Share via


KeyGenParameterSpec.GetAttestationChallenge Method

Definition

Returns the attestation challenge value that will be placed in attestation certificate for this key pair.

[Android.Runtime.Register("getAttestationChallenge", "()[B", "", ApiSince=24)]
public byte[]? GetAttestationChallenge ();
[<Android.Runtime.Register("getAttestationChallenge", "()[B", "", ApiSince=24)>]
member this.GetAttestationChallenge : unit -> byte[]

Returns

Byte[]
Attributes

Remarks

Returns the attestation challenge value that will be placed in attestation certificate for this key pair.

If this method returns non-null, the public key certificate for this key pair will contain an extension that describes the details of the key's configuration and authorizations, including the content of the attestation challenge value. If the key is in secure hardware, and if the secure hardware supports attestation, the certificate will be signed by a chain of certificates rooted at a trustworthy CA key. Otherwise the chain will be rooted at an untrusted certificate.

If this method returns null, and the spec is used to generate an asymmetric (RSA or EC) key pair, the public key will have a self-signed certificate if it has purpose KeyProperties#PURPOSE_SIGN. If does not have purpose KeyProperties#PURPOSE_SIGN, it will have a fake certificate.

Symmetric keys, such as AES and HMAC keys, do not have public key certificates. If a KeyGenParameterSpec with getAttestationChallenge returning non-null is used to generate a symmetric (AES or HMAC) key, javax.crypto.KeyGenerator#generateKey() will throw java.security.InvalidAlgorithmParameterException.

Java documentation for android.security.keystore.KeyGenParameterSpec.getAttestationChallenge().

Portions of this page are modifications based on work created and shared by the Android Open Source Project and used according to terms described in the Creative Commons 2.5 Attribution License.

Applies to