CODEWITHSUNDEEP
androidandroid-biometric-prompt
Atheer Abdullatif
Atheer Abdullatif

Reputation: 272

check if the user changed biometric/fingerprint in Android

I am looking for a way to get notify if the user changed his/her fingerprint. I saw this answer here but it wasn't clear how to use "setAllowedAuthenticators" in this scenario.

I would appreciate it if someone could help.

[update] the updated code:

1- Generate secret key

generateSecretKey(new KeyGenParameterSpec.Builder(
                        KEY_NAME,
                        KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
                        .setBlockModes(KeyProperties.BLOCK_MODE_CBC)
                        .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_PKCS7)
                        .setUserAuthenticationRequired(true)
                        // Invalidate the keys if the user has registered a new biometric
                        // credential, such as a new fingerprint. Can call this method only
                        // on Android 7.0 (API level 24) or higher. The variable
                        .setInvalidatedByBiometricEnrollment(true)
                        .build());

2- Generate cipher 

       Cipher cipher = getCipher();
            SecretKey secretKey = getSecretKey();
            try {
                cipher.init(Cipher.ENCRYPT_MODE, secretKey);
            } catch (KeyPermanentlyInvalidatedException e) {
                System.out.print("key has changed");
            } catch (InvalidKeyException e) {
                e.printStackTrace();
            }

3- authenticate 

biometricPrompt.authenticate(new CancellationSignal(), excutor, new BiometricPrompt.AuthenticationCallback() {


            @Override
            public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) {

                    }
                });
            }
        });
    }
});

Error:

E/AndroidRuntime: FATAL EXCEPTION: main
Process: com.example.fingerprint_poc, PID: 9523
java.lang.IllegalArgumentException: keystoreAlias must not be empty
    at android.security.keystore.KeyGenParameterSpec$Builder.<init>(KeyGenParameterSpec.java:760)
    at com.example.fingerprint_poc.task$5.onClick(task.java:153)
    at android.view.View.performClick(View.java:6597)
    at android.view.View.performClickInternal(View.java:6574)
    at android.view.View.access$3100(View.java:778)
    at android.view.View$PerformClick.run(View.java:25885)
    at android.os.Handler.handleCallback(Handler.java:873)
    at android.os.Handler.dispatchMessage(Handler.java:99)
    at android.os.Looper.loop(Looper.java:193)
    at android.app.ActivityThread.main(ActivityThread.java:6669)
    at java.lang.reflect.Method.invoke(Native Method)
    at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)
    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858)    I/Process: Sending signal. PID: 9523 SIG: 9

Upvotes: 2

Views: 5391

Answers (1)

Atheer Abdullatif
Atheer Abdullatif

Reputation: 272

Using the functions here link and link You add this code before the authentication

Cipher cipher = getCipher();
    SecretKey secretKey = getSecretKey();
    if (getSecretKey() == null){
        generateSecretKey(new KeyGenParameterSpec.Builder(
                KEY_NAME,
                KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
                .setBlockModes(KeyProperties.BLOCK_MODE_CBC)
                .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_PKCS7)
                .setUserAuthenticationRequired(true)
                // Invalidate the keys if the user has registered a new biometric
                // credential, such as a new fingerprint. Can call this method only
                // on Android 7.0 (API level 24) or higher. The variable
                .setInvalidatedByBiometricEnrollment(true)
                .build());
    }
    try {
        cipher.init(Cipher.ENCRYPT_MODE, secretKey);
    } catch (KeyPermanentlyInvalidatedException e) {
        System.out.print("key has changed");

        Toast.makeText(task.this, "changed", Toast.LENGTH_LONG).show();

        generateSecretKey(new KeyGenParameterSpec.Builder(
                KEY_NAME,
                KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
                .setBlockModes(KeyProperties.BLOCK_MODE_CBC)
                .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_PKCS7)
                .setUserAuthenticationRequired(true)
                // Invalidate the keys if the user has registered a new biometric
                // credential, such as a new fingerprint. Can call this method only
                // on Android 7.0 (API level 24) or higher. The variable
                .setInvalidatedByBiometricEnrollment(true)
                .build());
    } catch (InvalidKeyException e) {
        e.printStackTrace();

    }

Important: the KEY_NAME must be the same, it must not change between instances.

Upvotes: 5

Related Questions