kiosk-ops-sdk/com.sarastarquant.kioskops.sdk.crypto/VersionedCryptoProvider

VersionedCryptoProvider

class VersionedCryptoProvider(context: Context, baseAlias: String = "kioskops_versioned", rotationPolicy: KeyRotationPolicy = KeyRotationPolicy.default(), clock: () -> Long = { System.currentTimeMillis() }) : CryptoProvider

Crypto provider with key versioning and rotation support.

Manages multiple key versions to support:

  • Key rotation without data loss

  • Backward-compatible decryption of old data

  • Gradual migration to new keys

Blob format (backward compatible):

[version:1 byte] - Key version (1-255)
[ivLen:1 byte]   - IV length (12-32)
[iv:N bytes]     - Initialization vector
[ciphertext]     - Encrypted data with GCM tag
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(context: Context, baseAlias: String = "kioskops_versioned", rotationPolicy: KeyRotationPolicy = KeyRotationPolicy.default(), clock: () -> Long = { System.currentTimeMillis() })

Properties

Link copied to clipboard
open override val isEnabled: Boolean = true

Functions

Link copied to clipboard
fun currentVersion(): Int

Get the current key version.

Link copied to clipboard
open override fun decrypt(blob: ByteArray): ByteArray
Link copied to clipboard
open override fun encrypt(plain: ByteArray): ByteArray
Link copied to clipboard
fun getAllKeyMetadata(): List<KeyMetadata>

Get metadata for all key versions.

Link copied to clipboard
fun getCurrentKeyMetadata(): KeyMetadata?

Get metadata for the current key.

Link copied to clipboard
fun reencryptWithCurrentKey(blob: ByteArray): ByteArray

Re-encrypt data with the current key version.

Link copied to clipboard
fun rotateKey(force: Boolean = false): RotationResult

Rotate to a new key version.

Link copied to clipboard
fun shouldRotate(): Boolean

Check if the current key should be rotated based on policy.

Generated by Dokka
© 2026 Copyright