search

android / security-samples

Multiple samples showing the best practices in security APIs on Android.
Apache License 2.0
938 stars 395 forks source link

Role of cryptoObject #25

Closed codingjeremy closed 4 years ago

codingjeremy commented 5 years ago

Issue by yashasvigirdhar Tuesday Jun 06, 2017 at 07:14 GMT Originally opened as https://github.com/googlesamples/android-FingerprintDialog/issues/46

After going through the sample,

I am still curious about what is the use of passing cryptoObject to authenticate api of FingerprintManager.

If we see the code here, it stores the reference to cryptoObject in a field which it uses only at one place : to create the AuthenticationResult when authenticatin succeeds (see here).

Also, apart from this, it uses the cryptoObject's getOpId method to set some sessionId that it passes to authenticate api of IFingerprintService.

What's this OpId? I guess this is the thing that makes all difference, but I've no clue what it is and can't seem to find any documentation :-/

This question has been asked here, here and here but I didn't find a good answer in all the places.

isaidamier commented 4 years ago

You should find the answer in this blog post

and also in BiometricLoginKotlin