codingjeremy
commented
5 years ago 
I think the workflow should be like this:
1) Letting user type password on devices without possibility to use fingerprint sensor:
2) If fingerprint sensor is usable, and there is no saved encrypted password, let user to enter password and optionally encrypt it afterwards:
After you have encrypt password, save the encrypted form for future use.
3) If you have saved encrypted password, and fingerprint sensor is usable, let user either type password or use fingerprint to decrypt the saved password.
In all cases, the dialog would be there to obtain the password and return it to app, either directly typed or decrypted from saved copy. And you can't create new keys in keystore each time, otherwise your saved encrypted password would be invalidated.
nic0lette
This sample is somehow incomplete:
I think that basic principles of AndroidKeyStore and FingerprintManager are somehow mixed to show that finger scanning works, but result is strange. All I get is "password entered or your finger recognized".
I'd expect that symetric key is created once if it's already not in keystore. Then possibly encrypt user-entered password with the key, and save it to a file. Next time when fingerprint is used, decrypt saved encrypted password, and use it same way as if user entered it manually. So user has choice to use fast path with finger, or slower path by typing password.