0000000f)

ERROR_OTHER

Added in API level 33

public static final int ERROR_OTHER

This error code is for mapping errors that the caller will not know about. If the caller is targeting an API level earlier than the one the error was introduced in, then the error will be mapped to this one. In API level 33 no errors map to this error.

Constant Value: 1 (0x00000001)

ERROR_PERMISSION_DENIED

Added in API level 33

public static final int ERROR_PERMISSION_DENIED

The caller has requested key parameters or operation which are only available to system or privileged apps.

Constant Value: 5 (0x00000005)

ERROR_UNIMPLEMENTED

Added in API level 33

public static final int ERROR_UNIMPLEMENTED

The feature the caller is trying to use is not implemented by the underlying KeyMint implementation. This could happen when an unsupported algorithm is requested, or when trying to import a key in a format other than raw or PKCS#8.

Constant Value: 12 (0x0000000c)

ERROR_USER_AUTHENTICATION_REQUIRED

Added in API level 33

public static final int ERROR_USER_AUTHENTICATION_REQUIRED

Indicating the key could not be used because the user needs to authenticate first. See KeyGenParameterSpec.Builder.setUserAuthenticationRequired(boolean).

Constant Value: 2 (0x00000002)

RETRY_AFTER_NEXT_REBOOT

Added in API level 34

public static final int RETRY_AFTER_NEXT_REBOOT

Re-try the operation that led to this error when the device has a software update downloaded and on the next reboot. The Remote provisioning server recognizes the device, but refuses issuance of attestation keys because it contains a software version that could potentially be vulnerable and needs an update. Re-trying after the device has upgraded and rebooted may alleviate the problem.

This value is returned when isTransientFailure() is true.

Constant Value: 4 (0x00000004)

RETRY_NEVER

Added in API level 33

public static final int RETRY_NEVER

Never re-try the operation that led to this error, since it's a permanent error. This value is always returned when isTransientFailure() is false.

Constant Value: 1 (0x00000001)

RETRY_WHEN_CONNECTIVITY_AVAILABLE

Added in API level 33

public static final int RETRY_WHEN_CONNECTIVITY_AVAILABLE

Re-try the operation that led to this error when the device regains connectivity. Remote provisioning of keys requires reaching the remote server, and the device is currently unable to due that due to lack of network connectivity. This value is returned when isTransientFailure() is true.

Constant Value: 3 (0x00000003)

RETRY_WITH_EXPONENTIAL_BACKOFF

Added in API level 33

public static final int RETRY_WITH_EXPONENTIAL_BACKOFF

Re-try the operation that led to this error with an exponential back-off delay. The first delay should be between 5 to 30 seconds, and each subsequent re-try should double the delay time. This value is returned when isTransientFailure() is true.

Constant Value: 2 (0x00000002)

Public methods

getNumericErrorCode

Added in API level 33

public int getNumericErrorCode ()

Returns one of the error codes exported by the class.

Returns

Returns
`int`	a public error code Value is either `0` or a combination of `ERROR_OTHER`, `ERROR_USER_AUTHENTICATION_REQUIRED`, `ERROR_KEYSTORE_UNINITIALIZED`, `ERROR_INTERNAL_SYSTEM_ERROR`, `ERROR_PERMISSION_DENIED`, `ERROR_KEY_DOES_NOT_EXIST`, `ERROR_KEY_CORRUPTED`, `ERROR_ID_ATTESTATION_FAILURE`, `ERROR_ATTESTATION_CHALLENGE_TOO_LARGE`, `ERROR_KEYMINT_FAILURE`, `ERROR_KEYSTORE_FAILURE`, `ERROR_UNIMPLEMENTED`, `ERROR_INCORRECT_USAGE`, `ERROR_KEY_NOT_TEMPORALLY_VALID`, `ERROR_KEY_OPERATION_EXPIRED`, `ERROR_ATTESTATION_KEYS_UNAVAILABLE`, and android.security.KeyStoreException.ERROR_DEVICE_REQUIRES_UPGRADE_FOR_ATTESTATION

int

a public error code Value is either 0 or a combination of ERROR_OTHER, ERROR_USER_AUTHENTICATION_REQUIRED, ERROR_KEYSTORE_UNINITIALIZED, ERROR_INTERNAL_SYSTEM_ERROR, ERROR_PERMISSION_DENIED, ERROR_KEY_DOES_NOT_EXIST, ERROR_KEY_CORRUPTED, ERROR_ID_ATTESTATION_FAILURE, ERROR_ATTESTATION_CHALLENGE_TOO_LARGE, ERROR_KEYMINT_FAILURE, ERROR_KEYSTORE_FAILURE, ERROR_UNIMPLEMENTED, ERROR_INCORRECT_USAGE, ERROR_KEY_NOT_TEMPORALLY_VALID, ERROR_KEY_OPERATION_EXPIRED, ERROR_ATTESTATION_KEYS_UNAVAILABLE, and android.security.KeyStoreException.ERROR_DEVICE_REQUIRES_UPGRADE_FOR_ATTESTATION

getRetryPolicy

Added in API level 33

public int getRetryPolicy ()

Returns the re-try policy for transient failures. Valid only if isTransientFailure() returns True.

Returns
`int`	Value is either `0` or a combination of `RETRY_NEVER`, `RETRY_WITH_EXPONENTIAL_BACKOFF`, `RETRY_WHEN_CONNECTIVITY_AVAILABLE`, and `RETRY_AFTER_NEXT_REBOOT`

isSystemError

Added in API level 33

public boolean isSystemError ()

Indicates whether the error related to the Keystore/KeyMint implementation and not a specific key.

Returns
`boolean`	true if the error is related to the system, not the key in use. System errors indicate a feature isn't working, whereas key-related errors are likely to succeed with a new key.

isTransientFailure

Added in API level 33

public boolean isTransientFailure ()

Returns true if the failure is a transient failure - that is, performing the same operation again at a late time is likely to succeed. If isSystemError() returns true, the transient nature of the failure relates to the device, otherwise relates to the key (so a permanent failure with an existing key likely requires creating another key to repeat the operation with).

Returns
`boolean`

requiresUserAuthentication

Added in API level 33

public boolean requiresUserAuthentication ()

Indicates whether the failure is due to the device being locked.

Returns
`boolean`	true if the key operation failed because the user has to authenticate (e.g. by unlocking the device).

toString

Added in API level 33

public String toString ()

Returns a short description of this throwable. The result is the concatenation of:

the name of the class of this object
": " (a colon and a space)
the result of invoking this object's getLocalizedMessage() method

If getLocalizedMessage returns null, then just the class name is returned.

Returns
`String`	a string representation of this throwable.