KeyCipherAlgorithm

Algorithm used to encrypt/wrap the secret key in Android KeyStore.

Different algorithms provide different security guarantees and compatibility levels:

• RSA algorithms wrap the AES encryption key with RSA (no biometric support)
• AES algorithm stores the key directly in Android KeyStore (supports biometric authentication)

See the [AndroidOptions] class for usage examples and combinations.

Inherits: enum.Enum

Properties

• AES_GCM_NO_PADDING - AES/GCM/NoPadding for KeyStore-based key wrapping (supports biometrics).
• RSA_ECB_OAEP_WITH_SHA256_AND_MGF1_PADDING - RSA/ECB/OAEPWithSHA-256AndMGF1Padding (API 23+).
• RSA_ECB_PKCS1_PADDING - Legacy RSA/ECB/PKCS1Padding for backwards compatibility.

Properties

buildAES_GCM_NO_PADDINGclass-attributeinstance-attribute

AES/GCM/NoPadding for KeyStore-based key wrapping (supports biometrics).

Use this algorithm when you need biometric authentication support. Requires API 23+ for basic use, API 28+ for enforced biometric authentication.

buildRSA_ECB_OAEP_WITH_SHA256_AND_MGF1_PADDINGclass-attributeinstance-attribute

RSA/ECB/OAEPWithSHA-256AndMGF1Padding (API 23+).

This is the default and recommended algorithm for most use cases. Provides strong authenticated encryption without biometrics.

buildRSA_ECB_PKCS1_PADDINGclass-attributeinstance-attribute

Legacy RSA/ECB/PKCS1Padding for backwards compatibility.