Provider and key name in keyGenerator

Question

Suppose that we create an instance of KeyStore like this :

   private val ANDROID_KEYSTORE = "AndroidKeyStore"
   val keyStore = KeyStore.getInstance(ANDROID_KEYSTORE)

What is the best and secure way for set ANDROID_KEYSTORE String in code or it does not matter?

And for generate paramsBuilder we use key name like this :

 private fun createSecretKey(keyName: String){

      val paramsBuilder= KeyGenParameterSpec.Builder(keyName,...)
}

What is the best name for choosing keyName that we pass it in fun how should we hold on or it does not matter?

Answer 1

It doesn't matter how you key track of/store your keyName. It is not a security concern. You may as well save it as a constant in your source file.

This is generally called a Keystore alias, like in the documentation. When you generate a key in the keystore, you will have to specify an alias. You will have to use the same alias to refer/access the key at a later time.

As far as I know, there are two things to remember for aliases:

1. An alias should be unique for each keystore entry.
2. Aliases should not differ only in case. Depending on the implementation the keystore aliases may be case-sensitive/case-insensitive. So to err on the side of caution, do not use aliases in a KeyStore that only differ in case.