Android: Fingerprint authentication not implemented yet #116
Comments
|
@alexanderjarvis It's on the todo, but I'm afraid my Android skills are somewhat lacking and the scope of work is fairly big. Storing it with fingerprint encryption isn't that hard, but unlocking it is a pretty big task as it involves a fair bit of UI and logic on how to handle retries etc which iOS neatly just handles for you. I'd be eternally grateful for help with this and could brief anybody willing to take a stab at it of the complexities involved. |
|
@oblador thanks for your reply. It's a shame that unlocking it is not so straightforward. If I get some time I may look at doing it and create a PR. |
|
I would recommend that we don't add any UI to this library, but simply notify (through an event?) the app when authentication is needed and then wait for the app to tell us if that was successful or not and then proceed. |
|
Hope to see this implemented soon :) |
|
Any takers to help out with this? 🙏 |
|
React native touch id has done some work around fingerprint. https://github.com/naoufal/react-native-touch-id/tree/master/android Could this work be leveraged to accelerate this feature? |
|
Let me try to add some native code to Android. See how we could link that up easily and PR. |
|
API Level 28 introduces a complete dialog for this: https://developer.android.com/reference/android/hardware/biometrics/BiometricPrompt Here is a compat lib: https://github.com/fython/BiometricPromptCompat I of course found all of this just after implementing it myself 😭 😂 @oblador what do you think about shipping with this dialog? I could possibly whip up a PR, need this in an app I'm working on... |
|
@oblador @LinusU I have started some work around it, using the current API (FingerPrintManager), which doesn't offer a native UI for it, you have to implement your own. At least the logic is there, the only problem, for now, is, you have to put your fingerprint to Encode as well as to Decode the keychain. I believe it's a matter of using a different algorithm. |
|
I have a working implementation of UI + logic here: https://github.com/LinusU/react-native-biopass It's using RSA so that it doesn't require a fingerprint to encode, only to decode. I'd be interested in PRing that up to this repo if we want to include the UI part here. That way I would get iOS support without implementing it myself |
|
@LinusU That's really good. I managed to merge some of your code into my PR. At least, there is now a separate cipherStorage so it's easier to manage and in a different file. I will try and add the BiometricPromptCompat so it uses both Compat and BiometricPrompt code. |
That's awesome! Let me know if you need any help |
see more: oblador#116
|
Since I needed this asap I took the modifications by @cladjules and rebased them to master. Then I did a naive integration with BiometricPromptCompat. Feel free to use it (or not use it). Note: I also bumped the E: added note |
see more: oblador#116
|
Great to see things happening here! I would love to see this work upstreamed as soon as possible, and would be happy to help with this. @oblador what are your thoughts on this? How do we best get this merged back? |
|
I'll try to do a more official implementation of BiometricPrompt, anything I could re-use @Jyrno42 would be great. Will try to do this weekend. |
|
@LinusU I will be able to do code review for android |
|
@LinusU @Jyrno42: I'm sorry that my time is somewhat lacking, so without researching much or even reading this thread attentively I have some thoughts/pointers:
|
Yes. My implementation in BioPass only allows reading the value if the fingerprint is successfully scanned, otherwise the Android key system won't hand out the private key. |
Absolutely, that's what I want too 😄
Yes! I'm looking thru the changes now, and it looks good.
Would love to 🙌
Just reviewing |
|
@oblador Ideally we would be using the fingerprint to encrypt the secret like iOS does. Nothing is currently preventing anyone from doing regular fingerprint auth and then retrieving the secret in your app with mentioned libraries, but it's less secure. Will this BiometricPrompt enable us to encrypt/decrypt using the fingerprint? The implementation of FingerprintManager, does encrypt directly the Keychain entry, so it does hardware encryption. I suggest we modify BiometricPromptCompat which uses both BiometricPrompt and FingerprintManager and directly encrypt the Cipher. |
|
@cladjules Cool, maybe collaborate with @LinusU on his PR? @LinusU Amazing 💯 😄 |
|
@LinusU I think we miss an important point and we would need to pass the Cipher to BiometricPrompt and FingerprintManager using the That would require using the same Cipher to both I will update the PR, but we definitely need to add some bits to the |
|
Is there any progress on this? |
|
Also interested in this. It would be nice to use a single library, but I can use another Fingerprint auth library if needed. |
|
please track progress in #148 |
|
#260 - PR with implemented and tested biometric. Enjoy |
It's possible to get if the device supports fingerprint authentication with
getSupportedBiometryType()but the keychain item doesn't use the fingerprint authentication (or provide options for doing so).Looking at
react-native-keychain/android/src/main/java/com/oblador/keychain/cipherStorage/CipherStorageKeystoreAESCBC.java
Line 71 in c4b2b4d
The code is commented out. I've tried playing with this feature and uncommenting the code and even passing if the device supports fingerprint auth as an extra argument to encrypt.
However I can't get it working and there's nothing in the logs to suggest what is wrong.
The text was updated successfully, but these errors were encountered: