Creates a symmetric key in the Android Key Store which can only be used after the user has authenticated with fingerprint. - Android java.security

Android examples for java.security:KeyStore

Description

Creates a symmetric key in the Android Key Store which can only be used after the user has authenticated with fingerprint.

Demo Code

/*//from  ww  w  .j av  a  2 s.co m
 * Copyright 2016 Thomas Hoffmann
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
//package com.java2s;

import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyProperties;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;

import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;

public class Main {
    /**
     * Alias for our key in the Android Key Store
     */
    private static final String KEY_NAME = "my_key";
    private static KeyStore mKeyStore;
    private static KeyGenerator mKeyGenerator;

    /**
     * Creates a symmetric key in the Android Key Store which can only be used after the user has
     * authenticated with fingerprint.
     */
    private static void createKey() throws CertificateException,
            NoSuchAlgorithmException, IOException,
            InvalidAlgorithmParameterException {
        // The enrolling flow for fingerprint. This is where you ask the user to set up fingerprint
        // for your flow. Use of keys is necessary if you need to know if the set of
        // enrolled fingerprints has changed.
        mKeyStore.load(null);
        // Set the alias of the entry in Android KeyStore where the key will appear
        // and the constrains (purposes) in the constructor of the Builder
        mKeyGenerator.init(new KeyGenParameterSpec.Builder(KEY_NAME,
                KeyProperties.PURPOSE_ENCRYPT
                        | KeyProperties.PURPOSE_DECRYPT)
                .setBlockModes(KeyProperties.BLOCK_MODE_CBC)
                // Require the user to authenticate with a fingerprint to authorize every use
                // of the key
                .setUserAuthenticationRequired(true)
                .setEncryptionPaddings(
                        KeyProperties.ENCRYPTION_PADDING_PKCS7).build());
        mKeyGenerator.generateKey();
    }

    /**
     * Initializes the keystore and creates the key if necessary
     *
     * @return true, if a new key has been generated
     * @throws GeneralSecurityException
     * @throws IOException
     */
    static boolean init() throws GeneralSecurityException, IOException {
        mKeyStore = KeyStore.getInstance("AndroidKeyStore");
        mKeyGenerator = KeyGenerator.getInstance(
                KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore");
        if (!hasKey()) {
            createKey();
            return true;
        } else {
            return false;
        }
    }

    /**
     * Checks if a key has already been create
     *
     * @return true, if a key is already created
     */
    private static boolean hasKey() {
        try {
            mKeyStore.load(null);
            SecretKey key = (SecretKey) mKeyStore.getKey(KEY_NAME, null);
            return key != null;
        } catch (Exception e) {
            e.printStackTrace();
        }
        return false;
    }
}

Related Tutorials