diegoestacho999
commented
5 years ago Good morning, someone to help with this question?
Closed diegoestacho999 closed 5 years ago
diegoestacho999
commented
5 years ago Good morning, someone to help with this question?
mjwheatley
commented
5 years ago You must first use the encrypt method to receive the encrypted password token which also initializes the necessary keystore and cipher used by the decrypt method.
For example, you need to prompt the user to enable fingerprint authentication then have them authenticate in which you call the encrypt method and supply a login token (or whatever they need to log in subsequently, you will need to store this value for later comparison) and receive and store the encrypted token with the user's account. Then upon subsequent authentication, you retrieve the encrypted token and call the decrypt method then compare the value to what was initially encrypted.
diegoestacho999
commented
5 years ago Correct, starting from your explanation, where do I call DECRYPT? Do I call him on any button? Should I call it in TS within the same function that executes ENCRYPT, call at the time of the LOGIN?
diegoestacho999
commented
5 years ago Correto, a partir de sua explicação, onde eu chamo DECRYPT? Eu chamo ele em algum botão? Devo chamá-lo no TS dentro da mesma função que executa o ENCRYPT, chamar no momento do LOGIN?
Em ter, 11 de set de 2018 às 11:15, Matthew Wheatley < notifications@github.com> escreveu:
You must first use the encrypt method to receive the encrypted password token which also initializes the necessary keystore and cipher used by the decrypt method. For example, you need to prompt the user to enable fingerprint authentication then have them authenticate in which you call the encrypt method and supply a login token (or whatever they need to log in subsequently, you will need to store this value for later comparison) and receive and store the encrypted token with the user's account. Then upon subsequent authentication, you retrieve the encrypted token and call the decrypt method then compare the value to what was initially encrypted.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/mjwheatley/cordova-plugin-android-fingerprint-auth/issues/123#issuecomment-420289889, or mute the thread https://github.com/notifications/unsubscribe-auth/Agq9gXbxWDGRhGJcgWvZuRWZ7FCDdn8Qks5uZ8WQgaJpZM4WiAx1 .
diegoestacho999
commented
5 years ago Outra coisa que eu não entendo. O DECRYPT não deve abrir uma caixa de diálogo para impressão? Porque aqui não está abrindo ..
Em ter, 11 de set de 2018 às 18:15, Diego Estacho diego.estacho54@gmail.com escreveu:
Correto, a partir de sua explicação, onde eu chamo DECRYPT? Eu chamo ele em algum botão? Devo chamá-lo no TS dentro da mesma função que executa o ENCRYPT, chamar no momento do LOGIN?
Em ter, 11 de set de 2018 às 11:15, Matthew Wheatley < notifications@github.com> escreveu:
You must first use the encrypt method to receive the encrypted password token which also initializes the necessary keystore and cipher used by the decrypt method. For example, you need to prompt the user to enable fingerprint authentication then have them authenticate in which you call the encrypt method and supply a login token (or whatever they need to log in subsequently, you will need to store this value for later comparison) and receive and store the encrypted token with the user's account. Then upon subsequent authentication, you retrieve the encrypted token and call the decrypt method then compare the value to what was initially encrypted.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/mjwheatley/cordova-plugin-android-fingerprint-auth/issues/123#issuecomment-420289889, or mute the thread https://github.com/notifications/unsubscribe-auth/Agq9gXbxWDGRhGJcgWvZuRWZ7FCDdn8Qks5uZ8WQgaJpZM4WiAx1 .
mjwheatley
commented
5 years ago Please refer to the example implementation repository I referenced in the README under the How To Use section.
In my example, after the user has logged in, they can go to the account management page and enable the "Login with fingerprint" option. When this option is toggled on, the client calls the server retrieve a client secret, the secret is hashed and stored with the user profile. The secret is feed to the encrypt method (as the password) and after authentication the encrypted token is saved to the user's profile. When the user logs out, they then have the option to log back in with their fingerprint.
The user must at least provide their email address to check if a token exists for that account for that device. If it exists for that account the token can then be passed to the decrypt method. Once it has been decrypted, the secret is sent to the server to be hashed and compared to the one generated upon enrollment. If it matches, the server generates a login token to send back to the client to use for logging in without the use of the user's actual password.
This is only one implementation of the plugin used for login purposes. Without knowing your app or your implementation I can't really guide you on where to place the method calls. There should be a button to launch the encrypt method and a separate button to call the decrypt method. These can be on the same page or not. You just need a way to store the token and a way to verify the data that was encrypted.
diegoestacho999
commented
5 years ago Agora tudo está mais claro. Veja se consegue me ajudar, se é possível fazer o que eu preciso com esse plugin, acredito que sim .. Meu aplicativo consiste em armazenamento de cartão de ponto digital, aqui no Brasil é a maneira que é usada para registrar as horas que um funcionário trabalha na empresa. Eu preciso do seguinte, cada usuário tem que autenticar apenas pela biometria no aplicativo e enviar junto as informações de data e hora de cada autenticação. Mas se existem 2 funcionários, não se pode autenticar para o outro. Chega a minha necessidade de capturar uma senha para fazer comparativo entre dois usuários, pois cada um deve fazer sua própria autenticação, para evitar fraudes, para evitar que uma delas se autentique na outra. Eu posso até enviar alguns trechos do meu código para você revisar, mas é basicamente o que eu preciso fazer. Estou usando o Ionic3 + Firebase.
