Biometric Unlock stopped working; Exception when turning on Biometric Unlock

[nharrer]

Hi.

Phone: Xiaomi Redmi Note 10 (M2101K6G) MIUI 13.0.3 Android: 12 SKQ1.210908.001 Keepass2Android: 1.09c-r0

Fingerprint unlocking was working great so far. Then I disabled the lock screen. After re-enabling the lock screen, I had to set up a new fingerprint. After that, Keepass2Android fingerprint unlock stopped working (don't remember the exact error message). I disabled Biometric Unlock in KP2A and now I am unable to "Enable full Biometric Unlock". When I try to activate it I get following exception:

Java.Lang.RuntimeException: Exception of type 'Java.lang.RuntimeException' was thrown. at keepass2android. BiometricEncryption.Init () [0x000aa] in <7165a5adb3574afbabf24b0ad4c46188>:0 at keepass2android. Biometric SetupActivity.ChangeUnlockMode (keepass2android.FingerprintUnlockMode oldMode, keepass2android.FingerprintUnlock Mode newMode) [0x000b0] in <7165a5adb3574afbabf24b0ad4c46188>:0 --- End of managed Java.lang.RuntimeException stack trace java.lang.RuntimeException: Failed to init Cipher at mono.android.widget.CompoundButton_ OnCheckedChangeListenerlmplementor. nonCheckedChanged(Native Method) at mono.android.widget.CompoundButton OnCheckedChangeListenerlmplementor. onCheckedChanged(CompoundButton_0 nCheckedChangeListenerlmplementor.java:30) at android.widget.CompoundButton.setChe cked(CompoundButton.java:225) at android.widget.CompoundButton.toggle(CompoundButton.java:139) at android.widget.RadioButton.toggle(RadioButton.java:82) at android.widget.CompoundButton.perfor mClick(CompoundButton.java:144) at android.view.View.performClickInternalView.java:7724)

Things I tried:

• Uninstalled/Installed KP2A
• Rebooted Phone
• Deleted and added Fingerprint

Things I checked:

• Lock Screen is enabled
• Fingerprint Unlock is on and one FP is stored

I recently performed an os update, which updated Android 11 to 12. But it was working after that for a couple weeks until I disabled / enabled the lock screen.

Many thanks for this great app and kind regards, Norbert.

[SimonsPure]

Made an account just to comment, I've been trying to find anyone with a similar issue. I've been having this issue on any apps that require biometric login, but my home lockscreen works perfectly fine. My banking app for example refuses to let me turn on biometrics now. I've tried contacting Samsung but they've been less than helpful.

[PhilippC]

@nharrer does fingerprint work with apps like KeePassDroid?

[nharrer]

@PhilippC I just installed KeepPassDroid and tried it. Doesn't work there either. There are 4 toast messages in succession:

• Biometric error
• Biometric invalitated
• Biometric error
• Invalid Key problem

I get the feeling that something is screwed up with my phone. Any ideas what could be wrong? My last option would be to completely reset the phone. Maybe that would help? But I would like to avoid that if possible.

[SimonsPure]

@nharrer - I wouldn't do a full reset yet. Due to it being across lots of different phones I'd put it down to being an issue with the latest Google update. A bunch of my biometrics apps don't work now, but some (and the lock screen) still do.

[nharrer]

@PhilippC I cloned the source and debugged it on my device. Adding SetUnlockedDeviceRequired(true) to the builder when generating the key in BiometricModule.cs made it work again. It looks like this:

        private void CreateKey()
        {
            try
            {
                _keystore.Load(null);
                KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(GetAlias(_keyId),
                        KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt)
                    .SetBlockModes(KeyProperties.BlockModeCbc)
                    // Require the user to authenticate with biometry to authorize every use
                    // of the key
                    .SetEncryptionPaddings(KeyProperties.EncryptionPaddingPkcs7)
                    .SetUserAuthenticationRequired(true);

                if ((int)Build.VERSION.SdkInt >= 24)
                    builder.SetInvalidatedByBiometricEnrollment(true);

                if ((int)Build.VERSION.SdkInt >= 28)            // <--- ADDED THIS
                    builder.SetUnlockedDeviceRequired(true);    // <--- ADDED THIS

                _keyGen.Init(
                    builder
                    .Build());
                _keyGen.GenerateKey();
            }

But don't ask me why it works. I found it more or less by trial and error. First I tried using SetUserAuthenticationRequired(false) which also made it work. But then I read that this is insecure. After playing around with the other setters of the builder I came across SetUnlockedDeviceRequired(true), which also made it work again.

