Fix of issue 318 #399
Fix of issue 318 #399
Conversation
|
@Zo2m4bie Hey, could you elaborate on why RSA doesn't work with your solution? |
|
@andrejcesen well, I just wasn't able to manage RSA cipher to work with BiometricPrompt. I tried to do it with RSA at the beginning but I faced with error when I passed cipher into BiometricPrompt. I guess it's related to pair of public and private keys that are used in RSA. As when cipher is passed to the BiometricPrompt, it changes with some biometric data and we need to manage vector bytes from this cipher to restore cipher for decryption. As I understood this logic doesn't work fully with RSA. |
|
Awesome, thanks for sharing @Zo2m4bie. |
|
I'm not sure removing RSA is the right approach here to fix this issue. The issues do seem to need fixing but this would break backwards compatibility for anyone who requires RSA set up and aren't easily able to migrate over to AES. Is there a more backwards compatible approach you can take? |
|
@CWolfs hm, very good point. For now I see only one available solution is to create separate migration method that will load data from RSA and move it into AES. The only problem of this solution that it will ask fingerprint twice. First one to load data from RSA storage and second one to save it into a new storage |
|
Hi guys! I tried this branch @Zo2m4bie on a Pixel 4. There is an issue, when I call to |
|
Hello @AdriaRios It's the expected behavior. You can look at this prompt as an entry point to your Cipher. You need to pass it to encrypt or decrypt data. |
|
Oh really? Is because the main branch doesn't work like that, and it's a bit weird the behaviour |
|
@AdriaRios If you're using RSA on the main branch then it's asymmetric crypto (public/private keys). So it encrypts the data using the public key - so you don't need to authenticate. When you go to decrypt you use the private key and so to access that you need to authenticate. I haven't looked at @Zo2m4bie's PR properly but I assume since he's using only AES, which is symmetric, then you need access to the KeyStore for both encrypting and decrypting and so requires you to unlock the Keystore with an authentication for both times. That's my assumption on the last bit anyway. |
|
@CWolfs you are absolutely right |
|
I believe this issue should have been resolved as of 7.0.0. Can anyone confirm? |
|
@oblador my case with Samsung device was fixed. However let it be open until resolving a new issue described in 318 thread because this solution works for all cases |
|
After using this fork for react-native-keychain and making adjustments (adding authenticationPrompt on setInternetCredentials), instead of having #318, now I have "Could not encrypt data with alias" |
Still have this issue on version 8.1.1 |
Fix issue 318 with FaceId for android
There're two issues here. First of all Pixel 4 doesn't work. Fix with setUserAuthenticationValidityDurationSeconds allow Pixel to work however it asks face not all the time, which sometime looks strange when users expect to see face recognition but they don't see it .
Second problem is Samsung. Samsung face recognition isn't secure that's why you see "User not authenticated" issue.
I rework logic with cipher and now it works for Samsung(Samsung doesn't ask face) and for Pixel.
Also RSA were removed as it doesn't work with a new solution