Add new RKP root key, also simplify logic a bit

[sethmoo]

1. There's a new RKP root key, as documented at https://developer.android.com/privacy-and-security/security-key-attestation#root_certificate_rotation Add support for this key so that devices using the new root are recognized.
2. Simplify things a bit by relying on a map for key matching instead of using a hand-written linear search of values.

[VisionR1]

Nice.

If you want, can open a PR and there:

https://github.com/VisionR1/KeyAttestation

[sethmoo]

Nice.

If you want, can open a PR and there:

https://github.com/VisionR1/KeyAttestation

That repo appears to be a fork of this one. Given that, my preference is to land the change upstream, then allow fork maintainers rebase.

AFAICT, @vvb2060 is maintaining this and publishing new releases to Play store.

Without taking this patch, devices will soon start seeing "untrusted root" errors which are not correct. Given that, I think the repo owner should be motivated to accept the new root (even if they don't like the rest of my patch 🥲 ).

[VisionR1]

I know is fork, my fork.

Also, is kind abandoned the Google Play version, not update from 2023.

Also and here, is not very active.

Can take your PR and added to my fork ? And give you the credit?

[sethmoo]

Ah, cool. I saw multiple updates in 2025, so I was hoping this repo was still active. I'm happy to port to your fork, I'll get to that later today.

Do you know where the Play Store version of the app comes from?

Ultimately, I'd like the store version of the app updated if at all possible. Some early adopters of the new root are reporting bugs to the RKP team at Google.

[VisionR1]

Yeah, have some as i see, but after quiet again.

Google Play version is the original from here:
https://github.com/vvb2060/KeyAttestation/releases/tag/v1.5.0

I hope @vvb2060 make update here and in the Google Play.

[sethmoo]

Oh nice, the patch seems to apply just fine: VisionR1#6

I expected more divergence, but patches cleanly.