KeyChain Class

Definition

The KeyChain class provides access to private keys and their corresponding certificate chains in credential storage.

[Android.Runtime.Register("android/security/KeyChain", DoNotGenerateAcw=true)]
public sealed class KeyChain : Java.Lang.Object
[<Android.Runtime.Register("android/security/KeyChain", DoNotGenerateAcw=true)>]
type KeyChain = class
    inherit Object
Inheritance
KeyChain
Attributes

Remarks

The KeyChain class provides access to private keys and their corresponding certificate chains in credential storage.

Applications accessing the KeyChain normally go through these steps:

<ol>

<li>Receive a callback from an javax.net.ssl.X509KeyManager X509KeyManager that a private key is requested.

<li>Call #choosePrivateKeyAlias choosePrivateKeyAlias to allow the user to select from a list of currently available private keys and corresponding certificate chains. The chosen alias will be returned by the callback KeyChainAliasCallback#alias, or null if no private key is available or the user cancels the request.

<li>Call #getPrivateKey and #getCertificateChain to retrieve the credentials to return to the corresponding javax.net.ssl.X509KeyManager callbacks.

</ol>

An application may remember the value of a selected alias to avoid prompting the user with #choosePrivateKeyAlias choosePrivateKeyAlias on subsequent connections. If the alias is no longer valid, null will be returned on lookups using that value

An application can request the installation of private keys and certificates via the Intent provided by #createInstallIntent. Private keys installed via this Intent will be accessible via #choosePrivateKeyAlias while Certificate Authority (CA) certificates will be trusted by all applications through the default X509TrustManager.

Java documentation for android.security.KeyChain.

Portions of this page are modifications based on work created and shared by the Android Open Source Project and used according to terms described in the Creative Commons 2.5 Attribution License.

Constructors

KeyChain()

Fields

ActionKeyAccessChanged

Broadcast Action: Indicates that the access permissions for a private key have changed.

ActionKeychainChanged

Broadcast Action: Indicates the contents of the keychain has changed.

ActionStorageChanged

Broadcast Action: Indicates the trusted storage has changed.

ActionTrustStoreChanged

Broadcast Action: Indicates the contents of the trusted certificate store has changed.

ExtraCertificate

Optional extra to specify an X.

ExtraKeyAccessible

Used as a boolean extra field in #ACTION_KEY_ACCESS_CHANGED to supply if the key is accessible to the application.

ExtraKeyAlias

Used as a String extra field in #ACTION_KEY_ACCESS_CHANGED to supply the alias of the key.

ExtraName

Optional extra to specify a String credential name on the Intent returned by #createInstallIntent.

ExtraPkcs12

Optional extra for use with the Intent returned by #createInstallIntent to specify a PKCS#12 key store to install.

KeyAliasSelectionDenied

Used by DPC or delegated app in android.app.admin.DeviceAdminReceiver#onChoosePrivateKeyAlias or android.app.admin.DelegatedAdminReceiver#onChoosePrivateKeyAlias to identify that the requesting app is not granted access to any key, and nor will the user be able to grant access manually.

Properties

Class

Returns the runtime class of this Object.

(Inherited from Object)
Handle

The handle to the underlying Android instance.

(Inherited from Object)
JniIdentityHashCode (Inherited from Object)
JniPeerMembers
PeerReference (Inherited from Object)
ThresholdClass

This API supports the Mono for Android infrastructure and is not intended to be used directly from your code.

(Inherited from Object)
ThresholdType

This API supports the Mono for Android infrastructure and is not intended to be used directly from your code.

(Inherited from Object)

Methods

ChoosePrivateKeyAlias(Activity, IKeyChainAliasCallback, String[], IPrincipal[], String, Int32, String)

Launches an Activity for the user to select the alias for a private key and certificate pair for authentication.

ChoosePrivateKeyAlias(Activity, IKeyChainAliasCallback, String[], IPrincipal[], Uri, String)

Launches an Activity for the user to select the alias for a private key and certificate pair for authentication.

