adding/removing 指纹后密钥永久失效异常

Key permanently invalidated Exception after adding/removing fingerprint

当用户添加新指纹或删除任何现有指纹然后尝试启动应用程序时它会抛出 KeyPermanentlyInvalidatedException

这是我的指纹代码:

 public Boolean auth(FingerprintManager.AuthenticationCallback callback) {
    try {
        KeyStore store = accessKeyStore(DEFAULT_KEYSTORE);
        if (store == null) {
            return null;
        }

        Cipher cipher = accessCipher();
        if (cipher == null) {
            return null;
        }

        store.load(null);
        SecretKey key = (SecretKey) store.getKey(DEFAULT_KEY_NAME, DEFAULT_STORE_PASS.toCharArray());
        cipher.init(Cipher.ENCRYPT_MODE, key);

        FingerprintManager manager = initManager();
        if (manager == null) {
            return null;
        }

        manager.authenticate(
                generateCryptoObject(cipher),
                generateCancellationSignal(),
                0,
                callback,
                null
        );

        return true;
    } catch (Throwable exc) {
        Logger.error(TAG, exc.getLocalizedMessage(), exc);
        return null;
    }
}



private Cipher accessCipher() {
    try {
        return Cipher.getInstance(KeyProperties.KEY_ALGORITHM_AES + "/"
                + KeyProperties.BLOCK_MODE_CBC + "/"
                + KeyProperties.ENCRYPTION_PADDING_PKCS7);
    } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
        // Was not available.
        return null;
    }
}

在 onResume() 中调用了 auth 方法。

整个 FingerPrintUtils class:

`

public class FingerPrintUtils {

    private static final String TAG = FingerPrintUtils.class.getSimpleName();
    private static final String DEFAULT_KEYSTORE = "AndroidKeyStore";
    private static final String DEFAULT_KEY_NAME = "myApplication";
    private static final String DEFAULT_STORE_PASS = "csdgh@jkbvj@";
    private static FingerPrintUtils fingerPrintUtils;

    private Boolean isCancelled;
    private CancellationSignal cancellationSignal;

    @TargetApi(23)
    public static FingerPrintUtils getInstance() {
        if (fingerPrintUtils == null) {
            fingerPrintUtils = new FingerPrintUtils();
        }
        return fingerPrintUtils;
    }

    @TargetApi(23)
    public Boolean isFingerAuthAvailable() {
        Boolean hasHarware = hasHardware();
        if (hasHarware == null || !hasHarware) {
            return false;
        }

        Boolean hasPrint = hasRegisteredPrint();
        if (hasPrint == null || !hasPrint) {
            return false;
        }
        return true;
    }

    @TargetApi(23)
    public Boolean hasHardware() {
        FingerprintManager manager = initManager();
        if (manager == null) {
            return null;
        }

        return manager.isHardwareDetected();
    }

    @TargetApi(23)
    public Boolean hasRegisteredPrint() {
        FingerprintManager manager = initManager();
        if (manager == null) {
            return null;
        }

        return manager.hasEnrolledFingerprints();
    }

    @TargetApi(23)
    public Boolean createKey() {
        try {
            KeyStore store = accessKeyStore(DEFAULT_KEYSTORE);
            if (store == null) {
                return null;
            }

            KeyGenerator generator = accessKeyGen(KeyProperties.KEY_ALGORITHM_AES, DEFAULT_KEYSTORE);
            if (generator == null) {
                return null;
            }

            generator.init(new KeyGenParameterSpec.Builder(
                    DEFAULT_KEY_NAME,
                    KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT
            )
                    .setBlockModes(KeyProperties.BLOCK_MODE_CBC)
                            // Require the user to authenticate with a fingerprint to authorize every use
                            // of the key
                    .setUserAuthenticationRequired(true)
                    .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_PKCS7)
                    .build());
            generator.generateKey();
            return true;
        } catch (Throwable exc) {
            Logger.error(TAG, exc.getLocalizedMessage(), exc);
            return false;
        }
    }

