How and where my device store fingerprint results and matches with my next attempt to unlock?

  • Replies:0
  • OpenNot stickiedUnanswered
  • Forum posts: 1

Oct 27, 2019, 10:10:31 PM via Website

MAIN QUESTION IS AT BOTTOM

Where my android devices stores scanned fingerprint data and in what format and how it matches with new scanned.

I also know this: :the scan of fingertip is analysed for certain control points and generates a token which is like a password hash.

It generates hash via this:

KeyStore mKeyStore;

String KEY_NAME = UUID.randomUUID().toString();

Cipher mCipher;

mKeyStore = KeyStore.getInstance("AndroidKeyStore");

keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore");



keyGenerator.init(new

KeyGenParameterSpec.Builder(KEY_NAME,

KeyProperties.PURPOSE_ENCRYPT |

KeyProperties.PURPOSE_DECRYPT)

.setBlockModes(KeyProperties.BLOCK_MODE_CBC)

.setUserAuthenticationRequired(true)

.setEncryptionPaddings(

KeyProperties.ENCRYPTION_PADDING_PKCS7)

.build());

keyGenerator.generateKey();



mCipher = Cipher.getInstance(

KeyProperties.KEY_ALGORITHM_AES + "/"

+ KeyProperties.BLOCK_MODE_CBC + "/"

+ KeyProperties.ENCRYPTION_PADDING_PKCS7);



SecretKey key = (SecretKey) mKeyStore.getKey(KEY_NAME, null);

mCipher.init(Cipher.ENCRYPT_MODE, key);

ALSO

KeyStore ks = KeyStore.getInstance("AndroidKeyStore");

ks.load(null);

KeyStore.Entry entry = ks.getEntry(alias, null);

if (!(entry instanceof PrivateKeyEntry)) {

Log.w(TAG, "Not an instance of a PrivateKeyEntry");

return null;

}



Signature s = Signature.getInstance("SHA256withECDSA");

s.initSign(((PrivateKeyEntry) entry).getPrivateKey());

s.update(data);

byte[] signature = s.sign();

boolean valid = s.verify(signature);

Is editing/extracting or using this hash and storing somewhere else and try to match the newly generated hash with this while storing that security key of android(assuming same for all), is it possible OR ANY OTHERWAY ROUND?

Be the first to answer