{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 孤傲高冷的网名 的问题《Android KeyPermanentlyInvalidatedException is not》','https://www.manongdao.com/q-883707.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Hello Android developers,
I've got something strange in my app when I'm using the Fingerprint and the AndroidKeystoreProvider together.
Here is the case:
I create a KeyPair with KeyPairGenerator.
In the builder I have set setUserAuthenticationRequired(true) and setUserAuthenticationValidityDurationSeconds(10).
Into my fingerprint I have enrolled 3 fingers.
When I try next to init the Signature algorithm with initSign(...) the first time, UserNotAuthenticatedException is catched. That's fair. (https://developer.android.com/reference/android/security/keystore/UserNotAuthenticatedException.html)
Then I enroll a new finger into my fingerprint.
So I expect than when I init the Signature algorithm, it should catch KeyPermanentlyInvalidatedException as described into the Google documentation (https://developer.android.com/reference/android/security/keystore/KeyPermanentlyInvalidatedException.html) but it is not the case. UserNotAuthenticatedException is always catched.
If I remove setUserAuthenticationValidityDurationSeconds(10) things gonna work as expected. (KeyPermanentlyInvalidatedException is well catched)
Did you know if there is a way to make both exceptions work with setUserAuthenticationRequired(true) and setUserAuthenticationValidityDurationSeconds(10) ?
Thank you in advance, Matt
No,
KeyPermanentlyInvalidatedExceptionis not thrown whensetUserAuthenticationValidityDurationSeconds> -1From the setUserAuthenticationValidityDurationSeconds docs:
Parameters: seconds int: duration in seconds or-1 if user authentication must take place for every use of the key.and from setUserAuthenticationRequired:
Additionally,if the key requires that user authentication takes place for every use of the key,it is also irreversibly invalidated once a new fingerprint is enrolledUpdate (26.11.2018)
KeyPermanentlyInvalidatedExceptionwill not be thrown ifsetUserAuthenticationValidityDurationSeconds > -1, because:Source: https://developer.android.com/reference/android/security/keystore/KeyProtection.Builder#setUserAuthenticationValidityDurationSeconds(int)