DevicePolicyManager.InstallKeyPair Method
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Overloads
| InstallKeyPair(ComponentName, IPrivateKey, Certificate[], String, Boolean) |
This API can be called by the following to install a certificate chain and corresponding
private key for the leaf certificate:
<ul>
<li>Device owner</li>
<li>Profile owner</li>
<li>Delegated certificate installer</li>
<li>Credential management app</li>
<li>An app that holds the
|
| InstallKeyPair(ComponentName, IPrivateKey, Certificate[], String, InstallKeyFlags) |
This API can be called by the following to install a certificate chain and corresponding
private key for the leaf certificate:
<ul>
<li>Device owner</li>
<li>Profile owner</li>
<li>Delegated certificate installer</li>
<li>Credential management app</li>
<li>An app that holds the
|
| InstallKeyPair(ComponentName, IPrivateKey, Certificate, String) |
This API can be called by the following to install a certificate and corresponding
private key:
<ul>
<li>Device owner</li>
<li>Profile owner</li>
<li>Delegated certificate installer</li>
<li>Credential management app</li>
<li>An app that holds the
|
InstallKeyPair(ComponentName, IPrivateKey, Certificate[], String, Boolean)
This API can be called by the following to install a certificate chain and corresponding
private key for the leaf certificate:
<ul>
<li>Device owner</li>
<li>Profile owner</li>
<li>Delegated certificate installer</li>
<li>Credential management app</li>
<li>An app that holds the
android.Manifest.permission#MANAGE_DEVICE_POLICY_CERTIFICATES permission</li>
</ul>
All apps within the profile will be able to access the certificate chain and use the private
key, given direct user approval.
[Android.Runtime.Register("installKeyPair", "(Landroid/content/ComponentName;Ljava/security/PrivateKey;[Ljava/security/cert/Certificate;Ljava/lang/String;Z)Z", "GetInstallKeyPair_Landroid_content_ComponentName_Ljava_security_PrivateKey_arrayLjava_security_cert_Certificate_Ljava_lang_String_ZHandler", ApiSince=24)]
[Android.Runtime.RequiresPermission("android.permission.MANAGE_DEVICE_POLICY_CERTIFICATES")]
public virtual bool InstallKeyPair (Android.Content.ComponentName? admin, Java.Security.IPrivateKey privKey, Java.Security.Cert.Certificate[] certs, string alias, bool requestAccess);[<Android.Runtime.Register("installKeyPair", "(Landroid/content/ComponentName;Ljava/security/PrivateKey;[Ljava/security/cert/Certificate;Ljava/lang/String;Z)Z", "GetInstallKeyPair_Landroid_content_ComponentName_Ljava_security_PrivateKey_arrayLjava_security_cert_Certificate_Ljava_lang_String_ZHandler", ApiSince=24)>]
[<Android.Runtime.RequiresPermission("android.permission.MANAGE_DEVICE_POLICY_CERTIFICATES")>]
abstract member InstallKeyPair : Android.Content.ComponentName * Java.Security.IPrivateKey * Java.Security.Cert.Certificate[] * string * bool -> bool
override this.InstallKeyPair : Android.Content.ComponentName * Java.Security.IPrivateKey * Java.Security.Cert.Certificate[] * string * bool -> boolParameters
- admin
- ComponentName
Which DeviceAdminReceiver this request is associated with, or
null if the caller is not a device admin.
- privKey
- IPrivateKey
The private key to install.
- certs
- Certificate[]
The certificate chain to install. The chain should start with the leaf
certificate and include the chain of trust in order. This will be returned by
android.security.KeyChain#getCertificateChain.
- alias
- String
The private key alias under which to install the certificate. If a certificate with that alias already exists, it will be overwritten.
- requestAccess
- Boolean
true to request that the calling app be granted access to the
credentials immediately. Otherwise, access to the credentials will be gated by user
approval.
Returns
true if the keys were installed, false otherwise.
- Attributes
Remarks
This API can be called by the following to install a certificate chain and corresponding private key for the leaf certificate: <ul> <li>Device owner</li> <li>Profile owner</li> <li>Delegated certificate installer</li> <li>Credential management app</li> <li>An app that holds the android.Manifest.permission#MANAGE_DEVICE_POLICY_CERTIFICATES permission</li> </ul> All apps within the profile will be able to access the certificate chain and use the private key, given direct user approval.
