kjwt-hardware-backed-processor/co.touchlab.kjwt.hardware/SecureKeyFactory/getOrCreateSecureSigningKey

getOrCreateSecureSigningKey

actual fun getOrCreateSecureSigningKey(keyId: String?, algorithm: SigningAlgorithm, keySizeInBits: Int, secureHardwarePreference: SecureHardwarePreference): JwsProcessor(source)

Returns a JwsProcessor backed by a hardware-bound signing key, creating the key if it does not already exist.

Parameters

keyId

The platform key-store alias. When null, a library-managed default alias derived from algorithm is used.

algorithm

The signing algorithm for the key. Defaults to SigningAlgorithm.ES256.

keySizeInBits

RSA key size in bits. Ignored for ECDSA and HMAC keys. Defaults to 2048.

secureHardwarePreference

Controls whether the key is generated inside dedicated secure hardware (Android StrongBox or Apple Secure Enclave). Defaults to SecureHardwarePreference.None.

expect fun getOrCreateSecureSigningKey(keyId: String? = null, algorithm: SigningAlgorithm = SigningAlgorithm.ES256, keySizeInBits: Int = 2048, secureHardwarePreference: SecureHardwarePreference = SecureHardwarePreference.Preferred): JwsProcessor(source)

Returns a JwsProcessor backed by a hardware-bound signing key, creating the key if it does not already exist.

Parameters

keyId

The platform key-store alias. When null, a library-managed default alias derived from algorithm is used.

algorithm

The signing algorithm for the key. Defaults to SigningAlgorithm.ES256.

keySizeInBits

RSA key size in bits. Ignored for ECDSA and HMAC keys. Defaults to 2048.

secureHardwarePreference

Controls whether the key is generated inside dedicated secure hardware (Android StrongBox or Apple Secure Enclave). Defaults to SecureHardwarePreference.None.

actual fun getOrCreateSecureSigningKey(keyId: String?, algorithm: SigningAlgorithm, keySizeInBits: Int, secureHardwarePreference: SecureHardwarePreference): JwsProcessor(source)

Returns a JwsProcessor backed by a hardware-bound signing key, creating the key if it does not already exist.

Parameters

keyId

The platform key-store alias. When null, a library-managed default alias derived from algorithm is used.

algorithm

The signing algorithm for the key. Defaults to SigningAlgorithm.ES256.

keySizeInBits

RSA key size in bits. Ignored for ECDSA and HMAC keys. Defaults to 2048.

secureHardwarePreference

Controls whether the key is generated inside dedicated secure hardware (Android StrongBox or Apple Secure Enclave). Defaults to SecureHardwarePreference.None.

Generated by Dokka
© 2026 Touchlab