androidx.security.crypto


Classes

EncryptedFile

Class used to create and read encrypted files.

EncryptedFile.Builder

Builder class to configure EncryptedFile

EncryptedSharedPreferences

An implementation of SharedPreferences that encrypts keys and values.

MasterKey

Wrapper for a master key used in the library.

MasterKey.Builder

Builder for generating a MasterKey.

MasterKeys

This class is deprecated.

Use MasterKey.Builder to work with master keys.

Enums

EncryptedFile.FileEncryptionScheme

The encryption scheme to encrypt files.

EncryptedSharedPreferences.PrefKeyEncryptionScheme

The encryption scheme to encrypt keys.

EncryptedSharedPreferences.PrefValueEncryptionScheme

The encryption scheme to encrypt values.

MasterKey.KeyScheme

Algorithm/Cipher choices used for the master key.

Top-level functions summary

EncryptedFile
EncryptedFile(
    context: Context,
    file: File,
    masterKey: MasterKey,
    fileEncryptionScheme: EncryptedFile.FileEncryptionScheme,
    keysetPrefName: String?,
    keysetAlias: String?
)

Creates an EncryptedFile

SharedPreferences
EncryptedSharedPreferences(
    context: Context,
    fileName: String,
    masterKey: MasterKey,
    prefKeyEncryptionScheme: EncryptedSharedPreferences.PrefKeyEncryptionScheme,
    prefValueEncryptionScheme: EncryptedSharedPreferences.PrefValueEncryptionScheme
)

Opens an instance of encrypted SharedPreferences

MasterKey
MasterKey(
    context: Context,
    keyAlias: String,
    keyScheme: MasterKey.KeyScheme,
    authenticationRequired: Boolean,
    userAuthenticationValidityDurationSeconds: Int,
    requestStrongBoxBacked: Boolean
)

Creates a MasterKey with the provided parameters.

Top-level functions

fun EncryptedFile(
    context: Context,
    file: File,
    masterKey: MasterKey,
    fileEncryptionScheme: EncryptedFile.FileEncryptionScheme = FileEncryptionScheme.AES256_GCM_HKDF_4KB,
    keysetPrefName: String? = null,
    keysetAlias: String? = null
): EncryptedFile

Creates an EncryptedFile

Parameters
context: Context

The context to work with.

file: File

The backing File.

masterKey: MasterKey

The MasterKey that should be used.

fileEncryptionScheme: EncryptedFile.FileEncryptionScheme = FileEncryptionScheme.AES256_GCM_HKDF_4KB

The FileEncryptionScheme to use, defaulting to FileEncryptionScheme.AES256_GCM_HKDF_4KB.

keysetPrefName: String? = null

The SharedPreferences file to store the keyset for this EncryptedFile.

keysetAlias: String? = null

The alias in the SharedPreferences file to store the keyset for this EncryptedFile.

EncryptedSharedPreferences

fun EncryptedSharedPreferences(
    context: Context,
    fileName: String,
    masterKey: MasterKey,
    prefKeyEncryptionScheme: EncryptedSharedPreferences.PrefKeyEncryptionScheme = PrefKeyEncryptionScheme.AES256_SIV,
    prefValueEncryptionScheme: EncryptedSharedPreferences.PrefValueEncryptionScheme = PrefValueEncryptionScheme.AES256_GCM
): SharedPreferences

Opens an instance of encrypted SharedPreferences

Parameters
fileName: String

The name of the file to open; can not contain path separators.

masterKey: MasterKey

The master key to use.

prefKeyEncryptionScheme: EncryptedSharedPreferences.PrefKeyEncryptionScheme = PrefKeyEncryptionScheme.AES256_SIV

The scheme to use for encrypting keys.

prefValueEncryptionScheme: EncryptedSharedPreferences.PrefValueEncryptionScheme = PrefValueEncryptionScheme.AES256_GCM

The scheme to use for encrypting values.

Returns
SharedPreferences

The SharedPreferences instance that encrypts all data.

fun MasterKey(
    context: Context,
    keyAlias: String = MasterKey.DEFAULT_MASTER_KEY_ALIAS,
    keyScheme: MasterKey.KeyScheme = MasterKey.KeyScheme.AES256_GCM,
    authenticationRequired: Boolean = false,
    userAuthenticationValidityDurationSeconds: Int = MasterKey.getDefaultAuthenticationValidityDurationSeconds(),
    requestStrongBoxBacked: Boolean = false
): MasterKey

Creates a MasterKey with the provided parameters.

Parameters
context: Context

The context to work with.

keyAlias: String = MasterKey.DEFAULT_MASTER_KEY_ALIAS

The alias to use for the MasterKey.

keyScheme: MasterKey.KeyScheme = MasterKey.KeyScheme.AES256_GCM

The MasterKey.KeyScheme to have the MasterKey use.

authenticationRequired: Boolean = false

true if the user must authenticate for the MasterKey to be used.

userAuthenticationValidityDurationSeconds: Int = MasterKey.getDefaultAuthenticationValidityDurationSeconds()

Duration in seconds that the MasterKey is valid for after the user has authenticated. Must be a value 0.

requestStrongBoxBacked: Boolean = false

true if the key should be stored in Strong Box, if possible.