Android Fingerprint Authentication and android Fingerprint Authentication
Android Fingerprint Authentication uses the smart phone touch sensor to authenticate the user's identity. Android candy mallow provides an API that makes it easy for users to use touch sensors. The method for accessing the touch sensor before Android reached Mallow is not standard.
For more information, see http://wuyudong.com/2016/12/15/3146.html.
Android Fingerprint Authentication has the following advantages:
1. faster and easier to use
2. Security: fingerprint can identify your unique identity
3. online transactions are easier
Before using android fingerprint recognition, you must follow some steps that may seem complicated, but this article will teach you how to implement it step by step.
The result is shown as follows:
Start Android Fingerprint Authentication
As mentioned above, the fingerprint authentication process involves the following steps:
- Verify whether the lock screen is secure, or in other words, it is protected by a password or mode.
- Make sure you have a fingerprint registered on your smartphone.
- Access Android keystore to store keys that encrypt/decrypt objects
- Generate an encryption key and password
- Start the authentication process
- Implements a callback class to handle identity authentication events
That's all. Next we will implement the above steps!
At the beginning, you must first enable the touch sensor and Identity Authentication permissions, and add the following in the Manifest. xml file:
<uses-permission android:name="android.permission.USE_FINGERPRINT" />
Now it is time to create the main activity class to process all the authentication steps.
Verify Android security lock screen
The first step is to check whether the lock screen is secure. You can use KeyguardManager and FingerprintManager to solve this problem. We can get their instances by using the getSystemService class:
// Keyguard ManagerKeyguardManager keyguardManager = (KeyguardManager) getSystemService(KEYGUARD_SERVICE);// Fingerprint ManagerfingerprintManager = (FingerprintManager) getSystemService(FINGERPRINT_SERVICE);
Now, our certification application can check whether all security judgments are met:
private boolean checkFinger() { // Keyguard Manager KeyguardManager keyguardManager = (KeyguardManager) getSystemService(KEYGUARD_SERVICE); // Fingerprint Manager fingerprintManager = (FingerprintManager) getSystemService(FINGERPRINT_SERVICE); try { // Check if the fingerprint sensor is present if (!fingerprintManager.isHardwareDetected()) { // Update the UI with a message message.setText("Fingerprint authentication not supported"); return false; } if (!fingerprintManager.hasEnrolledFingerprints()) { message.setText("No fingerprint configured."); return false; } if (!keyguardManager.isKeyguardSecure()) { message.setText("Secure lock screen not enabled"); return false; } } catch(SecurityException se) { se.printStackTrace(); } return true;}
Note that the application verifies that at least one fingerprint has been registered. Otherwise, the authentication process will not start. The following figure shows an error message if no fingerprint is found.
If everything is ready and the judgment conditions are met, authenticate the application to generate a key and access the Android store.
Access Android keystore and generate a key
The next step is to access the Android keystore and generate a key to encrypt the data. The application is completed separately in a method called generateKey.
// Get the reference to the key storekeyStore = KeyStore.getInstance("AndroidKeyStore");
Then you must obtain the reference of the key generator:
// Key generator to generate the keykeyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore");
Finally, we must initialize the key generator:
keyGenerator.init( new KeyGenParameterSpec.Builder(KEY_NAME, KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT) .setBlockModes(KeyProperties.BLOCK_MODE_CBC) .setUserAuthenticationRequired(true) .setEncryptionPaddings( KeyProperties.ENCRYPTION_PADDING_PKCS7) .build()); keyGenerator.generateKey();
Note that the key must be used for encryption, decryption, and authentication. Finally, the application generates the key (the last line ).
