使用指纹的密钥认证
Key authentication using fingerprint
我正在阅读 this 文档;
... Such keys can only be generated or imported if at least one fingerprint is enrolled (see FingerprintManager.hasEnrolledFingerprints). These keys become permanently invalidated once a new fingerprint is enrolled or all fingerprints are unenrolled.
我知道当所有登记的指纹都被取消登记时它们会永久失效,但是当有新的指纹登记时是这样吗?
我在想 Android Keystore 从注册的指纹中抽象出密钥用法(当 "authentication-required" 设置在密钥上时)这意味着我可以访问需要由定义的身份验证的密钥我的应用程序,无论使用哪个注册指纹。
那么,这是否意味着一旦我注册了另一个指纹,我的密钥就不能再使用了?或者我对该声明(粗体)的解释非常错误?
显然是这样。
Because that's what Google chose to do to enhance security. If I get your password or pin (and that's easy with binoculars), I can add my fingerprint to make it easier for me (after I've stolen your phone). And I'd be able to do all sorts of stuff from that point on.
我正在阅读 this 文档;
... Such keys can only be generated or imported if at least one fingerprint is enrolled (see FingerprintManager.hasEnrolledFingerprints). These keys become permanently invalidated once a new fingerprint is enrolled or all fingerprints are unenrolled.
我知道当所有登记的指纹都被取消登记时它们会永久失效,但是当有新的指纹登记时是这样吗?
我在想 Android Keystore 从注册的指纹中抽象出密钥用法(当 "authentication-required" 设置在密钥上时)这意味着我可以访问需要由定义的身份验证的密钥我的应用程序,无论使用哪个注册指纹。
那么,这是否意味着一旦我注册了另一个指纹,我的密钥就不能再使用了?或者我对该声明(粗体)的解释非常错误?
显然是这样。
Because that's what Google chose to do to enhance security. If I get your password or pin (and that's easy with binoculars), I can add my fingerprint to make it easier for me (after I've stolen your phone). And I'd be able to do all sorts of stuff from that point on.