Summary: Methods | Inherited Methods

KeyStoreManager

Kotlin |Java

public final class KeyStoreManager
extends Object

java.lang.Object
↳	android.security.keystore.KeyStoreManager

This class provides methods for interacting with keys stored within the Android Keystore.

Summary

Public methods
`List<X509Certificate>`	`getGrantedCertificateChainFromId(long id)` Returns a `List` of `X509Certificate` instances representing the certificate chain for the key that was previously shared with the app under the provided `id`.
`Key`	`getGrantedKeyFromId(long id)` Returns the key with the specified `id` that was previously shared with the app.
`KeyPair`	`getGrantedKeyPairFromId(long id)` Returns a `KeyPair` containing the public and private key associated with the key that was previously shared with the app under the provided `id`.
`long`	`grantKeyAccess(String alias, int uid)` Grants access to the key owned by the calling app stored under the specified `alias` to another app on the device with the provided `uid`.
`void`	`revokeKeyAccess(String alias, int uid)` Revokes access to the key in the app's namespace stored under the specified `alias` that was previously granted to another app on the device with the provided `uid`.

Inherited methods

From class


        
          java.lang.Object

`Object`	`clone()` Creates and returns a copy of this object.
`boolean`	`equals(Object obj)` Indicates whether some other object is "equal to" this one.
`void`	`finalize()` Called by the garbage collector on an object when garbage collection determines that there are no more references to the object.
`final Class<?>`	`getClass()` Returns the runtime class of this `Object`.
`int`	`hashCode()` Returns a hash code value for the object.
`final void`	`notify()` Wakes up a single thread that is waiting on this object's monitor.
`final void`	`notifyAll()` Wakes up all threads that are waiting on this object's monitor.
`String`	`toString()` Returns a string representation of the object.
`final void`	`wait(long timeoutMillis, int nanos)` Causes the current thread to wait until it is awakened, typically by being notified or interrupted, or until a certain amount of real time has elapsed.
`final void`	`wait(long timeoutMillis)` Causes the current thread to wait until it is awakened, typically by being notified or interrupted, or until a certain amount of real time has elapsed.
`final void`	`wait()` Causes the current thread to wait until it is awakened, typically by being notified or interrupted.

Public methods

getGrantedCertificateChainFromId

Added in Android Baklava

public List<X509Certificate> getGrantedCertificateChainFromId (long id)

Returns a List of X509Certificate instances representing the certificate chain for the key that was previously shared with the app under the provided id.

If a PrivateKey has not been granted to the caller with the specified id, then an UnrecoverableKeyException is thrown.

Parameters
`id`	`long`: the ID of the asymmetric key that was shared with the app

Returns
`List<X509Certificate>`	a List of X509Certificates with the certificate at index 0 corresponding to the private key shared with the app This value cannot be `null`.

Throws
`UnrecoverableKeyException`	if the specified key cannot be recovered
`KeyPermanentlyInvalidatedException`	if the specified key was authorized to only be used if the user has been authenticated and a change has been made to the users lockscreen or biometric enrollment that permanently invalidates the key

See also:

grantKeyAccess(String, int)

getGrantedKeyFromId

Added in Android Baklava

public Key getGrantedKeyFromId (long id)

Returns the key with the specified id that was previously shared with the app.

This method can return instances of both SecretKey and PrivateKey. If a key with the provide id has not been granted to the caller, then an UnrecoverableKeyException is thrown.

Parameters
`id`	`long`: the ID of the key that was shared with the app

Returns
`Key`	the `Key` that was shared with the app This value cannot be `null`.

Throws
`UnrecoverableKeyException`	if the specified key cannot be recovered
`KeyPermanentlyInvalidatedException`	if the specified key was authorized to only be used if the user has been authenticated and a change has been made to the users lockscreen or biometric enrollment that permanently invalidates the key

See also:

grantKeyAccess(String, int)

getGrantedKeyPairFromId

Added in Android Baklava

public KeyPair getGrantedKeyPairFromId (long id)

Returns a KeyPair containing the public and private key associated with the key that was previously shared with the app under the provided id.

If a PrivateKey has not been granted to the caller with the specified id, then an UnrecoverableKeyException is thrown.

Parameters
`id`	`long`: the ID of the private key that was shared with the app

Returns
`KeyPair`	a KeyPair containing the public and private key shared with the app This value cannot be `null`.

Throws
`UnrecoverableKeyException`	if the specified key cannot be recovered
`KeyPermanentlyInvalidatedException`	if the specified key was authorized to only be used if the user has been authenticated and a change has been made to the users lockscreen or biometric enrollment that permanently invalidates the key

grantKeyAccess

Added in Android Baklava

public long grantKeyAccess (String alias, 
                int uid)

Grants access to the key owned by the calling app stored under the specified alias to another app on the device with the provided uid.

This method supports granting access to instances of both SecretKey and PrivateKey. The resulting ID will persist across reboots and can be used by the grantee app for the life of the key or until access is revoked with revokeKeyAccess(java.lang.String, int).

If the provided alias does not correspond to a key in the Android KeyStore, then an UnrecoverableKeyException is thrown.

Parameters
`alias`	`String`: the alias of the key to be granted to another app This value cannot be `null`.
`uid`	`int`: the uid of the app to which the key should be granted

Returns
`long`	the ID of the granted key; this can be shared with the specified app, and that app can use `getGrantedKeyFromId(long)` to access the key

Throws
`UnrecoverableKeyException`	if the specified key cannot be recovered
`KeyStoreException`	if an error is encountered when attempting to grant access to the key

See also:

getGrantedKeyFromId(long)

revokeKeyAccess

Added in Android Baklava

public void revokeKeyAccess (String alias, 
                int uid)

Revokes access to the key in the app's namespace stored under the specified alias that was previously granted to another app on the device with the provided uid.

If the provided alias does not correspond to a key in the Android KeyStore, then an UnrecoverableKeyException is thrown.

Parameters
`alias`	`String`: the alias of the key to be revoked from another app This value cannot be `null`.
`uid`	`int`: the uid of the app from which the key access should be revoked

Throws
`UnrecoverableKeyException`	if the specified key cannot be recovered
`KeyStoreException`	if an error is encountered when attempting to revoke access to the key