multipaz/org.multipaz.securearea/SecureArea

SecureArea

interface SecureArea

An interface to a Secure Area.

This interface exists to abstract the underlying secure area used used for creation of key material and other security objects related to identity documents and associated credentials.

A Secure Area may require authentication before a key can be used and this is modeled through the KeyLockedException and KeyUnlockData types. By default, KeyUnlockInteractive is used which handles user authentication out-of-band so the application will not have to worry about this except to ensure that their user interface can handle platform or local UI being shown to the user for authentication.

Existing keys in a Secure Area may be invalidated and this can happen on Android if e.g. the LSKF is removed or if a Cloud-based Secure Area is turned down. This is modeled through the KeyInvalidatedException being thrown when attempting to use the key. Applications can also use getKeyInvalidated to learn ahead of time if a key is still usable.

Inheritors

Properties

Link copied to clipboard
abstract val displayName: String

The name of the Secure Area, suitable for displaying to the end user.

Link copied to clipboard
abstract val identifier: String

A stable identifier for the Secure Area.

Link copied to clipboard
abstract val supportedAlgorithms: List<Algorithm>

The list of algorithms the Secure Area supports.

Functions

Link copied to clipboard
open suspend fun batchCreateKey(numKeys: Int, createKeySettings: CreateKeySettings): BatchCreateKeyResult

Creates a batch of new keys.

Link copied to clipboard
abstract suspend fun createKey(alias: String?, createKeySettings: CreateKeySettings): KeyInfo

Creates a new key.

Link copied to clipboard
abstract suspend fun deleteKey(alias: String)

Deletes a previously created key.

Link copied to clipboard
abstract suspend fun getKeyInfo(alias: String): KeyInfo

Gets information about a key.

Link copied to clipboard
abstract suspend fun getKeyInvalidated(alias: String): Boolean

Checks whether the key has been invalidated.

Link copied to clipboard
abstract suspend fun keyAgreement(alias: String, otherKey: EcPublicKey, keyUnlockData: KeyUnlockData? = KeyUnlockInteractive()): ByteArray

Performs Key Agreement.

Link copied to clipboard
abstract suspend fun sign(alias: String, dataToSign: ByteArray, keyUnlockData: KeyUnlockData? = KeyUnlockInteractive()): EcSignature

Signs data with a key.