As I understand it, a key created with that parameter can only be used for decryption while the device is unlocked. I think this wouldn't hurt anyways. But I didn't test it on other devices.

[avvalex]

Same problem here. After removing lock screen password/pin and restoring it, now i receive the Java error too....

[swagath-naik]

I had similar issues. After formatting the data partition, it fixed my problem.

[xmonika]

Have problems with fingerprint too. Only front fingerprint in display is generating exception

10.07.2022 4:03:40:733 -- InitFingerprintUnlock 10.07.2022 4:03:40:735 -- BiometricHardware available = 0 10.07.2022 4:03:40:735 -- fpModule.IsHardwareAvailable=True 10.07.2022 4:03:40:736 -- BiometricHardware available = 0 10.07.2022 4:03:40:736 -- FP: Create BiometricDecryption 10.07.2022 4:03:40:736 -- FP: Init for Dec 10.07.2022 4:03:40:743 -- KS: end aliases 10.07.2022 4:03:40:745 -- Error initializing Fingerprint Unlock: System.Exception: Failed to init cipher for fingerprint Init: key is null at keepass2android.BiometricDecryption.Init () [0x00080] in <7165a5adb3574afbabf24b0ad4c46188>:0 at keepass2android.QuickUnlock.InitFingerprintUnlock () [0x00161] in <7165a5adb3574afbabf24b0ad4c46188>:0

[nharrer]

So just FYI, even though the modification above worked, I eventually did a factory reset of my phone. Now the official release of keepass2android works again. So whatever the problem was, something on my phone was borked as well. Or at least a combination of something going wrong in my phone combined with keepass2android made the fingerprints stop working.

[twingo999]

Same here on a new Tab. Works fine in Other App

[ben-macaulay]

Just to chime in on this - I'm at a loss as to what 'surgical' things I can wipe as I'm hoping to avoid resetting my phone entirely...

I've eliminated the following:

• The database itself (creating a fresh database presents the same issue)
• Removing and re-installing the application
• Removing fingerprints from my phone
• Removing all stored faces (not that these were recognised by kp2a, but maybe android stores them in an encrypted file with the fingerprints?) and unlock methods (so the phone only needed to swipe). Then synchronising the database and then re-establishing them - same wall of error.
• Wiping the storage of kp2a in android - so both cache and data (probably redundant but...)

I can't think of anything else, so unless I've been a muppet and missed a step, or having the database unlocked through these steps taints the process or something, I'm not sure how I can emulate a factory reset for just kp2a (without losing all my data).

[6XGate]

I was able to get Biometric unlocking to work by first disabling it in the KP2A settings. Closing the KP2A. Opening it again and unlocking, and Biometric Unlock with Quick Unlock. Not sure if that will help. Also not sure if the full unlock is the only thing with this issue.

[xmonika]

There has been an update in the very past and the biometric unlock work flawlessly since that time.

Dne čt 7. 12. 2023 5:41 uživatel Matthew Holder @.***> napsal:

I was able to get Biometric unlocking to work by first disabling it in the KP2A settings. Closing the KP2A. Opening it again and unlocking, and Biometric Unlock with Quick Unlock. Not sure if that will help. Also not sure if the full unlock is the only thing with this issue.

— Reply to this email directly, view it on GitHub https://github.com/PhilippC/keepass2android/issues/1964#issuecomment-1844369765, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA7HYELVO65ZA267PTNLE6LYIFCGFAVCNFSM5SQCKQFKU5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TCOBUGQZTMOJXGY2Q . You are receiving this because you commented.Message ID: @.***>

[hhaensel]

I was able to get Biometric unlocking to work by first disabling it in the KP2A settings. Closing the KP2A. Opening it again and unlocking, and Biometric Unlock with Quick Unlock. Not sure if that will help. Also not sure if the full unlock is the only thing with this issue.

Same here, disabling biometrics in settings > database led to the recognition of a new biometric device. After accepting the biometrics again, everything worked fine again.

I suppose the origin is data migration between devices. The hardware seems to be stored in the settings. Offering the registration of a new sensor or directly linking to the disable button could solve the issue.

[jeriox]

Had the same issue, just tried disabling/enabling again as suggested above and that resolved the issue for me as well.