我正在研究一个与指纹相关的项目,需要处理指纹目录更改。我使用setUserAuthenticationRequired(true)选项生成的秘密密钥来检查指纹更改。一旦注册新的指纹或不再注册指纹,密钥应该不可逆转地失效,并且尝试使用此类密钥初始化加密操作将抛出KeyPermanentlyInvalidatedException。
我发现它可以在Galaxy s7上工作,但它不能在s7 edge上工作。在s7 edge上,当添加新指纹时,密钥仍然有效。
下面是我的代码,它来自谷歌FingerprintDialog示例应用程序,你以前见过这个问题,有任何解决方案吗?谢谢!
/**
* Creates a symmetric key in the Android Key Store which can only be used after the user has
* authenticated with fingerprint.
*/
public void createKey() {
try {
mKeyStore.load(null);
mKeyGenerator.init(new KeyGenParameterSpec.Builder(KEY_NAME,
KeyProperties.PURPOSE_ENCRYPT |
KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_CBC)
// Require the user to authenticate with a fingerprint to authorize every use
// of the key
.setUserAuthenticationRequired(true)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_PKCS7)
.build());
mKeyGenerator.generateKey();
} catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException
| CertificateException | IOException e) {
throw new RuntimeException(e);
}
}
/**
* Initialize the {@link Cipher} instance with the created key in the {@link #createKey()}
* method.
*/
private boolean initCipher() {
try {
mKeyStore.load(null);
SecretKey key = (SecretKey) mKeyStore.getKey(KEY_NAME, null);
mCipher.init(Cipher.ENCRYPT_MODE, key);
return true;
} catch (KeyPermanentlyInvalidatedException e) { //It should throw this exception when adding a new fingerprint, but on s7 edge, it doesn't throw
return false;
} catch (KeyStoreException | CertificateException | UnrecoverableKeyException | IOException
| NoSuchAlgorithmException | InvalidKeyException e) {
throw new RuntimeException("Failed to init Cipher", e);
}
}
型号:SM-G935W8;Android版本:6.0.1;狗狗版本:3.18.14-8421152,版本号:MMB29K。G935W8VLU1APG1,Android安全补丁级别:2016年7月1日
这个问题已经被三星的操作系统更新修复:Kenel版本:3.18.14-9105000,构建号:MMB29K。G935W8VLU2APG1,安卓安全补丁级别:2016年9月1日