The complete method of the above Code is as follows:
private void generateKey() throws FingerprintException { try { // Get the reference to the key store keyStore = KeyStore.getInstance("AndroidKeyStore"); // Key generator to generate the key keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore"); keyStore.load(null); keyGenerator.init( new KeyGenParameterSpec.Builder(KEY_NAME, KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT) .setBlockModes(KeyProperties.BLOCK_MODE_CBC) .setUserAuthenticationRequired(true) .setEncryptionPaddings( KeyProperties.ENCRYPTION_PADDING_PKCS7) .build()); keyGenerator.generateKey(); } catch(KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | InvalidAlgorithmParameterException | CertificateException | IOException exc) { exc.printStackTrace(); throw new FingerprintException(exc); }}
Create an Android Cipher
Once the key is ready, the last step is to use the previously generated key to create an Android Cipher. The code is simple:
private Cipher generateCipher() throws FingerprintException { try { Cipher cipher = Cipher.getInstance(KeyProperties.KEY_ALGORITHM_AES + "/" + KeyProperties.BLOCK_MODE_CBC + "/" + KeyProperties.ENCRYPTION_PADDING_PKCS7); SecretKey key = (SecretKey) keyStore.getKey(KEY_NAME, null); cipher.init(Cipher.ENCRYPT_MODE, key); return cipher; } catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | UnrecoverableKeyException | KeyStoreException exc) { exc.printStackTrace(); throw new FingerprintException(exc); }}
Build an Android Fingerprint Authentication app
It is time to combine the previous methods to create an Android fingerprint recognition app. This app is very simple and has only oneMainClass
Call the method shown above to start authentication.
@Overrideprotected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.activity_main); message = (TextView) findViewById(R.id.fingerStatus); Button btn = (Button) findViewById(R.id.authBtn); final FingerprintHandler fph = new FingerprintHandler(message); if (!checkFinger()) { btn.setEnabled(false); } else { // We are ready to set up the cipher and the key try { generateKey(); Cipher cipher = generateCipher(); cryptoObject = new FingerprintManager.CryptoObject(cipher); } catch(FingerprintException fpe) { // Handle exception btn.setEnabled(false); } } btn.setOnClickListener(new View.OnClickListener() { @Override public void onClick(View view) { message.setText("Swipe your finger"); fph.doAuth(fingerprintManager, cryptoObject); } });}
Note: first, the Android app createsCryptoObject
Object To process the authentication process. Then, a button is added to the app. When the user clicks it, the authentication process starts. When the initialization conditions are not met, the button is hidden. The most important thing to note is the new class call.FingerprintHandler
. This class is a callback class that receives authentication processing events. In addition, this class starts the doauth method of the authentication process.
Android Fingerprint Authentication callback
The last step is to create a callback class so that we can receive event messages and know when the authentication is successful or except for some problems. This class inherits from FingerprintManager. AuthenticationCallback.
public class FingerprintHandler extends FingerprintManager.AuthenticationCallback { private TextView tv; public FingerprintHandler(TextView tv) { this.tv = tv; } @Override public void onAuthenticationError(int errorCode, CharSequence errString) { super.onAuthenticationError(errorCode, errString); tv.setText("Auth error"); } @Override public void onAuthenticationHelp(int helpCode, CharSequence helpString) { super.onAuthenticationHelp(helpCode, helpString); } @Override public void onAuthenticationSucceeded(FingerprintManager.AuthenticationResult result) { super.onAuthenticationSucceeded(result); tv.setText("auth ok"); tv.setTextColor(tv.getContext().getResources(). getColor(android.R.color.holo_green_light)); } @Override public void onAuthenticationFailed() { super.onAuthenticationFailed(); } public void doAuth(FingerprintManager manager, FingerprintManager.CryptoObject obj) { CancellationSignal signal = new CancellationSignal(); try { manager.authenticate(obj, signal, 0, this, null); } catch(SecurityException sce) {} }}
There are some important methods to note. First, doAuth enables authentication. This method contains the CryptoObject object, a cancellation signal and a callback listener. The following figure shows the app response:
In this case, the user completes the authentication using the android Fingerprint Authentication.
How can I test this app on a simulator?
To test this app, if it is possible to use a real machine with sensors, but you can also test the app on the simulator, before using the app, you must configure igure the fingerprint accessing to the Security menu. when the system requires your fingerprint, you must use the adb command to simulate fingerprint contact:
adb -e emu finger touch id(like 1,2, ecc.)
Finally, when your fingerprint is fixed, you will receive the following prompt:
Finally, I hope you have mastered the fingerprint recognition api of android and know how to develop a fingerprint recognition app. enjoy