setUserAuthenticationRequired(true)和setUserAuthenticationValidityDurationSeconds(X)时未捕获到Android KeyPermanentlyInvalidatedException [英] Android KeyPermanentlyInvalidatedException is not catched when setUserAuthenticationRequired(true) and setUserAuthenticationValidityDurationSeconds(X)
问题描述
您好,Android开发人员,
Hello Android developers,
当我同时使用Fingerprint和AndroidKeystoreProvider时,我的应用程序中有些奇怪的东西.
I've got something strange in my app when I'm using the Fingerprint and the AndroidKeystoreProvider together.
在这种情况下:
我用KeyPairGenerator创建一个KeyPair.
在构建器中,我设置了setUserAuthenticationRequired(true)和setUserAuthenticationValidityDurationSeconds(10).
I create a KeyPair with KeyPairGenerator.
In the builder I have set setUserAuthenticationRequired(true) and setUserAuthenticationValidityDurationSeconds(10).
我已经在3个手指上注册了指纹.
Into my fingerprint I have enrolled 3 fingers.
当我第一次尝试使用initSign(...)初始化Signature算法时,捕获到 UserNotAuthenticatedException .这还算公平. ( https://developer.android.com/reference/android/security /keystore/UserNotAuthenticatedException.html )
When I try next to init the Signature algorithm with initSign(...) the first time, UserNotAuthenticatedException is catched. That's fair. (https://developer.android.com/reference/android/security/keystore/UserNotAuthenticatedException.html)
然后我将一个新手指注册到我的指纹中.
Then I enroll a new finger into my fingerprint.
因此,我希望比初始化签名算法时,它应该捕获 KeyPermanentlyInvalidatedException ,如Google文档中所述(
So I expect than when I init the Signature algorithm, it should catch KeyPermanentlyInvalidatedException as described into the Google documentation (https://developer.android.com/reference/android/security/keystore/KeyPermanentlyInvalidatedException.html) but it is not the case. UserNotAuthenticatedException is always catched.
如果我删除setUserAuthenticationValidityDurationSeconds(10),一切将按预期进行. (很好地捕获了 KeyPermanentlyInvalidatedException )
If I remove setUserAuthenticationValidityDurationSeconds(10) things gonna work as expected. (KeyPermanentlyInvalidatedException is well catched)
您是否知道是否有办法使setUserAuthenticationRequired(true)和setUserAuthenticationValidityDurationSeconds(10)都适用于这两个异常?
Did you know if there is a way to make both exceptions work with setUserAuthenticationRequired(true) and setUserAuthenticationValidityDurationSeconds(10) ?
预先感谢您, 马特
推荐答案
否,setUserAuthenticationValidityDurationSeconds> -1
来自 setUserAuthenticationValidityDurationSeconds 文档:
Parameters: seconds int: duration in seconds or -1 if user authentication must take place for every use of the key .
Parameters: seconds int: duration in seconds or-1 if user authentication must take place for every use of the key.
并来自 setUserAuthenticationRequired :
Additionally, if the key requires that user authentication takes place for every use of the key, it is also irreversibly invalidated once a new fingerprint is enrolled
更新(26.11.2018)
Update (26.11.2018)
KeyPermanentlyInvalidatedException,因为:
涉及授权使用密钥的密码操作 成功进行用户身份验证后使用了一段时间 事件只能使用安全锁屏身份验证.这些 加密操作将引发UserNotAuthenticatedException 在初始化期间是否需要验证用户身份 继续.
Cryptographic operations involving keys which are authorized to be used for a duration of time after a successful user authentication event can only use secure lock screen authentication. These cryptographic operations will throw UserNotAuthenticatedException during initialization if the user needs to be authenticated to proceed.
这篇关于setUserAuthenticationRequired(true)和setUserAuthenticationValidityDurationSeconds(X)时未捕获到Android KeyPermanentlyInvalidatedException的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
