kiosk-ops-sdk/com.sarastarquant.kioskops.sdk.crypto

Package-level declarations

Types

Link copied to clipboard
class AesGcmKeystoreCryptoProvider(alias: String = "kioskops_aes_gcm_v1") : CryptoProvider

AES-GCM with a hardware-backed key when available.

Link copied to clipboard
data class AttestationResponse(val challenge: ByteArray, val attestationChain: List<X509Certificate>, val signature: ByteArray)

Response to an attestation challenge.

Link copied to clipboard
class ConditionalCryptoProvider(enabledProvider: () -> Boolean, delegate: CryptoProvider) : CryptoProvider

Wraps a real crypto provider and turns it into a configuration-driven switch.

Link copied to clipboard
interface CryptoProvider
Link copied to clipboard
data class DatabaseEncryptionPolicy(val enabled: Boolean = false)

Policy for database-at-rest encryption via SQLCipher.

Link copied to clipboard
object DatabaseEncryptionProvider

Provides SQLCipher SupportSQLiteOpenHelper.Factory for Room database encryption.

Link copied to clipboard
data class DerivedKeyResult(val key: SecretKey, val salt: ByteArray, val algorithm: String, val iterationCount: Int)

Result of a key derivation operation.

Link copied to clipboard
class FieldEncryptionException(message: String, cause: Throwable? = null) : RuntimeException

Thrown when field-level encryption or decryption fails. Callers MUST NOT forward the original plaintext when this is raised; doing so defeats the purpose of field-level encryption. Instead, reject the event or surface the failure to an error listener.

Link copied to clipboard
data class FieldEncryptionPolicy(val enabled: Boolean = false, val encryptedFields: Map<String, Set<String>> = emptyMap(), val defaultEncryptedFields: Set<String> = emptySet())

Policy controlling field-level encryption within event payloads.

Link copied to clipboard
class FieldLevelEncryptor(crypto: CryptoProvider)

Encrypts individual JSON fields into envelope format before document encryption.

Link copied to clipboard
class KeyAttestationReporter(context: Context)

Reports on key attestation status for compliance and security auditing.

Link copied to clipboard
data class KeyAttestationStatus(val isHardwareBacked: Boolean, val securityLevel: SecurityLevel, val keyCreatedAt: Long?, val attestationChain: List<X509Certificate>?, val keyAlias: String, val keyAlgorithm: String?, val keySize: Int?)

Attestation status for a cryptographic key.

Link copied to clipboard
data class KeyDerivationConfig(val algorithm: String = "PBKDF2WithHmacSHA256", val iterationCount: Int, val saltLengthBytes: Int = 32, val keyLengthBits: Int = 256)

Configuration for password-based key derivation.

Link copied to clipboard
@Serializable
data class KeyMetadata(val version: Int, val createdAtMs: Long, val algorithm: String, val keyLengthBits: Int, val rotatedFromVersion: Int? = null, val isHardwareBacked: Boolean? = null)

Metadata for an encryption key version.

Link copied to clipboard
class KeyMetadataStore(context: Context, baseAlias: String)

Persistent storage for key version metadata.

Link copied to clipboard
data class KeyRotationPolicy(val maxKeyAgeDays: Int = 365, val autoRotateEnabled: Boolean = false, val retainOldKeysForDays: Int = 90, val maxKeyVersions: Int = 5)

Policy for encryption key rotation.

Link copied to clipboard
Link copied to clipboard
sealed class RotationResult

Result of a key rotation operation.

Link copied to clipboard
class SecureKeyDerivation(config: KeyDerivationConfig = KeyDerivationConfig.default())

Secure key derivation using PBKDF2.

Link copied to clipboard
enum SecurityLevel : Enum<SecurityLevel>

Security level of a cryptographic key.

Link copied to clipboard
class VersionedCryptoProvider(context: Context, baseAlias: String = "kioskops_versioned", rotationPolicy: KeyRotationPolicy = KeyRotationPolicy.default(), clock: () -> Long = { System.currentTimeMillis() }) : CryptoProvider

Crypto provider with key versioning and rotation support.

Generated by Dokka
© 2026 Copyright