ChoosePrivateKeyAliasAsync(Activity, String[], IPrincipal[], String, Int32, String)
ChoosePrivateKeyAliasAsync(Activity, String[], IPrincipal[], Uri, String)
ChooseX509Certificate2WithPrivateKeyAsync(Activity, String[], IPrincipal[], String, Int32, String)
ChooseX509Certificate2WithPrivateKeyAsync(Activity, String[], IPrincipal[], Uri, String)
Clone()

Creates and returns a copy of this object.

(Inherited from Object)
CreateInstallIntent()

Returns an Intent that can be used for credential installation.

CreateManageCredentialsIntent(AppUriAuthenticationPolicy)

Returns an Intent that should be used by an app to request to manage the user's credentials.

Dispose() (Inherited from Object)
Dispose(Boolean) (Inherited from Object)
Equals(Object)

Indicates whether some other object is "equal to" this one.

(Inherited from Object)
GetCertificateChain(Context, String)

Returns the X509Certificate chain for the requested alias, or null if the alias does not exist or the caller has no permission to access it (see note on exceptions in #getPrivateKey).

GetCredentialManagementAppPolicy(Context)

Called by the credential management app to get the authentication policy AppUriAuthenticationPolicy.

GetHashCode()

Returns a hash code value for the object.

(Inherited from Object)
GetPrivateKey(Context, String)

Returns the PrivateKey for the requested alias, or null if the alias does not exist or the caller has no permission to access it (see note on exceptions below).

GetX509Certificate2WithPrivateKey(Context, String)
IsBoundKeyAlgorithm(String)

Returns true if the current device's KeyChain binds any PrivateKey of the given algorithm to the device once imported or generated.

IsCredentialManagementApp(Context)

Check whether the caller is the credential management app CredentialManagementApp.

IsKeyAlgorithmSupported(String)

Returns true if the current device's KeyChain supports a specific PrivateKey type indicated by algorithm (e.

JavaFinalize()

Called by the garbage collector on an object when garbage collection determines that there are no more references to the object.

(Inherited from Object)
Notify()

Wakes up a single thread that is waiting on this object's monitor.

(Inherited from Object)
NotifyAll()

Wakes up all threads that are waiting on this object's monitor.

(Inherited from Object)
RemoveCredentialManagementApp(Context)

Called by the credential management app CredentialManagementApp to unregister as the credential management app and stop managing the user's credentials.

SetHandle(IntPtr, JniHandleOwnership)

Sets the Handle property.

(Inherited from Object)
ToArray<T>() (Inherited from Object)
ToString()

Returns a string representation of the object.

(Inherited from Object)
UnregisterFromRuntime() (Inherited from Object)
Wait()

Causes the current thread to wait until it is awakened, typically by being <em>notified</em> or <em>interrupted</em>.

(Inherited from Object)
Wait(Int64, Int32)

Causes the current thread to wait until it is awakened, typically by being <em>notified</em> or <em>interrupted</em>, or until a certain amount of real time has elapsed.

(Inherited from Object)
Wait(Int64)

Causes the current thread to wait until it is awakened, typically by being <em>notified</em> or <em>interrupted</em>, or until a certain amount of real time has elapsed.

(Inherited from Object)

Explicit Interface Implementations

IJavaPeerable.Disposed() (Inherited from Object)
IJavaPeerable.DisposeUnlessReferenced() (Inherited from Object)
IJavaPeerable.Finalized() (Inherited from Object)
IJavaPeerable.JniManagedPeerState (Inherited from Object)
IJavaPeerable.SetJniIdentityHashCode(Int32) (Inherited from Object)
IJavaPeerable.SetJniManagedPeerState(JniManagedPeerStates) (Inherited from Object)
IJavaPeerable.SetPeerReference(JniObjectReference) (Inherited from Object)

Extension Methods

JavaCast<TResult>(IJavaObject)

Performs an Android runtime-checked type conversion.

JavaCast<TResult>(IJavaObject)
GetJniTypeName(IJavaPeerable)

Gets the JNI name of the type of the instance self.

JavaAs<TResult>(IJavaPeerable)

Try to coerce self to type TResult, checking that the coercion is valid on the Java side.

TryJavaCast<TResult>(IJavaPeerable, TResult)

Try to coerce self to type TResult, checking that the coercion is valid on the Java side.

Applies to