Physical Devices - At least one fingerprint must be enrolled to create keys requiring user authentication for every use.

codingjeremy commented 5 years ago

Issue by zolbayars Friday Jun 09, 2017 at 08:37 GMT Originally opened as https://github.com/googlesamples/android-FingerprintDialog/issues/47

The app is throwing an IllegalStateException on following physical devices with registered fingerprints:

Samsung S5 - SM-G800H (Android 6.0.1 API 23)
Samsung Note 4 - SM-N9105S (Android 6.0.1 API 23)
Samsung S6 Edge - SM-G925F (Android 6.0.1 API 23)

I tried these without success:

Deleted all fingerprints and re-registered them again. (And setting screen lock with fingerprint)
Updated Android SDK Build-Tools to the latest.
Restarted the devices

What should I do?

Stacktrace:

06-09 16:24:59.682 6873-6873/com.example.android.fingerprintdialog E/AndroidRuntime: FATAL EXCEPTION: main
 Process: com.example.android.fingerprintdialog, PID: 6873
 java.lang.RuntimeException: Unable to start activity ComponentInfo{com.example.android.fingerprintdialog/com.example.android.fingerprintdialog.MainActivity}: java.lang.RuntimeException: java.security.InvalidAlgorithmParameterException: java.lang.IllegalStateException: At least one fingerprint must be enrolled to create keys requiring user authentication for every use
 at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:3319)
 at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3415)
 at android.app.ActivityThread.access$1100(ActivityThread.java:229)
 at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1821)
 at android.os.Handler.dispatchMessage(Handler.java:102)
 at android.os.Looper.loop(Looper.java:148)
 at android.app.ActivityThread.main(ActivityThread.java:7331)
 at java.lang.reflect.Method.invoke(Native Method)
 at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1230)
 at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1120)
 Caused by: java.lang.RuntimeException: java.security.InvalidAlgorithmParameterException: java.lang.IllegalStateException: At least one fingerprint must be enrolled to create keys requiring user authentication for every use
 at com.example.android.fingerprintdialog.MainActivity.createKey(MainActivity.java:269)
 at com.example.android.fingerprintdialog.MainActivity.onCreate(MainActivity.java:152)
 at android.app.Activity.performCreate(Activity.java:6904)
 at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1136)
 at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:3266)
 at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3415) 
 at android.app.ActivityThread.access$1100(ActivityThread.java:229) 
 at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1821) 
 at android.os.Handler.dispatchMessage(Handler.java:102) 
 at android.os.Looper.loop(Looper.java:148) 
 at android.app.ActivityThread.main(ActivityThread.java:7331) 
 at java.lang.reflect.Method.invoke(Native Method) 
 at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1230) 
 at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1120) 
 Caused by: java.security.InvalidAlgorithmParameterException: java.lang.IllegalStateException: At least one fingerprint must be enrolled to create keys requiring user authentication for every use
 at android.security.keystore.AndroidKeyStoreKeyGeneratorSpi.engineInit(AndroidKeyStoreKeyGeneratorSpi.java:238)
 at android.security.keystore.AndroidKeyStoreKeyGeneratorSpi$AES.engineInit(AndroidKeyStoreKeyGeneratorSpi.java:53)
 at javax.crypto.KeyGenerator.init(KeyGenerator.java:189)
 at com.example.android.fingerprintdialog.MainActivity.createKey(MainActivity.java:265)
 at com.example.android.fingerprintdialog.MainActivity.onCreate(MainActivity.java:152) 
 at android.app.Activity.performCreate(Activity.java:6904) 
 at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1136) 
 at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:3266) 
 at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3415) 
 at android.app.ActivityThread.access$1100(ActivityThread.java:229) 
 at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1821) 
 at android.os.Handler.dispatchMessage(Handler.java:102) 
 at android.os.Looper.loop(Looper.java:148) 
 at android.app.ActivityThread.main(ActivityThread.java:7331) 
 at java.lang.reflect.Method.invoke(Native Method) 
 at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1230) 
 at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1120) 
 Caused by: java.lang.IllegalStateException: At least one fingerprint must be enrolled to create keys requiring user authentication for every use
 at android.security.keystore.KeymasterUtils.addUserAuthArgs(KeymasterUtils.java:115)
 at android.security.keystore.AndroidKeyStoreKeyGeneratorSpi.engineInit(AndroidKeyStoreKeyGeneratorSpi.java:234)
 at android.security.keystore.AndroidKeyStoreKeyGeneratorSpi$AES.engineInit(AndroidKeyStoreKeyGeneratorSpi.java:53) 
 at javax.crypto.KeyGenerator.init(KeyGenerator.java:189) 
 at com.example.android.fingerprintdialog.MainActivity.createKey(MainActivity.java:265) 
 at com.example.android.fingerprintdialog.MainActivity.onCreate(MainActivity.java:152) 
 at android.app.Activity.performCreate(Activity.java:6904) 
 at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1136) 
 at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:3266) 
 at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3415) 
 at android.app.ActivityThread.access$1100(ActivityThread.java:229) 
 at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1821) 
 at android.os.Handler.dispatchMessage(Handler.java:102) 
 at android.os.Looper.loop(Looper.java:148) 
 at android.app.ActivityThread.main(ActivityThread.java:7331) 
 at java.lang.reflect.Method.invoke(Native Method) 
 at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1230) 
 at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1120)

codingjeremy commented 5 years ago

Comment by farhancroem Tuesday Jun 13, 2017 at 07:05 GMT

It looks like android default API is not able to handle some Samsung devices.

codingjeremy commented 5 years ago

Comment by Tharkius Thursday May 23, 2019 at 11:39 GMT

Two years later and the problem persists. Crashlytics lists me some occurrences for a Sony Xperia X device. Any suggestions?

codingjeremy commented 5 years ago

Comment by zolbayars Friday May 24, 2019 at 04:18 GMT

@Tharkius The workaround was using the Samsung Pass SDK if the device is Samsung's. Not really sure about Xperia.

codingjeremy commented 5 years ago

Comment by usantos Thursday Jul 04, 2019 at 21:35 GMT

Is not it because you're not trying to create the key when the fingerprint is not available?

isaidamier commented 4 years ago

Hi, we are reserving this site for questions about the sample apps specifically. For more general questions about Biometrics on Android, please use StackOverflow with tag android-biometric.

Also this sample is being deprecated in favor of BiometricLoginKotlin

willlockwood commented 3 years ago

Also this sample is being deprecated in favor of BiometricLoginKotlin

Heads up: this link has changed. You can now find the example at BiometricLoginKotlin

charlesganza commented 1 year ago

To anyone facing this issue, you have to wrap any logic that needs to create/access the keystore on whether or not biometrics authentication is possible on the device. Example:

val hasBiometricsCapability = biometricManager.canAuthenticate(BiometricManager.Authenticators.BIOMETRIC_STRONG) == BiometricManager.BIOMETRIC_SUCCESS

if(hasBiometricsCapability){
    //generate key or access key
}

android / security-samples

Physical Devices - At least one fingerprint must be enrolled to create keys requiring user authentication for every use. #26