Em ter, 11 de set de 2018 às 19:11, Matthew Wheatley < notifications@github.com> escreveu:
Please refer to the example implementation repository I referenced in the README under the How To Use section.
In my example, after the user has logged in, they can go to the account management page and enable the "Login with fingerprint" option. When this option is toggled on, the client calls the server retrieve a client secret, the secret is hashed and stored with the user profile. The secret is feed to the encrypt method (as the password) and after authentication the encrypted token is saved to the user's profile. When the user logs out, they then have the option to log back in with their fingerprint.
The user must at least provide their email address to check if a token exists for that account for that device. If it exists for that account the token can then be passed to the decrypt method. Once it has been decrypted, the secret is sent to the server to be hashed and compared to the one generated upon enrollment. If it matches, the server generates a login token to send back to the client to use for logging in without the use of the user's actual password.
This is only one implementation of the plugin used for login purposes. Without knowing your app or your implementation I can't really guide you on where to place the method calls. There should be a button to launch the encrypt method and a separate button to call the decrypt method. These can be on the same page or not. You just need a way to store the token and a way to verify the data that was encrypted.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/mjwheatley/cordova-plugin-android-fingerprint-auth/issues/123#issuecomment-420443481, or mute the thread https://github.com/notifications/unsubscribe-auth/Agq9gbx-hunC_sekZapR35H7HiqomUTeks5uaDUggaJpZM4WiAx1 .
diegoestacho999
commented
5 years ago Vou consultar o Read.me para também verificar se posso fazer alguma coisa, mas se puder contar com algumas dicas ficaria muito grato.
Em ter, 11 de set de 2018 às 19:48, Diego Estacho diego.estacho54@gmail.com escreveu:
Agora tudo está mais claro. Veja se consegue me ajudar, se é possível fazer o que eu preciso com esse plugin, acredito que sim .. Meu aplicativo consiste em armazenamento de cartão de ponto digital, aqui no Brasil é a maneira que é usada para registrar as horas que um funcionário trabalha na empresa. Eu preciso do seguinte, cada usuário tem que autenticar apenas pela biometria no aplicativo e enviar junto as informações de data e hora de cada autenticação. Mas se existem 2 funcionários, não se pode autenticar para o outro. Chega a minha necessidade de capturar uma senha para fazer comparativo entre dois usuários, pois cada um deve fazer sua própria autenticação, para evitar fraudes, para evitar que uma delas se autentique na outra. Eu posso até enviar alguns trechos do meu código para você revisar, mas é basicamente o que eu preciso fazer. Estou usando o Ionic3 + Firebase.
Em ter, 11 de set de 2018 às 19:11, Matthew Wheatley < notifications@github.com> escreveu:
Please refer to the example implementation repository I referenced in the README under the How To Use section.
In my example, after the user has logged in, they can go to the account management page and enable the "Login with fingerprint" option. When this option is toggled on, the client calls the server retrieve a client secret, the secret is hashed and stored with the user profile. The secret is feed to the encrypt method (as the password) and after authentication the encrypted token is saved to the user's profile. When the user logs out, they then have the option to log back in with their fingerprint.
The user must at least provide their email address to check if a token exists for that account for that device. If it exists for that account the token can then be passed to the decrypt method. Once it has been decrypted, the secret is sent to the server to be hashed and compared to the one generated upon enrollment. If it matches, the server generates a login token to send back to the client to use for logging in without the use of the user's actual password.
This is only one implementation of the plugin used for login purposes. Without knowing your app or your implementation I can't really guide you on where to place the method calls. There should be a button to launch the encrypt method and a separate button to call the decrypt method. These can be on the same page or not. You just need a way to store the token and a way to verify the data that was encrypted.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/mjwheatley/cordova-plugin-android-fingerprint-auth/issues/123#issuecomment-420443481, or mute the thread https://github.com/notifications/unsubscribe-auth/Agq9gbx-hunC_sekZapR35H7HiqomUTeks5uaDUggaJpZM4WiAx1 .
Good afternoon guys, does anyone know how to get the token decrypt in question? I'm following the documentation, but if I call decrypt it does not appear in the fingerprint dialog, so I can not authenticate, nor get the token let alone the password.
I'll leave a snippet of my code for your help, thanks in advance.
My function :
fazerPonto(){ this.androidFingerprintAuth.isAvailable() .then((result)=> { if(result.isAvailable){
}
I'm working with IONIC 3.