challengeKey method
Similar to challengeMachineKey and
challengeUserKey, but allows specifying the algorithm of a
registered key. Challenges a hardware-backed Enterprise Machine Key and
emits the response as part of a remote attestation protocol. Only useful
on Chrome OS and in conjunction with the Verified Access Web API which
both issues challenges and verifies responses.
A successful verification by the Verified Access Web API is a strong
signal that the current device is a legitimate Chrome OS device, the
current device is managed by the domain specified during verification,
the current signed-in user is managed by the domain specified during
verification, and the current device state complies with enterprise
device policy. For example, a policy may specify that the device must not
be in developer mode. Any device identity emitted by the verification is
tightly bound to the hardware of the current device. If
"user" Scope is specified, the identity is also tighly bound
to the current signed-in user.
This function is highly restricted and will fail if the current device is
not managed, the current user is not managed, or if this operation has
not explicitly been enabled for the caller by enterprise device policy.
The challenged key does not reside in the "system" or
"user" token and is not accessible by any other API.
|options|: Object containing the fields defined in
ChallengeKeyOptions.
|callback|: Called back with the challenge response.
Implementation
Future<ByteBuffer> challengeKey(ChallengeKeyOptions options) {
var $completer = Completer<ByteBuffer>();
$js.chrome.enterprise.platformKeys.challengeKey(
options.toJS,
(JSArrayBuffer response) {
if (checkRuntimeLastError($completer)) {
$completer.complete(response.toDart);
}
}.toJS,
);
return $completer.future;
}