All geek questions in one place

Using Android CryptoObject in a Fingerprint

In the Android FingerprintDialog fingerprint code code, the method that starts the fingerprint FingerprintManager # authenticate takes the FingerprintManager.CryptoObject parameter. According to the documentation, this is an object associated with the call or null if none required . It’s still not clear to me. Someone explain when I should or should not use crypto Thank you.

+9
source share
2 answers

The FingerprintDialog example presented in Android Samples is a bit tight, so let's break down what happens:

  • Configuring and generating cryptographic keys. At this step, you can specify that the key can be used only if KeyGenParameterSpec.Builder.setAuthenticated(true) .
  • Initialize the Cipher object using cipherMode (encryption / decryption) and the key generated from step 1
  • Initialize a FingerprintCrypto.CryptoObject() using Cipher from step 2
  • Launch your fingerprint scanner and go to CryptoObject from step 3 by calling FingerprintManager.authenticate()
  • The user successfully authenticates with a fingerprint. Android OS will set the “authenticated” bit in a key from 0 to 1.
  • Now that the key has been authenticated for use, it can be used to perform any cryptographic operation by calling Cipher.doFinal() .

If you try to change step 4 by going null in FingerprintManager.authenticate() , then step 6 will fail because you did not receive authentication to use the key.

Hope this helps.

+11
source

I have a question for you guys, as shown below.

When using the FingerprintManager, the crytoObject type is passed as Cipher.

The cipher that I have init with privateKey in decryption mode.

PrivateKey is generated from AndroidKeystore using setUserAuthenticationRequired (true).

Thus, this private key will be used in a cipher such as cipher.init (DecryptionMode, privatekey), passing this cipher to Fingerprintmanager.authenticate.

After verification by the user, I can successfully use the result of the crypto object, successfully obtain the cipher and perform decryption (doFinal) in the encrypted string.

After I decrypted the string, I need to continue signing, because I need to use the same private key a second time for signing and get the full string.

The problem is that it will always throw an exception if the user is not authenticated. Does this mean that the cryptoObject value is returned from the FingerprintManager after successfully checking a fingerprint that an object of cipher type can use only once? I can use it once to double-decrypt the encrypted string, and after that I will have to use the same private key for signing, it will fall into the exception of the unauthenticated user.

Does this mean that the user needs to check the biometric data again? It can be used only 1 time after the user has successfully confirmed, the cipher that I did init (decryption mode, private key), it returns and cannot be used twice. I already checked setUserAuthenticationValidityDurationSeconds (int seconds), this will always fall without authentication, and I did not use setUserAuthenticationValidityDurationSeconds.

Please, I need the help of a fingerprintManager specialist (cryptoObject result), when the authentication is successful, the cipher type with privateKey can be used only once. I need to continue to use it a second time without hitting an unauthenticated user. You are welcome.

setUserAuthenticationValidityDurationSeconds this does not work.

encrypt init PrivateKey and pass to fingerprintManager.authenticate (cryptoObject)

If you successfully verify your fingerprint, you can use the cipher only once. If it is necessary to use the same private key in the signature, it will go to the user who is not authenticated. How to make a private key available?

0
source

Source: https://habr.com/ru/post/1240481/

More articles:


All Articles