问题
In newer versions of Android (I guess since 4.2) there is an option called "hardware-backed" and "software only". As Google supposes:
Android also now supports hardware-backed storage for your KeyChain credentials, providing more security by making the keys unavailable for extraction. That is, once keys are in a hardware-backed key store (Secure Element, TPM, or TrustZone), they can be used for cryptographic operations but the private key material cannot be exported. Even the OS kernel cannot access this key material. While not all Android-powered devices support storage on hardware, you can check at runtime if hardware-backed storage is available
ephasis is mine
What I can't understand is: the GalaxyNexus as well as the Nexus 7 have an NFC-Chip with Secure Element, but its storage-type is "software only". The Nexus 4 has an NFC Secure Element, and is "hardware-backed", while the Nexus 7 (2013) and the Nexus 5 don't have a NFC-Secure-Element but are still "hardware backed". I can check this manually inside the Settings-App, but Is there a way to check this inside my App?
As CommonsWare mentioned, I should provide links: First info that Secure Element is related to the storage-type is mentioned here: another useful source of info was Nelenkov's blog
回答1:
Did you actually read the blog? :) Currently 'hardware-backed' means TrustZone (TEE)-backed for all released devices. Using the embedded secure element for this is rather tricky for political reasons, and no current Android devices have a TMP. This leaves TrustZone-based TEE implementations. BTW, Galaxy Nexus also has one, but the driver is disabled in release builds. It has been there since 4.1.
To check from an app use KeyChain.isBoundKeyAlgorithm(String algorithm)
.
来源:https://stackoverflow.com/questions/19841662/android-settings-security-storagetype-get-value-inside-app