Name Date Size #Lines LOC

..--

examples/H25-Apr-2025-372372

gradle/wrapper/H25-Apr-2025-2422

src/H25-Apr-2025-2,6582,105

README.mdH A D25-Apr-20253.5 KiB8359

build.gradleH A D25-Apr-20251.4 KiB3934

gradlewH A D25-Apr-20254.9 KiB161120

gradlew.batH A D25-Apr-20252.3 KiB9166

settings.gradleH A D25-Apr-2025646 1715

README.md

1Android Key Attestation Sample
2==============================
3
4This sample illustrates how to use the [Bouncy Castle ASN.1][1] parser to extract information
5from an Android attestation data structure to verify that a key pair has been
6generated in an Android device. This sample demonstrates how to verify a certificate on a server.
7
8[1]: https://www.bouncycastle.org/
9
10Introduction
11------------
12
13This example demonstrates the following tasks:
14
151. Loading the certificates from [PEM/DER][2]-encoded strings.
161. Verifying the [X.509][3] certificate chain, up to the root. This includes checking that the root certificate is one of Google's root certificates listed in https://developer.android.com/training/articles/security-key-attestation.
171. Extracting the attestation extension data from the attestation
18   certificate.
191. Verifying (and printing) data elements from the attestation extension.
20
21For more information about the process of extracting attestation certificate
22extension data, as well as the extension data schema, see the
23[Key Attestation][4] Android developer training article.
24
25Note that this sample demonstrates the verification of a certificate on a server and not
26on the Android framework. Although you can test the certificate and extensions directly
27on a device, it is safer to run these checks on a separate server you can trust.
28
29[2]: https://developer.android.com/reference/java/security/KeyStore.html#getCertificateChain(java.lang.String)
30[3]: https://developer.android.com/reference/javax/security/cert/X509Certificate.html
31[4]: https://developer.android.com/training/articles/security-key-attestation.html
32
33Pre-requisites
34--------------
35
36- Up-to-date Java JDK
37- [Bouncy Castle Cryptography Java APIs][5] (included as dependency in gradle build configuration).
38
39[5]: https://www.bouncycastle.org/java.html
40
41Getting Started
42---------------
43
44This sample uses the Gradle build system. To build this project, use the
45`gradlew build` command or use "Import Project" in IntelliJ or Android Studio.
46
47Run the main method in `KeyAttestationExample` directly or use the
48`gradlew run --args="<cert-directory>"` task to execute this sample. The `cert-directory` must
49contain the certificate chain, one certificate per file in either DER or PEM encoding and the files
50are read in alphabetical order. For example the provided
51`/examples/pem/algorithm_EC_SecurityLevel_StrongBox/` can be used.
52
53Support
54-------
55
56- Stack Overflow: http://stackoverflow.com/questions/tagged/android
57
58If you've found an error in this sample, please file an issue:
59https://github.com/googlesamples/android-key-attestation
60
61Patches are encouraged, and may be submitted by forking this project and
62submitting a pull request through GitHub. Please see CONTRIBUTING.md for more details.
63
64License
65-------
66
67Copyright 2016, The Android Open Source Project, Inc.
68
69Licensed to the Apache Software Foundation (ASF) under one or more contributor
70license agreements. See the NOTICE file distributed with this work for
71additional information regarding copyright ownership. The ASF licenses this
72file to you under the Apache License, Version 2.0 (the "License"); you may not
73use this file except in compliance with the License. You may obtain a copy of
74the License at
75
76http://www.apache.org/licenses/LICENSE-2.0
77
78Unless required by applicable law or agreed to in writing, software
79distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
80WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
81License for the specific language governing permissions and limitations under
82the License.
83