I am looking for a way to get notify if the user changed his/her fingerprint. I saw this answer here but it wasn't clear how to use "setAllowedAuthenticators" in this scenario.
I would appreciate it if someone could help.
[update] the updated code:
1- Generate secret key
generateSecretKey(new KeyGenParameterSpec.Builder(
KEY_NAME,
KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_CBC)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_PKCS7)
.setUserAuthenticationRequired(true)
// Invalidate the keys if the user has registered a new biometric
// credential, such as a new fingerprint. Can call this method only
// on Android 7.0 (API level 24) or higher. The variable
.setInvalidatedByBiometricEnrollment(true)
.build());
2- Generate cipher
Cipher cipher = getCipher();
SecretKey secretKey = getSecretKey();
try {
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
} catch (KeyPermanentlyInvalidatedException e) {
System.out.print("key has changed");
} catch (InvalidKeyException e) {
e.printStackTrace();
}
3- authenticate
biometricPrompt.authenticate(new CancellationSignal(), excutor, new BiometricPrompt.AuthenticationCallback() {
@Override
public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) {
}
});
}
});
}
});
Error:
E/AndroidRuntime: FATAL EXCEPTION: main
Process: com.example.fingerprint_poc, PID: 9523
java.lang.IllegalArgumentException: keystoreAlias must not be empty
at android.security.keystore.KeyGenParameterSpec$Builder.<init>(KeyGenParameterSpec.java:760)
at com.example.fingerprint_poc.task$5.onClick(task.java:153)
at android.view.View.performClick(View.java:6597)
at android.view.View.performClickInternal(View.java:6574)
at android.view.View.access$3100(View.java:778)
at android.view.View$PerformClick.run(View.java:25885)
at android.os.Handler.handleCallback(Handler.java:873)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loop(Looper.java:193)
at android.app.ActivityThread.main(ActivityThread.java:6669)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858) I/Process: Sending signal. PID: 9523 SIG: 9
Using the functions here link and link You add this code before the authentication
Cipher cipher = getCipher();
SecretKey secretKey = getSecretKey();
if (getSecretKey() == null){
generateSecretKey(new KeyGenParameterSpec.Builder(
KEY_NAME,
KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_CBC)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_PKCS7)
.setUserAuthenticationRequired(true)
// Invalidate the keys if the user has registered a new biometric
// credential, such as a new fingerprint. Can call this method only
// on Android 7.0 (API level 24) or higher. The variable
.setInvalidatedByBiometricEnrollment(true)
.build());
}
try {
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
} catch (KeyPermanentlyInvalidatedException e) {
System.out.print("key has changed");
Toast.makeText(task.this, "changed", Toast.LENGTH_LONG).show();
generateSecretKey(new KeyGenParameterSpec.Builder(
KEY_NAME,
KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_CBC)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_PKCS7)
.setUserAuthenticationRequired(true)
// Invalidate the keys if the user has registered a new biometric
// credential, such as a new fingerprint. Can call this method only
// on Android 7.0 (API level 24) or higher. The variable
.setInvalidatedByBiometricEnrollment(true)
.build());
} catch (InvalidKeyException e) {
e.printStackTrace();
}
Important: the KEY_NAME must be the same, it must not change between instances.