Hello Android developers,
I've got something strange in my app when I'm using the Fingerprint and the AndroidKeystoreProvider together.
Here is the case:
I create a KeyPair with KeyPairGenerator.
In the builder I have set setUserAuthenticationRequired(true)
and setUserAuthenticationValidityDurationSeconds(10)
.
Into my fingerprint I have enrolled 3 fingers.
When I try next to init the Signature algorithm with initSign(...)
the first time, UserNotAuthenticatedException is catched. That's fair. (https://developer.android.com/reference/android/security/keystore/UserNotAuthenticatedException.html)
Then I enroll a new finger into my fingerprint.
So I expect than when I init the Signature algorithm, it should catch KeyPermanentlyInvalidatedException as described into the Google documentation (https://developer.android.com/reference/android/security/keystore/KeyPermanentlyInvalidatedException.html) but it is not the case. UserNotAuthenticatedException is always catched.
If I remove setUserAuthenticationValidityDurationSeconds(10)
things gonna work as expected. (KeyPermanentlyInvalidatedException is well catched)
Did you know if there is a way to make both exceptions work with setUserAuthenticationRequired(true)
and setUserAuthenticationValidityDurationSeconds(10)
?
Thank you in advance, Matt