search

leonlatsch / Photok

Encrypted Photo Safe for Android
Apache License 2.0
498 stars 49 forks source link

Use fingerprint reader on devices that support it #45

Open xlucn opened 3 years ago

xlucn commented 3 years ago

Will you consider this and can it be done? It is much easier than typing a complicated password.

leonlatsch commented 3 years ago

Soooooo. Big topic.

Will you consider

This was considered from the beginning, thats the reason the app requies Android 7. I would love to implement this, but there are a few things to think about.

can it be done

Thats what could cause problems.

An explaination:

The only place your password is "saved", is a bcrypt hash in the app config. It is used to check if you entered the right password. Your password is also used for encryption. In short terms: The SHA-256 binary hash value is used as the encryption key. This way the password is not stored in the devices keystore. I did this for security reasons.

The problem:

Since you would not enter a password, the app would need to store the binary hash in some way, once you enable fingerprint.

So we need to really think this out and create a concept, to communicate this to the user.

Anyway

This is on my feature list, its just not that easy to implement. Ideas about a concept are welcome 🙂

cm157 commented 3 years ago

on devices that have hardware backed key stores like the titan m chip that provide significantly higher assurance for security would this not be better place to store instead of with app config which sounds much less secure ?

leonlatsch commented 3 years ago

The password is not really saved in the app config. This is just a bcrypt hash, used to check against the entered password.

The encryption key is generated from the password every time.

Anyway, the android keystore would be the place to store the encryption key, if fingerprint auth is enabled.

VioletFalcon commented 3 years ago

I think that one way to go could be:

leonlatsch commented 3 years ago

I don't know about this @VioletFalcon. You should be able to use fingerprint everywhere.

Its just a matter of communicating, what it means to use it. That the app needs to tell use user that his encryption key has to be saved, in order to use this feature. This goes the same for backup codes or so.

xlucn commented 3 years ago

I have a possibly stupid (since I am not familiar with android developing) question:

Anyway, the android keystore would be the place to store the encryption key, if fingerprint auth is enabled.

Isn't this already enough, the encryption key is safe if itself is encrypted with android keystore, right?

cm157 commented 3 years ago

Yes, very safe.

leonlatsch commented 3 years ago

I have a possibly stupid (since I am not familiar with android developing) question:

Anyway, the android keystore would be the place to store the encryption key, if fingerprint auth is enabled.

Isn't this already enough, the encryption key is safe if itself is encrypted with android keystore, right?

Yes, this is the most secure way to implement this feature.

leonlatsch commented 3 years ago

Final Definition

leonlatsch commented 2 years ago

Final Definition

  • Implement fingerprint unlock
  • Store the encryption key in the Android Keystore
  • Communicate to the user, that the key is being stored. And where it is getting stored

Maybe use the Fingerprint hash tonencrypt the key.

Ilithy commented 2 years ago

Hi, Do you have any news about this feature? (It's missing a lot, especially since now most devices have a fingerprint reader).

Thank you very much

leonlatsch commented 2 years ago

@Ilithy Currently, there is no active development on Photok.

But this feature is pretty high on the roadmap.

leonlatsch commented 2 years ago

@Ilithy You can see the priorities for new features in this column of the project board: https://github.com/leonlatsch/Photok/projects/1#column-15814101

Ilithy commented 2 years ago

Thank you for the informations, I did not look well enough my apologies.