gptshubham595
Lurker
MAIN QUESTION IS AT BOTTOM
Where my android devices stores scanned fingerprint data and in what format and how it matches with new scanned.
I also know this: :the scan of fingertip is analysed for certain control points and generates a token which is like a password hash.
It generates hash via this:
KeyStore mKeyStore;
String KEY_NAME = UUID.randomUUID().toString();
Cipher mCipher;
mKeyStore = KeyStore.getInstance("AndroidKeyStore");
keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore");
keyGenerator.init(new
KeyGenParameterSpec.Builder(KEY_NAME,
KeyProperties.PURPOSE_ENCRYPT |
KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_CBC)
.setUserAuthenticationRequired(true)
.setEncryptionPaddings(
KeyProperties.ENCRYPTION_PADDING_PKCS7)
.build());
keyGenerator.generateKey();
mCipher = Cipher.getInstance(
KeyProperties.KEY_ALGORITHM_AES + "/"
+ KeyProperties.BLOCK_MODE_CBC + "/"
+ KeyProperties.ENCRYPTION_PADDING_PKCS7);
SecretKey key = (SecretKey) mKeyStore.getKey(KEY_NAME, null);
mCipher.init(Cipher.ENCRYPT_MODE, key);
ALSO
KeyStore ks = KeyStore.getInstance("AndroidKeyStore");
ks.load(null);
KeyStore.Entry entry = ks.getEntry(alias, null);
if (!(entry instanceof PrivateKeyEntry)) {
Log.w(TAG, "Not an instance of a PrivateKeyEntry");
return null;
}
Signature s = Signature.getInstance("SHA256withECDSA");
s.initSign(((PrivateKeyEntry) entry).getPrivateKey());
s.update(data);
byte[] signature = s.sign();
boolean valid = s.verify(signature);
I have used this [URL]https://github.com/googlesamples/android-FingerprintDialog[/URL] but this only provides matching with previously recorded data.
Is editing/extracting or using this hash and storing somewhere else and try to match the newly generated hash with this while storing that security key of android(assuming same for all), is it possible OR ANY OTHERWAY ROUND?
Where my android devices stores scanned fingerprint data and in what format and how it matches with new scanned.
I also know this: :the scan of fingertip is analysed for certain control points and generates a token which is like a password hash.
It generates hash via this:
KeyStore mKeyStore;
String KEY_NAME = UUID.randomUUID().toString();
Cipher mCipher;
mKeyStore = KeyStore.getInstance("AndroidKeyStore");
keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore");
keyGenerator.init(new
KeyGenParameterSpec.Builder(KEY_NAME,
KeyProperties.PURPOSE_ENCRYPT |
KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_CBC)
.setUserAuthenticationRequired(true)
.setEncryptionPaddings(
KeyProperties.ENCRYPTION_PADDING_PKCS7)
.build());
keyGenerator.generateKey();
mCipher = Cipher.getInstance(
KeyProperties.KEY_ALGORITHM_AES + "/"
+ KeyProperties.BLOCK_MODE_CBC + "/"
+ KeyProperties.ENCRYPTION_PADDING_PKCS7);
SecretKey key = (SecretKey) mKeyStore.getKey(KEY_NAME, null);
mCipher.init(Cipher.ENCRYPT_MODE, key);
ALSO
KeyStore ks = KeyStore.getInstance("AndroidKeyStore");
ks.load(null);
KeyStore.Entry entry = ks.getEntry(alias, null);
if (!(entry instanceof PrivateKeyEntry)) {
Log.w(TAG, "Not an instance of a PrivateKeyEntry");
return null;
}
Signature s = Signature.getInstance("SHA256withECDSA");
s.initSign(((PrivateKeyEntry) entry).getPrivateKey());
s.update(data);
byte[] signature = s.sign();
boolean valid = s.verify(signature);
I have used this [URL]https://github.com/googlesamples/android-FingerprintDialog[/URL] but this only provides matching with previously recorded data.
Is editing/extracting or using this hash and storing somewhere else and try to match the newly generated hash with this while storing that security key of android(assuming same for all), is it possible OR ANY OTHERWAY ROUND?
