Open ttorii20 opened 9 months ago
That is a good idea!!
@ttorii20 please add for Android also a flag to force the storage of the key on the TEE, not doing so would result in not creating the key. This is important for certification processes
@bogdannedelcu Thanks for bringing this up. Just to be sure, are you suggesting we add an IsStrongBoxBacked flag for Android? And if it's about beefing up security, should we roll this into the main stream instead of a fork?
Hi,
Any means to check the plugin did not save the key outside the hardware key store is fine.
Thanks!
În mar., 26 dec. 2023 la 02:55 Takahiro Torii @.***> a scris:
@bogdannedelcu https://github.com/bogdannedelcu Thanks for bringing this up. Just to be sure, are you suggesting we add an IsStrongBoxBacked flag for Android? And if it's about beefing up security, should we roll this into the main stream instead of a fork?
— Reply to this email directly, view it on GitHub https://github.com/mogol/flutter_secure_storage/issues/615#issuecomment-1869172817, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACAJSJDQEGRM67YSXADAQSDYLIN7LAVCNFSM6AAAAAA45VBPACVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNRZGE3TEOBRG4 . You are receiving this because you were mentioned.Message ID: @.***>
I second this and would love to see this sooner than later. Seems like the the current approach is to retrieve a simple true/false from biometrics (using local_auth package?) and using that as the sole trust to access secure storage for the data. I'd like to not just get a true/false but that secure storage cannot literally access the keychain/keystore unless biometric auth has opened it up.
+1 for this.
I am interested in adding a biometric authentication process for storage access authentication on each platform. Specifically, I'd like to introduce an option that requires biometric authentication when accessing the keychain on iOS and the keystore on Android.
Currently, flutter_secure_storage does not have such a feature, and there's no way to set this as an option. I believe adding the ability to set a biometric authentication process as an option would be beneficial.
Differences Across Platforms
The method of requesting biometric authentication from the user varies by platform. On iOS, the keychain handles the responsibility of controlling the biometric authentication dialog. In contrast, the Android keystore does not. Therefore, it's necessary to handle errors and display the biometric authentication dialog when required on Android.
For Android: I'd like to introduce options similar to setUserAuthenticationRequired and setUserAuthenticationValidityDurationSeconds. Here's a snippet to illustrate the desired functionality:
For iOS: I'd like to introduce an option to set SecAccessControlCreateFlags.biometryCurrentSet for the keychain. Here's a snippet to illustrate the desired functionality:
Anticipated Use Case
The primary use case I envision is during user login, where biometric authentication is performed to access the necessary information for authentication.