search

Kunzisoft / KeePassDX

Lightweight vault and password manager for Android, KeePassDX allows editing encrypted data in a single file in KeePass format and fill in the forms in a secure way.
https://www.keepassdx.com/
GNU General Public License v3.0
4.79k stars 276 forks source link

Android keystore fails with error code -26 (fingerprint unlock) #1759

Closed efelon closed 10 months ago

efelon commented 10 months ago

Describe the bug

When trying to unlock the KeePass database using the biometric unlock (fingerprint) I always get the error -26 (details in the logcat) on a fresh install of lineage OS. Using only the password or the "normal" device unlock code works fine. First I thought to file a bug with LineageOS, but unlocking the Nextcloud App with the fingerprint is working fine. I used the "same" setup on other Motorola phones now and before which was always working well. The most obvious difference I can see between the Moto G7 plus (which is working well) and the new Moto g32 (which fails) is the Kernel version while both are using LineageOS 20:

I already tried (with always the same error):

Logcat keestore_logcat.txt

To Reproduce

Steps to reproduce the behavior:

  1. Configure Biometric Unlock
  2. Select you database and enter password
  3. Press on "unlock with biometrics"
  4. See error

Expected behavior

No error and the database to be unlocked.

KeePass Database

KeePassDX:

Android:

Additional context

Add any other context about the problem here.

J-Jamet commented 10 months ago

This is a known Lineage bug: the Keystore is no longer certified, so it is no longer possible to store secure symmetrical keys in it. Your Nextcloud App is a client-server application which does not use biometric recognition in the same way. Duplicate https://github.com/Kunzisoft/KeePassDX/issues/215 You can use device unlocking, which is more permissive.

efelon commented 9 months ago

Thanks @J-Jamet. For everyone who is wondering about this, with the update to LineageOS 21 the problem is solved.