From Android android.os.Build.VERSION_CODES#S, the credential management app can call this API. However, this API sets the key pair as user selectable by default, which is not permitted when called by the credential management app. Instead, #installKeyPair(ComponentName, PrivateKey, Certificate[], String, int) should be called with #INSTALLKEY_SET_USER_SELECTABLE not set as a flag. Note, there can only be a credential management app on an unmanaged device.
The caller of this API may grant itself access to the certificate and private key immediately, without user approval. It is a best practice not to request this unless strictly necessary since it opens up additional security vulnerabilities.
Note: If the provided alias is of an existing alias, all former grants that apps have been given to access the key and certificates associated with this alias will be revoked.
Portions of this page are modifications based on work created and shared by the Android Open Source Project and used according to terms described in the Creative Commons 2.5 Attribution License.
Applies to
InstallKeyPair(ComponentName, IPrivateKey, Certificate[], String, InstallKeyFlags)
This API can be called by the following to install a certificate chain and corresponding
private key for the leaf certificate:
<ul>
<li>Device owner</li>
<li>Profile owner</li>
<li>Delegated certificate installer</li>
<li>Credential management app</li>
<li>An app that holds the
android.Manifest.permission#MANAGE_DEVICE_POLICY_CERTIFICATES permission</li>
</ul>
All apps within the profile will be able to access the certificate chain and use the
private key, given direct user approval (if the user is allowed to select the private key).
[Android.Runtime.Register("installKeyPair", "(Landroid/content/ComponentName;Ljava/security/PrivateKey;[Ljava/security/cert/Certificate;Ljava/lang/String;I)Z", "GetInstallKeyPair_Landroid_content_ComponentName_Ljava_security_PrivateKey_arrayLjava_security_cert_Certificate_Ljava_lang_String_IHandler", ApiSince=28)]
[Android.Runtime.RequiresPermission("android.permission.MANAGE_DEVICE_POLICY_CERTIFICATES")]
public virtual bool InstallKeyPair (Android.Content.ComponentName? admin, Java.Security.IPrivateKey privKey, Java.Security.Cert.Certificate[] certs, string alias, Android.App.Admin.InstallKeyFlags flags);[<Android.Runtime.Register("installKeyPair", "(Landroid/content/ComponentName;Ljava/security/PrivateKey;[Ljava/security/cert/Certificate;Ljava/lang/String;I)Z", "GetInstallKeyPair_Landroid_content_ComponentName_Ljava_security_PrivateKey_arrayLjava_security_cert_Certificate_Ljava_lang_String_IHandler", ApiSince=28)>]
[<Android.Runtime.RequiresPermission("android.permission.MANAGE_DEVICE_POLICY_CERTIFICATES")>]
abstract member InstallKeyPair : Android.Content.ComponentName * Java.Security.IPrivateKey * Java.Security.Cert.Certificate[] * string * Android.App.Admin.InstallKeyFlags -> bool
override this.InstallKeyPair : Android.Content.ComponentName * Java.Security.IPrivateKey * Java.Security.Cert.Certificate[] * string * Android.App.Admin.InstallKeyFlags -> boolParameters
- admin
- ComponentName
Which DeviceAdminReceiver this request is associated with, or
null if the caller is not a device admin.
- privKey
- IPrivateKey
The private key to install.
- certs
- Certificate[]
The certificate chain to install. The chain should start with the leaf
certificate and include the chain of trust in order. This will be returned by
android.security.KeyChain#getCertificateChain.
- alias
- String
The private key alias under which to install the certificate. If a certificate with that alias already exists, it will be overwritten.
- flags
- InstallKeyFlags
Flags to request that the calling app be granted access to the credentials
and set the key to be user-selectable. See #INSTALLKEY_SET_USER_SELECTABLE and
#INSTALLKEY_REQUEST_CREDENTIALS_ACCESS.
Returns
true if the keys were installed, false otherwise.
- Attributes
Remarks
This API can be called by the following to install a certificate chain and corresponding private key for the leaf certificate: <ul> <li>Device owner</li> <li>Profile owner</li> <li>Delegated certificate installer</li> <li>Credential management app</li> <li>An app that holds the android.Manifest.permission#MANAGE_DEVICE_POLICY_CERTIFICATES permission</li> </ul> All apps within the profile will be able to access the certificate chain and use the private key, given direct user approval (if the user is allowed to select the private key).
