Android 8 added 'ID attestation' (according to https://source.android.com/security/keystore/attestation#id-attestation).
Has anyone figured out how to use this feature? The closest I've found is AttestationUtils.java (https://android.googlesource.com/platform/frameworks/base/+/master/keystore/java/android/security/keystore/AttestationUtils.java), but I don't any of those APIs ship with the Android SDK. They don't appear in my IDE when using the P developer preview (compileSdkVersion 'android-P' and targetSdkVersion 'P').
I was able to hack around and came up with an demo code that does Key/ID attestation. See https://github.com/monkey-jsun/android-id-attestation/tree/master
While the program runs, I have two problems at this moment,
Here is a quick recap of my demo code just for quick reference:
I also attached the output the program for easy reference.
Getting key 'key1' ...
found the key with alias 'key1' ...
private key : android.security.keystore.AndroidKeyStoreECPrivateKey@3467522e
public key : MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOfYzvOETzK0NGmlkk3vnuDb9FilG7iiRYGJX2pQy
Syuyt2XZow5M3aseZEfD64iasieuumWx3Tn6/aiopre0cw==
what is happening ...
number certificates in the chain is 4
Attestation version: 3
Attestation Security Level: TRUSTED_ENVIRONMENT
Keymaster Version: 4
Keymaster Security Level: TRUSTED_ENVIRONMENT
Attestation Challenge: hello, this is challenge phrase [jsun]
Unique ID: []
=========
Software Enforced Authorization List:
Purpose(s): NOT PRESENT
Algorithm: NOT PRESENT
Key Size: NOT PRESENT
Digest: NOT PRESENT
Padding: NOT PRESENT
EC Curve: NOT PRESENT
RSA Public Exponent: NOT PRESENT
Rollback Resistance: false
Active DateTime: NOT PRESENT
Origination Expire DateTime: NOT PRESENT
Usage Expire DateTime: NOT PRESENT
No Auth Required: false
User Auth Type: NOT PRESENT
Auth Timeout: NOT PRESENT
Allow While On Body: false
Trusted User Presence Required: false
Trusted Confirmation Required: false
Unlocked Device Required: false
All Applications: false
Application ID: NOT PRESENT
Creation DateTime: 2020-03-07T17:58:57.143Z
Origin: NOT PRESENT
Rollback Resistant: false
OS Version: NOT PRESENT
OS Patch Level: NOT PRESENT
Attestation Application ID:
Package Infos (<package name>, <version>):
net.junsun.idattestation, 1
Signature Digests:
GGv7HVeENa6GZO4irSicN64Wz38NJ7QHsmC0Z2G7s4g=
Attestation Application ID Bytes: MEUxHzAdBBhuZXQuanVuc3VuLmlkYXR0ZXN0YXRpb24CAQExIgQgGGv7HVeENa6GZO4irSicN64Wz38NJ7QHsmC0Z2G7s4g=
Attestation ID Brand: NOT PRESENT
Attestation ID Device: NOT PRESENT
Attestation ID Product: NOT PRESENT
Attestation ID Serial: NOT PRESENT
Attestation ID IMEI: NOT PRESENT
Attestation ID MEID: NOT PRESENT
Attestation ID Manufacturer: NOT PRESENT
Attestation ID Model: NOT PRESENT
Vendor Patch Level: NOT PRESENT
Boot Patch Level: NOT PRESENT
=========
TEE Enforced Authorization List:
Purpose(s): [2, 3]
Algorithm: 3
Key Size: 256
Digest: NOT PRESENT
Padding: NOT PRESENT
EC Curve: 1
RSA Public Exponent: NOT PRESENT
Rollback Resistance: false
Active DateTime: NOT PRESENT
Origination Expire DateTime: NOT PRESENT
Usage Expire DateTime: NOT PRESENT
No Auth Required: true
User Auth Type: NOT PRESENT
Auth Timeout: NOT PRESENT
Allow While On Body: false
Trusted User Presence Required: false
Trusted Confirmation Required: false
Unlocked Device Required: false
All Applications: false
Application ID: NOT PRESENT
Creation DateTime: NOT PRESENT
Origin: 0
Rollback Resistant: false
OS Version: 100000
OS Patch Level: 202002
Attestation Application ID Bytes: NOT PRESENT
Attestation ID Brand: NOT PRESENT
Attestation ID Device: NOT PRESENT
Attestation ID Product: NOT PRESENT
Attestation ID Serial: NOT PRESENT
Attestation ID IMEI: NOT PRESENT
Attestation ID MEID: NOT PRESENT
Attestation ID Manufacturer: NOT PRESENT
Attestation ID Model: NOT PRESENT
Vendor Patch Level: 20200205
Boot Patch Level: 20200205