Skip to content
Branch: master
Find file History
MatejZidek Revert "Add Immutable annotations"
This reverts commit 8c10242.

Reason for revert: the fields are not actually immutable, see

Change-Id: I2649a15d0ae7c72d66babbd86b996f2760e3aa33
Latest commit 2fe33ac Jul 30, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
examples Add tests Jul 17, 2019
gradle/wrapper Use all keys of all attestation versions Jul 10, 2019
src Revert "Add Immutable annotations" Jul 30, 2019
gradlew Add key attestation sample. Dec 20, 2016
gradlew.bat Add key attestation sample. Dec 20, 2016
settings.gradle Add key attestation sample. Dec 20, 2016

Android Key Attestation Sample

This sample illustrates how to use the Bouncy Castle ASN.1 parser to extract information from an Android attestation data structure to verify that a key pair has been generated in an Android device. This sample demonstrates how to verify a certificate on a server.


This example demonstrates the following tasks:

  1. Loading the certificates from PEM-encoded strings.
  2. Verifying the X.509 certificate chain, up to the root. Note that this example does NOT require the root certificate to appear within Google's list of root certificates. However, if you're verifying the properties of hardware-backed keys on a device that ships with hardware-level key attestation, Android 7.0 (API level 24) or higher, and Google Play services, your production code should enforce this requirement.
  3. Extracting the attestation extension data from the attestation certificate.
  4. Verifying (and printing) several important data elements from the attestation extension.

For more information about the process of extracting attestation certificate extension data, as well as the extension data schema, see the Key Attestation Android developer training article.

Note that this sample demonstrates the verification of a certificate on a server and not on the Android framework. Although you can test the certificate and extensions directly on a device, it is safer to run these checks on a separate server you can trust.


Getting Started

This sample uses the Gradle build system. To build this project, use the gradlew build command or use "Import Project" in IntelliJ or Android Studio.

Run the main method in KeyAttestationExample directly or use the gradlew run task to execute this sample.


If you've found an error in this sample, please file an issue:

Patches are encouraged, and may be submitted by forking this project and submitting a pull request through GitHub. Please see for more details.


Copyright 2016, The Android Open Source Project, Inc.

Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

You can’t perform that action at this time.