AppPinConfig

Configuration class for AppPinAuthenticator that defines PIN collection, storage, and security settings.

This DSL-style configuration class provides comprehensive control over how PIN-based authentication is handled, including UI presentation, retry behavior, storage encryption, and keystore management. The configuration follows a builder pattern allowing flexible customization while providing sensible defaults for most use cases.

Key configuration areas:

• PIN Collection: Customizable UI prompts and collection strategies

• Security Settings: Retry limits, keystore types, and encryption parameters

• Storage Configuration: Encrypted storage backends with flexible naming

• Logging: Configurable logging for debugging and monitoring

Default configuration provides:

• 3 PIN retry attempts before lockout

• PKCS12 keystore format for maximum compatibility

• Encrypted DataStore storage with no caching

• Automatic UI PIN collector when available

Example usage:

val authenticator = AppPinAuthenticator {
    pinRetry = 5
    keystoreType = "PKCS12"
    prompt {
        title = "Authenticate Device"
        subtitle = "Enter your PIN"
        description = "This PIN protects your device keys"
    }
    pinCollector { prompt ->
        showCustomPinDialog(prompt)
    }
    storage {
        fileName = "my_app_keys"
        strongBoxPreferred = true
    }
}

Security considerations:

• PIN attempts are limited to prevent brute force attacks

• Storage is encrypted using hardware-backed encryption when available

• KeyStore entries are password-protected with user PIN

• No caching prevents PIN exposure in memory dumps

See also