AppPinAuthenticator
A PIN-based device authenticator that generates and manages RSA key pairs protected by user PIN.
This authenticator creates software-based RSA key pairs and stores them in a password-protected keystore file. The private keys are encrypted using the user's PIN and persisted to secure storage.
Key features:
Software-based RSA key generation with configurable key size
PIN-protected keystore storage with retry mechanism
Secure key persistence using encrypted storage
Support for key deletion and cleanup
Security considerations:
Keys are stored in software keystore, not hardware security module
Keystore is encrypted with hardware-backed encryption if available
PIN protection provides encryption for stored keys
Uses RSA with SHA256 for certificate signing
Example usage:
val authenticator = AppPinAuthenticator {
pinRetry = 3
keystoreType = "PKCS12"
pinCollector = { prompt -> getUserPin(prompt) }
}
// Register new device
val result = authenticator.register(context, Attestation.None)
// Authenticate existing device
val authResult = authenticator.authenticate(context)Since
1.0.0
Parameters
Configuration object containing PIN collection strategy, storage settings, retry limits, and other authenticator-specific options
See also
Properties
The type of device binding authentication provided by this authenticator. Always returns DeviceBindingAuthenticationType.APPLICATION_PIN.
Functions
Authenticates the device by retrieving the stored private key.
Deletes all stored keys and associated data for this device.
Checks if this authenticator supports the given attestation type.