The CryptoObject in BiometricPrompt.AuthenticationResult is always null

Question

I am using biometric authentication dialog but my cryptoObject is always null. I have a fragment but I also tried directly from the activity.

Here is my code,

private Handler biometricPromptHandler = new Handler();

private Executor executor = command -> biometricPromptHandler.post(command);
private void showBiometricPrompt( String title, String description,
                                 BiometricsCompatCallback compatCallback) {

    BiometricPrompt.PromptInfo promptInfo =
            new BiometricPrompt.PromptInfo.Builder()
                    .setTitle(title)
                    .setSubtitle(description)
                    .setNegativeButtonText("Cancel")
                    .build();

    BiometricPrompt biometricPrompt = new BiometricPrompt((FragmentActivity) context,
            executor, new BiometricPrompt.AuthenticationCallback() {
        @Override
        public void onAuthenticationError(int errorCode,
                                          @NonNull CharSequence errString) {
            super.onAuthenticationError(errorCode, errString);
            compatCallback.onAuthenticationError(errorCode, errString);
            Log.d("onAuthenticationError", ": ");
        }

        @Override
        public void onAuthenticationSucceeded(
                @NonNull BiometricPrompt.AuthenticationResult result) {
            super.onAuthenticationSucceeded(result);
            Log.d("result", ": "+(result.getCryptoObject()));
            BiometricPrompt.CryptoObject authenticatedCryptoObject =
                    result.getCryptoObject();
            Log.d("onAuthentionSucceeded", ": "+(authenticatedCryptoObject==null));
            if (authenticatedCryptoObject != null) {
                 cipher = authenticatedCryptoObject.getCipher();
                Log.d("onAuthentionSucceeded", ": ");
                compatCallback.onAuthenticationSuccessful(cipher);
            }else {
                Log.d("cipher", "onAuthenticationSucceeded: ");
            }

        }

        @Override
        public void onAuthenticationFailed() {
            Log.d("onAuthenticationFailed", ": ");
            super.onAuthenticationFailed();
            compatCallback.onAuthenticationFailed();
        }
    });


        biometricPrompt.authenticate(promptInfo);



}

Anybody knows what I am doing wrong?

score 3 · Answer 1 · answered Dec 05 '19 at 13:41

You need to provide a Cipher in the second parameter of the authenticate method or it will always return null.

Use

authenticate(PromptInfo info, CryptoObject crypto)

instead of

authenticate(PromptInfo info)

Take a look to this tutorial and the sample project in this repository. You can use something like this:

BiometricPrompt.CryptoObject cryptoObject = new BiometricPrompt.CryptoObject(getEncryptCipher(createKey()));
biometricPrompt.authenticate(promptInfo, cryptoObject);

Using (depending on the ciphering you want):

private SecretKey createKey() throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
    String algorithm = KeyProperties.KEY_ALGORITHM_AES;
    String provider = "AndroidKeyStore";
    KeyGenerator keyGenerator = KeyGenerator.getInstance(algorithm, provider);
    KeyGenParameterSpec keyGenParameterSpec = new KeyGenParameterSpec.Builder("MY_KEY", KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
            .setBlockModes(KeyProperties.BLOCK_MODE_CBC)
            .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_PKCS7)
            .setUserAuthenticationRequired(true)
            .build();

    keyGenerator.init(keyGenParameterSpec);
    return keyGenerator.generateKey();
}

private Cipher getEncryptCipher(Key key) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException {
    String algorithm = KeyProperties.KEY_ALGORITHM_AES;
    String blockMode = KeyProperties.BLOCK_MODE_CBC;
    String padding = KeyProperties.ENCRYPTION_PADDING_PKCS7;
    Cipher cipher = Cipher.getInstance(algorithm+"/"+blockMode+"/"+padding);
    cipher.init(Cipher.ENCRYPT_MODE, key);
    return cipher;
}

I will test your solution and let you know. – Muhammad Rizwan Dec 06 '19 at 02:37 — Muhammad Rizwan, Dec 06 '19 at 02:37

score 2 · Accepted Answer · answered Dec 18 '19 at 22:15

To get a CryptoObject from AuthenticationResult, you must first pass in a CryptoObject when you call authenticate(), like so:

// this example uses a Cipher but your code can use signature or mac
biometricPrompt.authenticate(promptInfo, BiometricPrompt.CryptoObject(cipher))

If you don't pass a CryptoObject when you call authenticate() then the API doesn't have one to return to you.

Check out this blog post.

The CryptoObject in BiometricPrompt.AuthenticationResult is always null

2 Answers2