Key management (beta)

When a user is enrolled, device encryption and user signing keys are generated. These keys are accessible to the integrator and can be used for different purposes.

Device encryption Key

Return the device encryption key that could be used to encrypt a message which could be decrypted using the decryptWithDeviceKey(cipherText) method.
This could be used for when a server wants to send data to the device that should not be accessible to any other device or intermediate services. The keyless SDK can decrypt data without biometric authentication.
Get public key: Keyless.getDeviceEncryptionPublicKey() Decrypt data using private key: Keyless.decryptWithDeviceKey()

User signing public key

Return the user signing public key to verify the signature of a signed message. The message to sign could be provided to the authentication configuration using the withMessageToSign(message)
This could be used for non-repudiation and validation of transactions. The SDK can create an electronic signature on behalf of the user. This requires biometric authentication, as signing can only happen together with a biometric authentication attempt.
Get public key: Keyless.getUserSigningPublicKey(accountId) Sign using private key: Keyless.authenticate()
// user signing public key
val userSigningKey: String? = Keyless.getUserSigningPublicKey(accountId)
val keyResult = Keyless.getDeviceEncryptionPublicKey(getApplication<Application>().applicationContext)
when (keyResult) {
is Keyless.KeylessResult.Success -> {
// use the device key
val deviceKey = result.value
is Keyless.KeylessResult.Failure -> {
Log.d("KeylessSDK ", "Enroll failure - error code ${result.error.code}")
val decryptResult = Keyless.decryptWithDeviceKey(cypherText)
when (decryptResult) {
is Keyless.KeylessResult.Success -> {
// use the plain text
val plain: ByteArray = decryptResult.value
is Keyless.KeylessResult.Failure -> {
Log.d("KeylessSDK ", "Enroll failure - error code ${result.error.code}")
let deviceKey = KeylessSDK.getDeviceEncryptionKey()
let clearText = KeylessSDK.decryptWithDeviceKey(cipherText)
let userSigningKey = KeylessSDK.getUserSigningPublicKey(accountId)