Using KeyGenParameterSpec.Builder to generate key but it throws exception when setUserAuthenticationRequired(true) is set.
private Key getKey(String KEY_ALIAS) throws GeneralSecurityException, IOException {
KeyStore.SecretKeyEntry secretKeyEntry = (KeyStore.SecretKeyEntry) getKeyStore().getEntry(KEY_ALIAS, null);
if (secretKeyEntry != null) {
return secretKeyEntry.getSecretKey();
} else if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
KeyGenerator generator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, ANDROID_KEY_STORE);
generator.init(new KeyGenParameterSpec.Builder(
KEY_ALIAS,
KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_GCM)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
.setUserAuthenticationRequired(true)
.setInvalidatedByBiometricEnrollment(true)
.setRandomizedEncryptionRequired(false)
.build()
);
return generator.generateKey();
} else {
return getAESKey(KEY_ALIAS);
}
}
The error is:
2022-05-04 18:47:47.643 23632-23733/com.bmo.enterprise.investorlinemobile E/Capacitor/Plugin: Failed to save credentials javax.crypto.IllegalBlockSizeException at android.security.keystore2.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:613) at javax.crypto.Cipher.doFinal(Cipher.java:2055) at com.epicshaggy.biometric.NativeBiometric.encryptString(NativeBiometric.java:267) at com.epicshaggy.biometric.NativeBiometric.setCredentials(NativeBiometric.java:150) at java.lang.reflect.Method.invoke(Native Method) at com.getcapacitor.PluginHandle.invoke(PluginHandle.java:121) at com.getcapacitor.Bridge.lambda$callPluginMethod$0$Bridge(Bridge.java:592) at com.getcapacitor.-$$Lambda$Bridge$25SFHybyAQk7zS27hTVXh2p8tmw.run(Unknown Source:8) at android.os.Handler.handleCallback(Handler.java:938) at android.os.Handler.dispatchMessage(Handler.java:99) at android.os.Looper.loopOnce(Looper.java:201) at android.os.Looper.loop(Looper.java:288) at android.os.HandlerThread.run(HandlerThread.java:67) Caused by: android.security.KeyStoreException: Key user not authenticated at android.security.KeyStore2.getKeyStoreException(KeyStore2.java:356) at android.security.KeyStoreOperation.handleExceptions(KeyStoreOperation.java:78) at android.security.KeyStoreOperation.update(KeyStoreOperation.java:114) at android.security.keystore2.KeyStoreCryptoOperationChunkedStreamer$MainDataStream.update(KeyStoreCryptoOperationChunkedStreamer.java:222) at android.security.keystore2.KeyStoreCryptoOperationChunkedStreamer.update(KeyStoreCryptoOperationChunkedStreamer.java:156) at android.security.keystore2.KeyStoreCryptoOperationChunkedStreamer.doFinal(KeyStoreCryptoOperationChunkedStreamer.java:179) at android.security.keystore2.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:603)
I tried answers from these threads with no luck: Error after Fingerprint touched on Samsung phones: android.security.KeyStoreException: Key user not authenticated 'Key user not authenticated', Understanding the Android KeyStore
I am testing with Pixel 6.
