forgerock-core/org.forgerock.android.auth.encrypt/SecretKeyEncryptor

SecretKeyEncryptor

class SecretKeyEncryptor(block: SecretKeyEncryptorConfig.() -> Unit = {}) : SuspendEncryptor

An encryptor that uses Android's SecretKey to encrypt and decrypt data. It uses AES/GCM/NoPadding as the cipher and HmacSHA256 for the MAC.

Constructors

Link copied to clipboard
constructor(block: SecretKeyEncryptorConfig.() -> Unit = {})

Types

Link copied to clipboard
object Companion

Properties

Link copied to clipboard
Link copied to clipboard
private val lock: Mutex
Link copied to clipboard
private val mac: Mac
Link copied to clipboard
private val macLength: Int
Link copied to clipboard

Functions

Link copied to clipboard
open suspend override fun decrypt(data: ByteArray): ByteArray

Decrypts the given data. It uses a lock to ensure thread safety.

Link copied to clipboard
open suspend override fun encrypt(data: ByteArray): ByteArray

Encrypts the given data. It uses a lock to ensure thread safety.

Link copied to clipboard
private fun generateAndroidKeyStoreAsymmetricKey()

Generates an asymmetric key pair in the Android keystore. This method configures the key generation parameters, including key size, block modes, encryption paddings, and user authentication requirements. It also handles the case where StrongBox is unavailable and falls back to generating the key without StrongBox support.

Link copied to clipboard
private fun generateAndroidKeyStoreSecretKey(): SecretKey

Generates a secret key in the Android keystore. This method configures the key generation parameters, including key size, block modes, encryption paddings, and user authentication requirements. It also handles the case where StrongBox is unavailable and falls back to generating the key without StrongBox support.

Link copied to clipboard
private fun generateEmbeddedSecretKey(publicKey: PublicKey? = null): SymmetricKey

Generates an embedded secret key. If a private key is provided, it uses it to encrypt the secret key. Otherwise, it generates a new asymmetric key pair in the Android keystore.

Link copied to clipboard
private fun getEmbeddedSecretKey(privateKey: PrivateKey, encryptedData: ByteArray): SymmetricKey

Retrieves the embedded secret key from the encrypted data using the provided private key.

Link copied to clipboard
private suspend fun secretKey(): SymmetricKey

Retrieves the secret key for encryption

private suspend fun secretKey(encryptedData: ByteArray): SymmetricKey
Link copied to clipboard
private inline fun <T> withRetry(default: T, reset: (Throwable) -> Unit = {}, block: () -> T): T

Executes the given block and retries if an exception is thrown.