为什么Android指纹认证需要加密对象? [英] Why crypto object is needed for Android fingerprint authentication?
问题描述
我已经浏览了Google提供的android指纹示例。
I have gone through the android finger print sample provided by Google.
https://github.com/googlesamples/android-FingerprintDialog
由于我是安全标准的新手,所以我无法了解以下内容。
As I am new to security standards, I am unable to understand the following.
- 为什么我们需要使用Keystore,key,CryptoObject等?很简单,就像,要求指纹管理器对用户进行身份验证,它可以简单地返回状态(成功/失败)
- 每次每次身份验证时我都需要生成新密钥吗?
推荐答案
为什么我们需要使用Keystore,key和CryptoObject。 ..等等?就像
一样,要求指纹管理器对用户进行身份验证,并且
可以简单地返回状态(成功/失败)
Why we need to use Keystore, key, CryptoObject... etc? Simply It could be like, ask finger print manager to authenticate the user and it can simply return the status(success/failed)
您不必这样做。您可以在没有 CryptoObject 的情况下进行指纹认证,只需传递 null 值即可。这样就不必弄乱密钥库和其他东西了。
You don't have to. You can make fingerprint authentication without a CryptoObject, just pass a null value. Then won't have to mess with keystore and other stuff.
仅 使用 CryptoObject 是要知道自从上次用户通过指纹进行身份验证以来是否添加了新指纹。
The only use of a CryptoObject in a Fingerprint Authentication context is to know if a new fingerprint was added since last time the user authenticated via fingerprint.
Do我每次每次认证都需要生成新密钥吗?
Do I need to generate new key every time on each authentication?
如果添加了新指纹,您
同样,您也不会拥有新的密钥(因为添加新指纹后它们将变得无效)。如果传递 null CryptoObject
Again you won't have to mess with these if you pass a null CryptoObject
指纹身份验证不需要CryptoObject,实际上相反。
Fingerprint authentication doesn't require a CryptoObject, in fact it's quite the opposite.
在Android上进行加密操作时,可以使用以下对象之一:密码,签名, Mac (及其他)。这三者之一可用于构建 CryptoObject 。
When you make cryptographic operations on Android, you can use one of these objects : Cipher, Signature, Mac (and others). One of these three can be used to build a CryptoObject.
为这些对象生成密钥时,有一种命名为 setUserAuthenticationRequired(boolean)的方法如果用户之前已经通过指纹进行了身份验证,则仅获得密钥。
When you generate keys for these objects, there is a method nammed setUserAuthenticationRequired(boolean) which manages to get the keys valids only if the user has authenticated via fingerprint before.
因此,例如在进行客户端/服务器通信时,如果客户可以使用密钥,这意味着他可以通过指纹进行身份验证并且知道身份。
Thus, in case of a client/server communication for instance, if the client can use the keys, it means he authenticated via fingerprint and his identity is known.
也就是说,您可能要检查我的图书馆,这使整个事情变得很简单。容易得多:
That said, you might want to check my library which makes the whole thing a lot easier :
https:// github .com / OmarAflak / Fingerprint
这篇关于为什么Android指纹认证需要加密对象?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
