search

Kunzisoft / KeePassDX

Lightweight vault and password manager for Android, KeePassDX allows editing encrypted data in a single file in KeePass format and fill in the forms in a secure way.
https://www.keepassdx.com/
GNU General Public License v3.0
4.76k stars 276 forks source link

Cannot link biometric to database #724

Closed Stephan-P closed 4 years ago

Stephan-P commented 4 years ago

At opening the database I should be able to tap the Biometric icon, but I can't.

On my Samsung A41, I've got fingerprint unlocking already working for this device and now want to use it as well for opening a kbdx with KPDX.

I try to follow the instructions on this page https://github.com/Kunzisoft/KeePassDX/wiki/Advanced-Unlocking

  1. Start KPDX
  2. Enter database password + Enter
  3. Database is opened and there is no Biometric icon

Or

  1. Start KPDX
  2. Enter database password without enter
  3. Tap Biometric icon above
  4. Nothing happens

Basically, I get stuck on step B.2 of the instructions

Keepass Database

KeePassDX:

Android:

J-Jamet commented 4 years ago

I think the Keystore is not accessible but this needs to be checked. Do you also have the problem with other KeePass apps?

J-Jamet commented 4 years ago

OK, I created a new branch to do tests feature/BIOMETRIC_SECURITY, I used the new 1.1.0_alpha2 biometric library, added level strong security recommendations and added error messages. You should see more items to find out what's going on.

J-Jamet commented 4 years ago

KeePassDX_build_20200929.zip Can you download this version and indicate the behavior in your device.

Stephan-P commented 4 years ago

I managed to download the zip, unpacked it, but the apk fails to install. Also after having upped the rights of the file manager. Screenshot_20200929-212240_Package installer "App not installed"

J-Jamet commented 4 years ago

I just checked the installation on my phone, everything is OK. I think you need to delete the old instances.

Stephan-P commented 4 years ago

Okay, I uninstalled my existing kpdx after which the apk was able to install. Unfortunately this build crashes a lot. It crashes when I open the database from it's onedrive location. It also crashes when I skip loading the database and enter the settings.

J-Jamet commented 4 years ago

Unfortunately this build crashes a lot.

It's unexpected, I can't reproduce the crashes. I think this is due to my testing on migrating to API 30.

But that's okay for now, that's not the point, does biometric opening work?

Stephan-P commented 4 years ago

I can't get to that point. The app crashes when I select my database (on onedrive).

J-Jamet commented 4 years ago

And with a local database?

Stephan-P commented 4 years ago

As well, I'm afraid. I had already removed the apk-build, switching back to the regular build. So I re-installed the apk again. I copied the kdbx file to internal storage \Documents\ I opened KPDX and browsed to open the local file. Upon selecting the kbdx file, Android prompted me to allow the app access to files and images. After allowing this, KPDX had vanished, silently closed (completely). Is this a crash too? I restarted KPDX and navigated to the local kbdx file again. Upon selecting the file, KPDX crashed

J-Jamet commented 4 years ago

There is no reason to be afraid, there is always a way to solve problems.

After allowing this, KPDX had vanished, silently closed (completely). Is this a crash too?

Indeed it's weird, try to delete the data and start over. If this happens when you enable permissions, try not to enable them.

Stephan-P commented 4 years ago

Android 10 reports: "KeePassDX keeps stopping (my translation from Dutch)

J-Jamet commented 4 years ago

There is undoubtedly an exception raised by the biometric API, but I do not know which one. Can you have the details of the crashes?

Stephan-P commented 4 years ago

This is new to me :-) Can you tell me how to find error logs? Would that be in Developers options - Error reporting?

J-Jamet commented 4 years ago

You can generate logs with your phone:

or

Or if you are more adventurous, you can link your device to a PC by USB and read logs with ADB or Android Studio. https://developer.android.com/studio/debug/am-logcat

J-Jamet commented 4 years ago

OK, so I have found:

