Merge "Warn about certificate serial number size" into main

commit: 45ca05b232cca119a8f7eb5c207f39d91095c70d [log] [tgz]
author: David Drysdale <drysdale@google.com> Fri May 31 11:43:28 2024 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Fri May 31 11:43:28 2024 +0000
tree: 7625238f8300304de1eeb69c4417b4fb5f3073e2
parent: e40166458d57eccde8a9231d9e377d52ab66d002 [diff]
parent: da2da492f15f73b3cd3552b9cf01ddd80d2d4362 [diff]
diff --git a/keystore/java/android/security/keystore/KeyGenParameterSpec.java b/keystore/java/android/security/keystore/KeyGenParameterSpec.java
index d359a90..3cff915 100644
--- a/keystore/java/android/security/keystore/KeyGenParameterSpec.java
+++ b/keystore/java/android/security/keystore/KeyGenParameterSpec.java

@@ -1149,6 +1149,8 @@
 
         /**
          * Sets the serial number used for the certificate of the generated key pair.
+         * To ensure compatibility with devices and certificate parsers, the value
+         * should be 20 bytes or shorter (see RFC 5280 section 4.1.2.2).
          *
          * <p>By default, the serial number is {@code 1}.
          */
commit	45ca05b232cca119a8f7eb5c207f39d91095c70d	[log] [tgz]
author	David Drysdale <drysdale@google.com>	Fri May 31 11:43:28 2024 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Fri May 31 11:43:28 2024 +0000
tree	7625238f8300304de1eeb69c4417b4fb5f3073e2
parent	e40166458d57eccde8a9231d9e377d52ab66d002 [diff]
parent	da2da492f15f73b3cd3552b9cf01ddd80d2d4362 [diff]