We have an issue with Samsung S20, S20+ and S20 Ultra devices when trying to generate a keypair upon enrolling in fingerprint auth in my app. We are only seeing this issue on the new Samsung S20 family with the Exynos chipset (International model) NOT Snapdragon, but not on any other devices. I tested it with US spec Samsung S20+, but I can't get it to repro the issue.
This is the exception.
Caused by: java.security.ProviderException: Failed to generate key pair
at android.security.keystore.AndroidKeyStoreKeyPairGeneratorSpi.generateKeystoreKeyPair(AndroidKeyStoreKeyPairGeneratorSpi.java:556)
at android.security.keystore.AndroidKeyStoreKeyPairGeneratorSpi.generateKeyPair(AndroidKeyStoreKeyPairGeneratorSpi.java:499)
at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:727)
at com.x.biometricskit.provider.BioKeyGeneratorImpl.generateKeyPair(BioKeyGenerator.kt:70)
... 34 more
Caused by: android.security.KeyStoreException: Unsupported digest
at android.security.KeyStore.getKeyStoreException(KeyStore.java:1539)
... 38 more
Here's the code snippet for the BioKeyGeneratorImpl.generateKeyPair.
fun generateKeyPair(keyStoreAlias: String): KeyPair? {
val specBuilder: KeyGenParameterSpec.Builder =
KeyGenParameterSpec.Builder(keyStoreAlias, KeyProperties.PURPOSE_SIGN)
.setAlgorithmParameterSpec(ECGenParameterSpec(EC_KEY_SPEC))
.setDigests(
KeyProperties.DIGEST_SHA256,
KeyProperties.DIGEST_SHA384,
KeyProperties.DIGEST_SHA512
)
.setUserAuthenticationRequired(true)
.setIsStrongBoxBacked(true)
.setInvalidatedByBiometricEnrollment(true)
val keyPairGenSpec = specBuilder.build()
val keyPairGenerator =
KeyPairGenerator.getInstance(
KeyProperties.KEY_ALGORITHM_EC,
"AndroidKeyStore"
)
keyPairGenerator.initialize(keyPairGenSpec)
return keyPairGenerator.generateKeyPair()
}