    @TargetApi(23)
    public Boolean keyExist() {
        try {
            KeyStore store = accessKeyStore(DEFAULT_KEYSTORE);
            if (store == null) {
                return null;
            }

            store.load(null);
            SecretKey key = (SecretKey) store.getKey(DEFAULT_KEY_NAME, DEFAULT_STORE_PASS.toCharArray());
            if (key != null) {
                return true;
            }

        } catch (Throwable exc) {
            Logger.error(TAG, exc.getLocalizedMessage(), exc);
            return null;
        }
        return false;
    }

    @TargetApi(23)
    public Boolean auth(FingerprintManager.AuthenticationCallback callback) {
        try {
            KeyStore store = accessKeyStore(DEFAULT_KEYSTORE);
            if (store == null) {
                return null;
            }

            Cipher cipher = accessCipher();
            if (cipher == null) {
                return null;
            }

            store.load(null);
            SecretKey key = (SecretKey) store.getKey(DEFAULT_KEY_NAME, DEFAULT_STORE_PASS.toCharArray());
            cipher.init(Cipher.ENCRYPT_MODE, key);

            FingerprintManager manager = initManager();
            if (manager == null) {
                return null;
            }

            manager.authenticate(
                    generateCryptoObject(cipher),
                    generateCancellationSignal(),
                    0,
                    callback,
                    null
            );

            return true;
        } catch (Throwable exc) {
            Logger.error(TAG, exc.getLocalizedMessage(), exc);
            return null;
        }
    }

    @TargetApi(23)
    public Boolean stop() {
        if (isCancelled != null && !isCancelled) {
            isCancelled = true;
            cancellationSignal.cancel();
            cancellationSignal = null;
            return true;
        }
        return false;
    }

    @TargetApi(23)
    private FingerprintManager initManager() {
        Context context = BasePreferenceHelper.getCurrentContext();
        if (context == null) {
            return null;
        }

        if(Build.VERSION.SDK_INT < Build.VERSION_CODES.M) {
            return null;
        }

        FingerprintManager manager = (FingerprintManager) context.getSystemService(Context.FINGERPRINT_SERVICE);
        if (manager == null) {
            return null;
        }

        return manager;
    }

    @TargetApi(23)
    private Cipher accessCipher() {
        try {
            return Cipher.getInstance(KeyProperties.KEY_ALGORITHM_AES + "/"
                    + KeyProperties.BLOCK_MODE_CBC + "/"
                    + KeyProperties.ENCRYPTION_PADDING_PKCS7);
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
            // Was not available.
            return null;
        }
    }

    @TargetApi(23)
    private KeyStore accessKeyStore(String storeName) {
        try {
            return KeyStore.getInstance(storeName);
        } catch (Throwable exc) {
            // Was not available.
            return null;
        }
    }

    @TargetApi(23)
    private FingerprintManager.CryptoObject generateCryptoObject(Cipher cipher) {
        if (cipher == null) {
            throw new IllegalArgumentException("Cipher is required.");
        }
        return new FingerprintManager.CryptoObject(cipher);
    }

    @TargetApi(23)
    private CancellationSignal generateCancellationSignal() {
        cancellationSignal = new CancellationSignal();
        isCancelled = false;
        return cancellationSignal;
    }

    @TargetApi(23)
    private KeyGenerator accessKeyGen(String algo, String storeName) {
        try {
            return KeyGenerator.getInstance(algo, storeName);
        } catch (Throwable exc) {
            // Was not available.
            return null;
        }
    }
}

`

在您的 FingerPrintUtils#Auth() 方法中,初始化 cipher.init() 时,将其放入 try catch 块中。通过从密钥库中删除密钥来处理 KeyInvalidatedException,然后使用 createKey() 方法再次创建密钥。肯定有用。

同样使用下面的代码。

try
{
    cipher.init(Cipher.ENCRYPT_MODE, key);
}
catch (KeyPermanentlyInvalidatedException e)
{
    store.deleteEntry(DEFAULT_KEY_NAME);
    createKey();
    auth(callback);
    return false;
}