https://github.com/android/keyattestation

Kotlin library for evaluating Android Key Attestation certification chains.
https://github.com/android/keyattestation

Last synced: 8 months ago
JSON representation

Kotlin library for evaluating Android Key Attestation certification chains.

• Host: GitHub
• URL: https://github.com/android/keyattestation
• Owner: android
• License: apache-2.0
• Created: 2024-09-27T17:43:56.000Z (about 1 year ago)
• Default Branch: main
• Last Pushed: 2025-04-29T20:30:48.000Z (8 months ago)
• Last Synced: 2025-04-29T21:32:59.034Z (8 months ago)
• Language: Kotlin
• Homepage: https://developer.android.com/privacy-and-security/security-key-attestation
• Size: 104 KB
• Stars: 33
• Watchers: 4
• Forks: 6
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Android Key Attestation Verifier

A Kotlin library for verifying Android key attestation certificate chains.

## Usage

```kotlin

// Create a verifier with trust anchors, revocation info, and time source

val verifier = Verifier(

  { setOf(TrustAnchor(rootCertificate, null)) },  // Trust anchors source

  { setOf() },                            // Revoked serials source

  { Instant.now() }                               // Time source

)

// Verify an attestation certificate chain with challenge

val result = verifier.verify(certificateChain, challenge)

// Handle the verification result

when (result) {

  is VerificationResult.Success -> {

    // Access verified information

    val publicKey = result.publicKey

    val securityLevel = result.securityLevel

    val verifiedBootState = result.verifiedBootState

    val deviceInformation = result.deviceInformation

  }

  is VerificationResult.ChallengeMismatch -> // Handle challenge mismatch

  is VerificationResult.PathValidationFailure -> // Handle validation failure

  is VerificationResult.ChainParsingFailure -> // Handle parsing failure

  is VerificationResult.ExtensionParsingFailure -> // Handle extension parsing issues

  is VerificationResult.ExtensionConstraintViolation -> // Handle constraint violations

}

```

## Building

```bash

./gradlew build

```

## Testing

```bash

./gradlew test

```

## Roots

Android Key Attestation root certificates are documented

[here](https://developer.android.com/privacy-and-security/security-key-attestation#root_certificate).

## Getting Revoked Serials

The revoked serials may be retrieved from https://android.googleapis.com/attestation/status.

See [here](https://developer.android.com/privacy-and-security/security-key-attestation#certificate_status)

for more information about the format of the data.

## License

This project is licensed under the Apache License 2.0 - see the

[LICENSE](LICENSE) file for details.