Closed boredom2 closed 7 years ago
I will have to double check, but if I remember correctly the plugin returns an encrypted token upon successful fingerprint authentication that is generated using the clientSecret parameter provided with the method call. The encrypted token should be the same every time (that is what I need to verify, that the same Cipher instance is used).
Hi there,
thanks for your detailed answer. I do completely agree - if I would get always the same signed Hash back from Login with Fingerprint, this would be clear. But currently, the Method always returns different base64_encoded Values, so there is not much I could do with it - at least not for that purpose...
I am having the same issue the method always returns a different base64_encoded value for the same fingerprint. Any help @mjwheatley?
This plugin was not designed to be a Login replacement. It can not differentiate between user fingerprints. It only reports if the user authenticated against a fingerprint enrolled on the device. Currently, the plugin will always return a different base64_encoded value.
I was never sure what the purpose of the returned encrypted token was for. This plugin was based off this sample project: https://developer.android.com/samples/FingerprintDialog/src/com.example.android.fingerprintdialog/MainActivity.html
I would have to do some research on how to use the clientId, clientSecret, Keystore, SecretKey, and Cipher all together to try and return a unique token consistently.
https://developer.android.com/reference/javax/crypto/Cipher.html
Currently the Cipher is being initialized every time so that may be what is encrypting the clientSecret differently every time.
There might be something with Cipher.ENCRYPT_MODE and Cipher.DECRYPT_MODE You could have an enroll flow where you would provide a username:password and upon successful authentication the plugin could return an encrypted token representing the username and password. Then for login, you could pass the same token back to the plugin. After successful authentication the plugin would decrypt the token and return the username:password.
It would take some trial and error and I don't know how much time I can spare to work on it. If anyone feels up to the task I would appreciate the help.
Feature added to version 1.1.0
Hello,
I admit, I dont have a deep knowledge about Encryption Techniques, but I would like to ask the following:
Thanks! Christoph