3

I am devlopeing some application wherein i have to store the keys in secure manner and do some cryptographic operation on it.

artless noise
  • 21,212
  • 6
  • 68
  • 105
Jhon Paul
  • 33
  • 1
  • 5
  • See: [Handling ARM trustzones](http://stackoverflow.com/questions/12334069/handling-arm-trustzones) and the tag [trust-zone](http://stackoverflow.com/questions/tagged/trust-zone+arm) (which maybe some moderator decided to delete because it behaves strangely). – artless noise Jun 04 '13 at 13:35

3 Answers3

6

You can't use it directly. You need to develop (or buy) a trusted application and then have your app talk to it through the secure API it provides. This may or may not be usable on all devices, so unless you control the device and/or firmware, it is not guaranteed that you can use it all.

The system keystore on some devices already uses hardware-backed storage for RSA keys (Nexus 7 for example), but it is not standard and some devices only have a software implementation.

Nikolay Elenkov
  • 52,576
  • 10
  • 84
  • 84
  • I'm looking to develop a trusted user interface application in the TEE or use an existing trusted user interface app that's already shipped in the TEE and access from an android app. I do not control the device or firmware. The GlobalPLatform TEE api standard (http://www.globalplatform.org/specificationsdevice.asp) does have a trusted UI spec. I wonder if it is possible to use an default trusted app without having to join the Trustonic Dev program which is expensive. – seeinvisible Mar 16 '15 at 10:03
1

If you are targeting the Western World, where Samsung is by far the dominant player, you can make use of their API for Trust Zone: https://developer.samsung.com/teegris

Gabor
  • 7,352
  • 4
  • 35
  • 56
0

2019 update:

You still can't use it directly. You should use Google APIs for Android security, some of which may or may not use TrustZone. It is a security tech aimed at device and OS manufacturers, not app developers.

You can read more on the topic here:

ARM TrustZone on Android

Imrich Nagy
  • 49
  • 3
  • 1
    From Review: Hi, while links are great way of sharing knowledge, they won't really answer the question if they get broken in the future. Add to your answer the essential content of the link which answers the question. In case the content is too complex or too big to fit here, describe the general idea of the proposed solution. Remember to always keep a link reference to the original solution's website. See: [How do I write a good answer?](https://stackoverflow.com/help/how-to-answer) – sɐunıɔןɐqɐp Jan 23 '19 at 11:21