From Android android.os.Build.VERSION_CODES#S, the credential management app can call this API. If called by the credential management app: <ul> <li>The componentName must be nullr</li> <li>The alias must exist in the credential management app's android.security.AppUriAuthenticationPolicy</li> <li>The key pair must not be user selectable</li> </ul> Note, there can only be a credential management app on an unmanaged device.
The caller of this API may grant itself access to the certificate and private key immediately, without user approval. It is a best practice not to request this unless strictly necessary since it opens up additional security vulnerabilities.
Include #INSTALLKEY_SET_USER_SELECTABLE in the flags argument to allow the user to select the key from a dialog.
Note: If the provided alias is of an existing alias, all former grants that apps have been given to access the key and certificates associated with this alias will be revoked.
Portions of this page are modifications based on work created and shared by the Android Open Source Project and used according to terms described in the Creative Commons 2.5 Attribution License.
Applies to
InstallKeyPair(ComponentName, IPrivateKey, Certificate, String)
This API can be called by the following to install a certificate and corresponding
private key:
<ul>
<li>Device owner</li>
<li>Profile owner</li>
<li>Delegated certificate installer</li>
<li>Credential management app</li>
<li>An app that holds the
android.Manifest.permission#MANAGE_DEVICE_POLICY_CERTIFICATES permission</li>
</ul>
All apps within the profile will be able to access the certificate and use the private key,
given direct user approval.
[Android.Runtime.Register("installKeyPair", "(Landroid/content/ComponentName;Ljava/security/PrivateKey;Ljava/security/cert/Certificate;Ljava/lang/String;)Z", "GetInstallKeyPair_Landroid_content_ComponentName_Ljava_security_PrivateKey_Ljava_security_cert_Certificate_Ljava_lang_String_Handler")]
[Android.Runtime.RequiresPermission("android.permission.MANAGE_DEVICE_POLICY_CERTIFICATES")]
public virtual bool InstallKeyPair (Android.Content.ComponentName? admin, Java.Security.IPrivateKey privKey, Java.Security.Cert.Certificate cert, string alias);[<Android.Runtime.Register("installKeyPair", "(Landroid/content/ComponentName;Ljava/security/PrivateKey;Ljava/security/cert/Certificate;Ljava/lang/String;)Z", "GetInstallKeyPair_Landroid_content_ComponentName_Ljava_security_PrivateKey_Ljava_security_cert_Certificate_Ljava_lang_String_Handler")>]
[<Android.Runtime.RequiresPermission("android.permission.MANAGE_DEVICE_POLICY_CERTIFICATES")>]
abstract member InstallKeyPair : Android.Content.ComponentName * Java.Security.IPrivateKey * Java.Security.Cert.Certificate * string -> bool
override this.InstallKeyPair : Android.Content.ComponentName * Java.Security.IPrivateKey * Java.Security.Cert.Certificate * string -> boolParameters
- admin
- ComponentName
Which DeviceAdminReceiver this request is associated with, or
null if the caller is not a device admin.
- privKey
- IPrivateKey
The private key to install.
- cert
- Certificate
The certificate to install.
- alias
- String
The private key alias under which to install the certificate. If a certificate with that alias already exists, it will be overwritten.
Returns
true if the keys were installed, false otherwise.
- Attributes
Remarks
This API can be called by the following to install a certificate and corresponding private key: <ul> <li>Device owner</li> <li>Profile owner</li> <li>Delegated certificate installer</li> <li>Credential management app</li> <li>An app that holds the android.Manifest.permission#MANAGE_DEVICE_POLICY_CERTIFICATES permission</li> </ul> All apps within the profile will be able to access the certificate and use the private key, given direct user approval.
From Android android.os.Build.VERSION_CODES#S, the credential management app can call this API. However, this API sets the key pair as user selectable by default, which is not permitted when called by the credential management app. Instead, #installKeyPair(ComponentName, PrivateKey, Certificate[], String, int) should be called with #INSTALLKEY_SET_USER_SELECTABLE not set as a flag.
Access to the installed credentials will not be granted to the caller of this API without direct user approval. This is for security - should a certificate installer become compromised, certificates it had already installed will be protected.
If the installer must have access to the credentials, call #installKeyPair(ComponentName, PrivateKey, Certificate[], String, boolean) instead.
Note: If the provided alias is of an existing alias, all former grants that apps have been given to access the key and certificates associated with this alias will be revoked.
Portions of this page are modifications based on work created and shared by the Android Open Source Project and used according to terms described in the Creative Commons 2.5 Attribution License.