Reputation: 2752
UserNotAuthenticated Exception during initSign on Android
I'm seeing app crashes in production on Android 12 and 13 (so far) as follows when calling Signature.initSign:
android.security.keystore.UserNotAuthenticatedException: User not authenticated
at android.security.keystore2.KeyStoreCryptoOperationUtils.getInvalidKeyException(KeyStoreCryptoOperationUtils.java:128)
at android.security.keystore2.AndroidKeyStoreSignatureSpiBase.ensureKeystoreOperationInitialized(AndroidKeyStoreSignatureSpiBase.java:217)
at android.security.keystore2.AndroidKeyStoreSignatureSpiBase.engineInitSign(AndroidKeyStoreSignatureSpiBase.java:123)
at android.security.keystore2.AndroidKeyStoreSignatureSpiBase.engineInitSign(AndroidKeyStoreSignatureSpiBase.java:101)
at java.security.Signature$Delegate.init(Signature.java:1357)
at java.security.Signature$Delegate.chooseProvider(Signature.java:1310)
at java.security.Signature$Delegate.engineInitSign(Signature.java:1385)
at java.security.Signature.initSign(Signature.java:679)
The flow I'm following is:
- generate a key pair in the android keystore with a sole purpose of
KeyProperties.PURPOSE_SIGN. The code is similar to theKeyPairGeneratorsample here: https://developer.android.com/training/articles/keystore#UsingAndroidKeyStore (In my caseUserAuthenticationRequiredis true,invalidatedByBiometricEnrollmentis false) - later, when signing is required, retrieve the private key from the keystore and call initSign(
privateKey) - Now launch the BiometricPrompt (passing in the initialised Signature as part of the Cipher object)
- Once the user has successfully authenticated, then call
Signature.updateandSignature.signon the returned Signature.
I might expect the crash at step 4 if the user had failed to authenticate, or if a weak authenticator was used, but this crash is happening at step 2 when calling initSign. The user can't have authenticated here, as initSign must be called on the signature before passing it to the biometric prompt.
What could cause this? The crashes occur across multiple devices and once users experience this it repeats consistently, so doesn't seem to be a rare edge case. I cannot replicate this locally on a variety of devices on Android 12 and 13 so in theory the flow works.
Upvotes: 2
Views: 322
Answers (1)
Reputation: 13
I have encountered the same error.
In my case, it was fixed by setting the timeout to 0 in KeyGenParameterSpec:
setUserAuthenticationParameters(0, KeyProperties.AUTH_BIOMETRIC_STRONG)
I can't (yet) explain why it worked.
Upvotes: 0
Related Questions
- Didn't find class "androidx.core.app.CoreComponentFactory"
- Didn't find class "android.support.v4.app.CoreComponentFactory"
- Tried everything still getting error: Unable to instantiate appComponentFactory java.lang.ClassNotFoundException
- After migration to AndroidX, exception at start up: java.lang.ClassNotFoundException: "Didn't find class androidx.core.app.CoreComponentFactory"
- AndroidX ERROR: Failed to resolve: appcompat
- No resource identifier found for attribute 'appComponentFactory' in package 'android'
- Error: Attribute application@appComponentFactory value=(androidx.core.app.CoreComponentFactory) from [androidx.core:core:1.0.0]
- CoreComponentFactoryDidn't find class "android.support.v4.app.CoreComponentFactory"
- java.lang.RuntimeException: Unable to instantiate activity ComponentInfo / java.lang.ClassNotFoundException
- java.lang.RuntimeException: Unable to instantiate activity ComponentInfo/ ClassNotFoundException