09-29 22:50:54.183 10305 19384 19384 E AndroidRuntime: FATAL EXCEPTION: main
09-29 22:50:54.183 10305 19384 19384 E AndroidRuntime: Process: com.kunzisoft.keepass.free, PID: 19384
09-29 22:50:54.183 10305 19384 19384 E AndroidRuntime: java.lang.IllegalArgumentException: method android.hardware.biometrics.BiometricManager.canAuthenticate argument 1 has type android.hardware.biometrics.BiometricPrompt$CryptoObject, got androidx.biometric.BiometricPrompt$CryptoObject
09-29 22:50:54.183 10305 19384 19384 E AndroidRuntime:  at java.lang.reflect.Method.invoke(Native Method)
09-29 22:50:54.183 10305 19384 19384 E AndroidRuntime:  at androidx.biometric.BiometricManager.canAuthenticateWithStrongBiometricOnApi29(BiometricManager.java:412)
09-29 22:50:54.183 10305 19384 19384 E AndroidRuntime:  at androidx.biometric.BiometricManager.canAuthenticateCompat(BiometricManager.java:381)
09-29 22:50:54.183 10305 19384 19384 E AndroidRuntime:  at androidx.biometric.BiometricManager.canAuthenticate(BiometricManager.java:336)
09-29 22:50:54.183 10305 19384 19384 E AndroidRuntime:  at com.kunzisoft.keepass.biometric.BiometricUnlockDatabaseHelper$Companion.canAuthenticate(BiometricUnlockDatabaseHelper.kt:300)
09-29 22:50:54.183 10305 19384 19384 E AndroidRuntime:  at com.kunzisoft.keepass.biometric.AdvancedUnlockedManager.checkBiometricAvailability(AdvancedUnlockedManager.kt:91)
09-29 22:50:54.183 10305 19384 19384 E AndroidRuntime:  at com.kunzisoft.keepass.activities.PasswordActivity.onDatabaseFileLoaded(PasswordActivity.kt:455)
09-29 22:50:54.183 10305 19384 19384 E AndroidRuntime:  at com.kunzisoft.keepass.activities.PasswordActivity.access$onDatabaseFileLoaded(PasswordActivity.kt:79)
09-29 22:50:54.183 10305 19384 19384 E AndroidRuntime:  at androidx.lifecycle.LiveData.considerNotify(LiveData.java:131)
09-29 22:50:54.183 10305 19384 19384 E AndroidRuntime:  at androidx.lifecycle.LiveData.dispatchingValue(LiveData.java:149)
09-29 22:50:54.183 10305 19384 19384 E AndroidRuntime:  at androidx.lifecycle.LiveData.setValue(LiveData.java:307)
09-29 22:50:54.183 10305 19384 19384 E AndroidRuntime:  at androidx.lifecycle.MutableLiveData.setValue(MutableLiveData.java:50)
09-29 22:50:54.183 10305 19384 19384 E AndroidRuntime:  at com.kunzisoft.keepass.viewmodels.DatabaseFileViewModel$loadDatabaseFile$1.invoke(DatabaseFileViewModel.kt:24)
09-29 22:50:54.183 10305 19384 19384 E AndroidRuntime:  at com.kunzisoft.keepass.viewmodels.DatabaseFileViewModel$loadDatabaseFile$1.invoke(DatabaseFileViewModel.kt:10)
09-29 22:50:54.183 10305 19384 19384 E AndroidRuntime:  at com.kunzisoft.keepass.app.database.FileDatabaseHistoryAction$getDatabaseFile$2.invoke(FileDatabaseHistoryAction.kt:54)
09-29 22:50:54.183 10305 19384 19384 E AndroidRuntime:  at com.kunzisoft.keepass.app.database.FileDatabaseHistoryAction$getDatabaseFile$2.invoke(FileDatabaseHistoryAction.kt:30)
09-29 22:50:54.183 10305 19384 19384 E AndroidRuntime:  at com.kunzisoft.keepass.app.database.IOActionTask$execute$1$1$1.invokeSuspend(IOActionTask.kt:40)
09-29 22:50:54.183 10305 19384 19384 E AndroidRuntime:  at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
09-29 22:50:54.183 10305 19384 19384 E AndroidRuntime:  at kotlinx.coroutines.DispatchedTask.run(Dispatched.kt:241)
09-29 22:50:54.183 10305 19384 19384 E AndroidRuntime:  at android.os.Handler.handleCallback(Handler.java:883)
09-29 22:50:54.183 10305 19384 19384 E AndroidRuntime:  at android.os.Handler.dispatchMessage(Handler.java:100)
09-29 22:50:54.183 10305 19384 19384 E AndroidRuntime:  at android.os.Looper.loop(Looper.java:237)
09-29 22:50:54.183 10305 19384 19384 E AndroidRuntime:  at android.app.ActivityThread.main(ActivityThread.java:8016)
09-29 22:50:54.183 10305 19384 19384 E AndroidRuntime:  at java.lang.reflect.Method.invoke(Native Method)
09-29 22:50:54.183 10305 19384 19384 E AndroidRuntime:  at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:496)
09-29 22:50:54.183 10305 19384 19384 E AndroidRuntime:  at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1087)

It is repeated often so this is it. I think the problem stems from an authentication method argument that is not recognized by your device. I think it's due to the alpha version of the library, I'll try to bypass the problem and upload a new APK.

I also noticed that you have issue #722, if you want to revert to a stable version you need to download version 2.8.7.

Stephan-P commented 4 years ago

Thanks. I'll revert to 2.8.7 again. And I'm glad to have been of help here.

J-Jamet commented 4 years ago

Yes it is very useful, without your intervention I could not know that the biometric correction could not work on several devices.

KeePassDX_build_202009301559.zip

Here is another build, I replaced the unrecognized variable with a hexadecimal match (0x000F). I hope it will force recognition, can you test it?

Stephan-P commented 4 years ago

Installing 2.8.7 again ... ;-) Edit: Uninstalling ....

J-Jamet commented 4 years ago

Yes, installing and reinstalling applications, I do that all day, it is rather boring when you change only a few lines of code. This is unfortunately the job, but we'll be very happy when it works. ;)

Stephan-P commented 4 years ago

It's all pretty much the same as in my prior comment

I'll send you another debug log.

