Android Finger Print API Authentication

Android Finger Print API Authentication

6nxx9lz

The Android Fingerprint API protects user privacy by keeping users fingerprint features carefully contained within secure hardware on the device. This guards against malicious actors, ensuring that users can safely use their fingerprint, even in untrusted applications.

Android also provides protection for application developers, providing assurances that a user’s fingerprint has been positively identified before providing access to secure data or resources. This protects against tampered applications, providing cryptographic level security for both offline data and online interactions.

Please do the following steps to create Finger print application.

  1. Creating an asymmetric keypair.

First you need to create an asymmetric key pair as follows:

KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_EC, “AndroidKeyStore”);

keyPairGenerator.initialize(

        new KeyGenParameterSpec.Builder(KEY_NAME,

                KeyProperties.PURPOSE_SIGN)

                .setDigests(KeyProperties.DIGEST_SHA256)

                .setAlgorithmParameterSpec(new ECGenParameterSpec(“secp256r1″))

                .setUserAuthenticationRequired(true)

                .build());

keyPairGenerator.generateKeyPair();

Note that .setUserAuthenticationRequired(true) requires that the user authenticate with a registered fingerprint to authorize every use of the private key.

Then you can retrieve the created private and public keys with as follows:

KeyStore keyStore = KeyStore.getInstance(“AndroidKeyStore”);

keyStore.load(null);

PublicKey publicKey =

        keyStore.getCertificate(MainActivity.KEY_NAME).getPublicKey();

KeyStore keyStore = KeyStore.getInstance(“AndroidKeyStore”);

keyStore.load(null);

PrivateKey key = (PrivateKey) keyStore.getKey(KEY_NAME, null);

  1. Enrolling the public key with your server

Second, you need to transmit the public key to your backend so that in the future the backend can verify that transactions were authorized by the user (i.e. signed by the private key corresponding to this public key). This sample uses the fake backend implementation for reference, so it mimics the transmission of the public key, but in real life you need to transmit the public key over the network.

boolean enroll(String userId, String password, PublicKey publicKey);

  1. Signing transactions with a fingerprint

To allow the user to authenticate the transaction, e.g. to purchase an item, prompt the user to touch the fingerprint sensor.

Signature.getInstance(“SHA256withECDSA”);KeyStore keyStore = KeyStore.getInstance(“AndroidKeyStore”);keyStore.load(null);PrivateKey key = (PrivateKey) keyStore.getKey(KEY_NAME, null);signature.initSign(key);CryptoObject cryptObject = new FingerprintManager.CryptoObject(signature); CancellationSignal cancellationSignal = new CancellationSignal();FingerprintManager fingerprintManager =        context.getSystemService(FingerprintManager.class);fingerprintManager.authenticate(cryptoObject, cancellationSignal, 0, this, null);

Blog Author: Selvakumar A
For Business Development: sathiyan.s@mitosistech.com


Mitosis is a IT services providing company with strong expertise. We are customer focused organization, and take great satisfaction in developing technology solutions that enable our clients to achieve their business goals.

Recommended Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>