echeoquehaii
commented
3 years ago Following this, since I have a very long password and this is the only issue which blocks me from using KeePassDX. Thanks for all your work by the way!
Closed J-Jamet closed 3 years ago
echeoquehaii
commented
3 years ago Following this, since I have a very long password and this is the only issue which blocks me from using KeePassDX. Thanks for all your work by the way!
J-Jamet
commented
3 years ago The first tests are conclusive. The only problem is that switching from fingerprint to credential unlocking of the phone invalidates the keystore key. Solutions:
I find the first method more natural and allows to reset the configuration in all cases. What do you think?
J-Jamet
commented
3 years ago The easiest solution is to display a warning message before deleting the keys. :D
shadow00
commented
3 years ago What about devices < Android 11? Will this be available too?
J-Jamet
commented
3 years ago This is only available on Android 11 minimum. The OS does not offer to use the device credentials in previous versions. https://developer.android.com/training/sign-in/biometric-auth#declare-supported-authentication-types https://android-developers.googleblog.com/2020/09/lockscreen-and-authentication.html
echeoquehaii
commented
3 years ago This is only available on Android 11 minimum. The OS does not offer to use the device credentials in previous versions.
How come Firefox Lockwise is able to do that?
J-Jamet
commented
3 years ago This is a good question, I don't know, maybe there is a compatibility package. If anyone has the answer, please indicate it.
J-Jamet
commented
3 years ago It is well indicated in the doc: _Note that not all combinations of authenticator types are supported prior to Android 11 (API 30). Specifically, DEVICE_CREDENTIAL alone is unsupported prior to API 30, and BIOMETRIC_STRONG | DEVICECREDENTIAL is unsupported on API 28-29. Setting an unsupported value on an affected Android version will result in an error when calling build().
rugk
commented
3 years ago They don't seem to use your indicated variables.
rugk
commented
3 years ago Actually, here is some documentation: https://github.com/mozilla-lockwise/lockwise-android/blob/master/docs/architecture/sec-apis.md
:tada:
J-Jamet
commented
3 years ago The KeyguardManager paragraph seems the most interesting.
J-Jamet
commented
3 years ago We have to use an old KeyguardManager method , it bothers me because it's not the same workflow and it's deprecated now...
J-Jamet
commented
3 years ago I just checked the operation, there is a lot of change to be made. Encryption management must be manually reimplemented to be properly validated when there is an activity request to check the PIN. Each Android version must be managed independently, etc.
Lockwise has simply removed the deprecation warning for new versions.
Concretely, I don't want to implement a deprecated method with so much work when I don't need to, if I am subsidized I can reconsider the question. If someone is motivated they can do a pull request.
I leave the issue #811 open.
Add system PIN / Password / Pattern unlocking methods, such as database unlocking.
A study must be made on the subject to estimate its feasibility.
https://developer.android.com/reference/androidx/biometric/BiometricPrompt.PromptInfo.Builder#setAllowedAuthenticators(int) https://stackoverflow.com/questions/59593474/what-is-the-correct-flow-to-check-for-biometrics-and-pin-password-with-biometric https://proandroiddev.com/biometrics-in-android-50424de8d0e
Linked to #102 #152