multipaz/org.multipaz.securearea/AndroidKeystoreSecureArea/Capabilities/testKeyAttestationsAndEcdsaSigning

testKeyAttestationsAndEcdsaSigning

@RequiresApi(value = 28)
suspend fun testKeyAttestationsAndEcdsaSigning(useStrongBox: Boolean)

Tests if the implementation properly supports key attestations and ECDSA signatures with Curve P-256.

Key attestations and ECDSA signatures with Curve P-256 are used for ISO mdoc credentials and this function will check if this is implemented correctly on the device.

Tests include check that

  • key attestations are correct and chains up to the well-known Google root.

  • the attestation is for the correct app.

  • the attestation says the device is in the Verified Boot GREEN state.

  • keys created can can properly sign messages by verifying the signature. Messages of varying sizes from 16 bytes to 128 KiB and with random content are tested.

If the checks pass no exception is thrown. If one of the checks fail IllegalStateException is thrown and the message and cause fields contains more details.

This can be slow, observed times on 2025-era hardware is ~200 milliseconds for TEE and ~2000 milliseconds for StrongBox.

Parameters

useStrongBox

false to test normal TEE implementation, true to test StrongBox.

Throws

if useStrongBox is true but strongBoxSupported is false.

if one of the checks fail.

Generated by Dokka
© 2026 Copyright