J-Jamet commented 4 years ago

OK, thanks. I change my approach, the logs were the same. I now try to catch the exceptions and return increasingly lower levels of security. KeePassDX_build_202009301955.zip

Stephan-P commented 4 years ago

I'll give it a try tomorrow.

Stephan-P commented 4 years ago

I LIED. I gave a try just now.

How's that? NICE!

Stephan-P commented 4 years ago

Want logs for this?

J-Jamet commented 4 years ago

No need for logs. Can you tell me if a toast Unable to authenticate with strong biometric. appears?

Stephan-P commented 4 years ago

Yes, I got such notifications.

hbiel commented 4 years ago

While testing the fixes for #725 i noticed that i cannot activate biometric unlocking using my own build. On the unlock screen it says "The keystore is not properly initialized" and trying to activate it in the settings its saying "Could not find the corresponding hardware.

This is on my OnePlus 6 running Android 10.

I have not had any problems using biometric before so i thought this might be related? Let me know if i can do more to help.

J-Jamet commented 4 years ago

Thank you for the reply @hbiel. Have you tried to delete the biometric keys from the settings and do you have a lock screen on your phone? If it displays "The keystore is not properly initialized", it means that the keystore is not accessible (often because it is not secure) to store the keys.

J-Jamet commented 4 years ago

I just updated the biometric library from androidx.biometric:biometric:1.1.0-alpha02 to androidx.biometric:biometric:1.1.0-beta01.

https://developer.android.com/jetpack/androidx/releases/biometric#1.1.0-beta01

J-Jamet commented 4 years ago

In fact you may have highlighted an error, I will improve the code tomorrow to test.

hbiel commented 4 years ago

I just removed my fingerprints in system settings and set it up again.

Funnily after that the biometric unlock wasn't even shown when unlocking the database. I removed the app data and only then the option was available.

I think the main problem is that I cannot even activate the option in the app settings. I think the biometric unlock prompt shouldn't be shown when it's not activated in the settings.

On a side note: I am running on the official ROM from OnePlus but have rooted my device. So regarding security this might be an issue if it's checked by the library.

J-Jamet commented 4 years ago

OK, I now manage the BIOMETRIC_STATUS_UNKNOWN status which can happen even when it works (on old hardware apparently) and I have added new compatible states to init the keystore. You can test with the branch Biometric_States

stevensko commented 4 years ago

OK, thanks. I change my approach, the logs were the same. I now try to catch the exceptions and return increasingly lower levels of security. KeePassDX_build_202009301955.zip

I had the same problem with my lg stylo 4. I had been using your app for a few months with biometric unlock and had no problems. I then reset my fingerprints a few days ago and that's when the biometric wouldn't pop up. I didn't have any issues with other keepass apps. But the linked build fixed the issue for me.

hbiel commented 4 years ago

branch Biometric_States

I tried your changes but I still get the following error when trying to enable biometric unlocking in the settings:

"Could not start this feature. Could not find the corresponding hardware."

On first start it also showed the biometric unlock option when opening the database. But afterwards it wasn't shown anymore.

J-Jamet commented 4 years ago

@hbiel If you have this message it is because the method unlockSupported() returns a state not recognized. Can you debug and tell me what is the biometricCanAuthenticate variable (line 321) when the problem occurs on your device?

Edit: Do you have logs with: Unable to authenticate with strong biometric. or/and Unable to authenticate with weak biometric. and details?

hbiel commented 4 years ago

By logs you mean the bug report function you mentioned above?

And can you point me to directions on how to debug the app? I suppose I need Android Studio and connect to the via ADB? I will try to do it later today.

J-Jamet commented 4 years ago

If you tried the branch Biometric_States, you must have used Android studio to build the specific branch. You just need to press the green debug button at the top of the IDE and put a breakpoint at the corresponding line.(by clicking at the beginning of the line, it creates a red point) https://developer.android.com/studio/debug

hbiel commented 4 years ago

Sorry, i made a mistake earlier. I merged your changes on Github but did not pull them to my workspace. :-( Its actually working as expected now.

I debugged it nonetheless and in my case it's reporting BIOMETRIC_STATUS_UNKNOWN (-1). Maybe this is the case because the OnePlus 6 is still running on Android 10?

Before i just used a minimal set of the Android SDK and ran the gradle build script directly. I just had no need to use Android Studio before.

J-Jamet commented 4 years ago

OK, thanks for the confirmation, I understand better.

I debugged it nonetheless and in my case it's reporting BIOMETRIC_STATUS_UNKNOWN (-1). Maybe this is the case because the OnePlus 6 is still running on Android 10?

I don't really know, the documentation says this status is used on older systems that don't support the newest API, but that's not a big deal. Now that I've added it, it should solve all the worries.

Before i just used a minimal set of the Android SDK and ran the gradle build script directly.

Sorry for the extra installation. :s

I merge the changes in the develop branch. Thanks for the feedback everyone, it's very useful especially with different behaviors on each device.

hbiel commented 4 years ago

Sorry for the extra installation. :s

I merge the changes in the develop branch. Thanks for the feedback everyone, it's very useful especially with different behaviors on each device.

No worries! I'm glad to help.