From 6f8fa9ac83e8690728400ca78e7b969d01fceb62 Mon Sep 17 00:00:00 2001 From: "Brian C. Young" Date: Mon, 2 Apr 2018 12:40:58 -0700 Subject: [PATCH] "Unlocked device required" javadoc clarification Wording changes on the public API functions for these keys. Test: CTS Bug: 67752510 Change-Id: Iaf620e8c0e06d436d09f50d308268653bec196ce --- .../java/android/security/keystore/KeyGenParameterSpec.java | 11 +++++++---- keystore/java/android/security/keystore/KeyProtection.java | 11 +++++++---- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/keystore/java/android/security/keystore/KeyGenParameterSpec.java b/keystore/java/android/security/keystore/KeyGenParameterSpec.java index c342acdf101e..e41b5d11d4a4 100644 --- a/keystore/java/android/security/keystore/KeyGenParameterSpec.java +++ b/keystore/java/android/security/keystore/KeyGenParameterSpec.java @@ -673,7 +673,9 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu } /** - * Returns {@code true} if the key cannot be used unless the device screen is unlocked. + * Returns {@code true} if the screen must be unlocked for this key to be used for encryption or + * signing. Decryption and signature verification will still be available when the screen is + * locked. * * @see Builder#setUnlockedDeviceRequired(boolean) */ @@ -1289,9 +1291,10 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu /** * Sets whether the keystore requires the screen to be unlocked before allowing decryption - * using this key. If this is set to {@code true}, any attempt to decrypt using this key - * while the screen is locked will fail. A locked device requires a PIN, password, - * fingerprint, or other trusted factor to access. + * using this key. If this is set to {@code true}, any attempt to decrypt or sign using this + * key while the screen is locked will fail. A locked device requires a PIN, password, + * fingerprint, or other trusted factor to access. While the screen is locked, the key can + * still be used for encryption or signature verification. */ @NonNull public Builder setUnlockedDeviceRequired(boolean unlockedDeviceRequired) { diff --git a/keystore/java/android/security/keystore/KeyProtection.java b/keystore/java/android/security/keystore/KeyProtection.java index 22568ce7a596..8997b39a6937 100644 --- a/keystore/java/android/security/keystore/KeyProtection.java +++ b/keystore/java/android/security/keystore/KeyProtection.java @@ -508,7 +508,9 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs { } /** - * Returns {@code true} if the key cannot be used unless the device screen is unlocked. + * Returns {@code true} if the screen must be unlocked for this key to be used for encryption or + * signing. Decryption and signature verification will still be available when the screen is + * locked. * * @see Builder#setUnlockedDeviceRequired(boolean) */ @@ -929,9 +931,10 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs { /** * Sets whether the keystore requires the screen to be unlocked before allowing decryption - * using this key. If this is set to {@code true}, any attempt to decrypt using this key - * while the screen is locked will fail. A locked device requires a PIN, password, - * fingerprint, or other trusted factor to access. + * using this key. If this is set to {@code true}, any attempt to decrypt or sign using this + * key while the screen is locked will fail. A locked device requires a PIN, password, + * fingerprint, or other trusted factor to access. While the screen is locked, the key can + * still be used for encryption or signature verification. */ @NonNull public Builder setUnlockedDeviceRequired(boolean unlockedDeviceRequired) { -- 2.11.0