diff options
author | TreeHugger Robot <treehugger-gerrit@google.com> | 2018-04-02 21:40:34 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2018-04-02 21:40:34 +0000 |
commit | 084f9aee9a54a86680feed7cafd56a06ba6f24f8 (patch) | |
tree | 9f094fc4b33c4e2132786a15025725915ab45ce0 /keystore/java | |
parent | 6d24a1c8bef4c70ac1e646ffb21299ad7fe4a22b (diff) | |
parent | 6f8fa9ac83e8690728400ca78e7b969d01fceb62 (diff) | |
download | base-084f9aee9a54a86680feed7cafd56a06ba6f24f8.tar.gz |
Merge ""Unlocked device required" javadoc clarification" into pi-dev
Diffstat (limited to 'keystore/java')
-rw-r--r-- | keystore/java/android/security/keystore/KeyGenParameterSpec.java | 11 | ||||
-rw-r--r-- | keystore/java/android/security/keystore/KeyProtection.java | 11 |
2 files changed, 14 insertions, 8 deletions
diff --git a/keystore/java/android/security/keystore/KeyGenParameterSpec.java b/keystore/java/android/security/keystore/KeyGenParameterSpec.java index f7bda3e46cf5..c0d0fb00b40f 100644 --- a/keystore/java/android/security/keystore/KeyGenParameterSpec.java +++ b/keystore/java/android/security/keystore/KeyGenParameterSpec.java @@ -673,7 +673,9 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu } /** - * Returns {@code true} if the key cannot be used unless the device screen is unlocked. + * Returns {@code true} if the screen must be unlocked for this key to be used for encryption or + * signing. Decryption and signature verification will still be available when the screen is + * locked. * * @see Builder#setUnlockedDeviceRequired(boolean) */ @@ -1289,9 +1291,10 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu /** * Sets whether the keystore requires the screen to be unlocked before allowing decryption - * using this key. If this is set to {@code true}, any attempt to decrypt using this key - * while the screen is locked will fail. A locked device requires a PIN, password, - * fingerprint, or other trusted factor to access. + * using this key. If this is set to {@code true}, any attempt to decrypt or sign using this + * key while the screen is locked will fail. A locked device requires a PIN, password, + * fingerprint, or other trusted factor to access. While the screen is locked, the key can + * still be used for encryption or signature verification. */ @NonNull public Builder setUnlockedDeviceRequired(boolean unlockedDeviceRequired) { diff --git a/keystore/java/android/security/keystore/KeyProtection.java b/keystore/java/android/security/keystore/KeyProtection.java index 5174890b3fd2..4daf30ced7dc 100644 --- a/keystore/java/android/security/keystore/KeyProtection.java +++ b/keystore/java/android/security/keystore/KeyProtection.java @@ -508,7 +508,9 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs { } /** - * Returns {@code true} if the key cannot be used unless the device screen is unlocked. + * Returns {@code true} if the screen must be unlocked for this key to be used for encryption or + * signing. Decryption and signature verification will still be available when the screen is + * locked. * * @see Builder#setUnlockedDeviceRequired(boolean) */ @@ -929,9 +931,10 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs { /** * Sets whether the keystore requires the screen to be unlocked before allowing decryption - * using this key. If this is set to {@code true}, any attempt to decrypt using this key - * while the screen is locked will fail. A locked device requires a PIN, password, - * fingerprint, or other trusted factor to access. + * using this key. If this is set to {@code true}, any attempt to decrypt or sign using this + * key while the screen is locked will fail. A locked device requires a PIN, password, + * fingerprint, or other trusted factor to access. While the screen is locked, the key can + * still be used for encryption or signature verification. */ @NonNull public Builder setUnlockedDeviceRequired(boolean unlockedDeviceRequired) { |