com.yubico.webauthn.extension.uvm

Enum KeyProtectionType

java.lang.Object

java.lang.Enum<KeyProtectionType>

com.yubico.webauthn.extension.uvm.KeyProtectionType

All Implemented Interfaces:

java.io.Serializable, java.lang.Comparable<KeyProtectionType>

public enum KeyProtectionType
extends java.lang.Enum<KeyProtectionType>

The KEY_PROTECTION constants are flags in a bit field represented as a 16 bit long integer. They describe the method an authenticator uses to protect the private key material for FIDO registrations. Refer to [UAFAuthnrCommands] for more details on the relevance of keys and key protection. These constants are reported and queried through the UAF Discovery APIs and used to form authenticator policies in UAF protocol messages. Each constant has a case-sensitive string representation (in quotes), which is used in the authoritative metadata for FIDO authenticators.

See Also:

fromValue(short), fromName(String), FIDO Registry of Predefined Values §3.2 Key Protection Types

Enum Constant Summary

Enum Constants

Enum Constant and Description
KEY_PROTECTION_HARDWARE This flag SHOULD be set if the authenticator uses hardware-based key management.
KEY_PROTECTION_REMOTE_HANDLE This flag MUST be set if the authenticator does not store (wrapped) UAuth keys at the client, but relies on a server-provided key handle.
KEY_PROTECTION_SECURE_ELEMENT This flag SHOULD be set if the authenticator uses a Secure Element [SecureElement] for key management.
KEY_PROTECTION_SOFTWARE This flag MUST be set if the authenticator uses software-based key management.
KEY_PROTECTION_TEE This flag SHOULD be set if the authenticator uses the Trusted Execution Environment [TEE] for key management.

Method Summary

Modifier and Type	Method and Description
static KeyProtectionType	fromName(java.lang.String name)
static KeyProtectionType	fromValue(short value)
java.lang.String	getName()
short	getValue()
static KeyProtectionType	valueOf(java.lang.String name) Returns the enum constant of this type with the specified name.
static KeyProtectionType[]	values() Returns an array containing the constants of this enum type, in the order they are declared.

Methods inherited from class java.lang.Enum

clone, compareTo, equals, finalize, getDeclaringClass, hashCode, name, ordinal, toString, valueOf

Methods inherited from class java.lang.Object

getClass, notify, notifyAll, wait, wait, wait

Enum Constant Detail

KEY_PROTECTION_SOFTWARE

public static final KeyProtectionType KEY_PROTECTION_SOFTWARE

This flag MUST be set if the authenticator uses software-based key management. Exclusive in authenticator metadata with KEY_PROTECTION_HARDWARE, KEY_PROTECTION_TEE, KEY_PROTECTION_SECURE_ELEMENT.

NOTE: The above requirements apply to authenticators; this library DOES NOT enforce them.

See Also:

FIDO Registry of Predefined Values §3.2 Key Protection Types

KEY_PROTECTION_HARDWARE

public static final KeyProtectionType KEY_PROTECTION_HARDWARE

This flag SHOULD be set if the authenticator uses hardware-based key management. Exclusive in authenticator metadata with KEY_PROTECTION_SOFTWARE.

NOTE: The above requirements apply to authenticators; this library DOES NOT enforce them.

See Also:

FIDO Registry of Predefined Values §3.2 Key Protection Types

KEY_PROTECTION_TEE

public static final KeyProtectionType KEY_PROTECTION_TEE

This flag SHOULD be set if the authenticator uses the Trusted Execution Environment [TEE] for key management. In authenticator metadata, this flag should be set in conjunction with KEY_PROTECTION_HARDWARE. Mutually exclusive in authenticator metadata with KEY_PROTECTION_SOFTWARE, KEY_PROTECTION_SECURE_ELEMENT.

NOTE: The above requirements apply to authenticators; this library DOES NOT enforce them.

See Also:

FIDO Registry of Predefined Values §3.2 Key Protection Types

KEY_PROTECTION_SECURE_ELEMENT

public static final KeyProtectionType KEY_PROTECTION_SECURE_ELEMENT

This flag SHOULD be set if the authenticator uses a Secure Element [SecureElement] for key management. In authenticator metadata, this flag should be set in conjunction with KEY_PROTECTION_HARDWARE. Mutually exclusive in authenticator metadata with KEY_PROTECTION_TEE, KEY_PROTECTION_SOFTWARE.

NOTE: The above requirements apply to authenticators; this library DOES NOT enforce them.

See Also:

FIDO Registry of Predefined Values §3.2 Key Protection Types

KEY_PROTECTION_REMOTE_HANDLE

public static final KeyProtectionType KEY_PROTECTION_REMOTE_HANDLE

This flag MUST be set if the authenticator does not store (wrapped) UAuth keys at the client, but relies on a server-provided key handle. This flag MUST be set in conjunction with one of the other KEY_PROTECTION flags to indicate how the local key handle wrapping key and operations are protected. Servers MAY unset this flag in authenticator policy if they are not prepared to store and return key handles, for example, if they have a requirement to respond indistinguishably to authentication attempts against userIDs that do and do not exist. Refer to [UAFProtocol] for more details.

NOTE: The above requirements apply to authenticators; this library DOES NOT enforce them.

See Also:

FIDO Registry of Predefined Values §3.2 Key Protection Types, FIDO UAF Protocol Specification [UAFProtocol]

Method Detail

values

public static KeyProtectionType[] values()

Returns an array containing the constants of this enum type, in the order they are declared. This method may be used to iterate over the constants as follows:

for (KeyProtectionType c : KeyProtectionType.values())
    System.out.println(c);

Returns:

an array containing the constants of this enum type, in the order they are declared

valueOf

public static KeyProtectionType valueOf(java.lang.String name)

Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)

Parameters:

name - the name of the enum constant to be returned.

Returns:

the enum constant with the specified name

Throws:

java.lang.IllegalArgumentException - if this enum type has no constant with the specified name

java.lang.NullPointerException - if the argument is null

fromValue

public static KeyProtectionType fromValue(short value)

Returns:

If value matches any KeyProtectionType constant, returns that constant instance. Otherwise throws IllegalArgumentException.

fromName

public static KeyProtectionType fromName(java.lang.String name)

Returns:

If name matches any Key constant, returns that constant instance. Otherwise throws IllegalArgumentException.

getValue

public short getValue()

getName

public java.lang.String getName()