Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Discussion about the actual work of the plugin #95

Open
abdallah-odeh opened this issue Jan 24, 2023 · 1 comment
Open

Discussion about the actual work of the plugin #95

abdallah-odeh opened this issue Jan 24, 2023 · 1 comment

Comments

@abdallah-odeh
Copy link

How actually does this plugin work?
is the biometric authentication step only to authorize the user to read/write data?
or there is something extracted out from the biometric authentication that is used to encrypt the data?

also if the data is stored in keyChain & keyStore,
if I created a sample app that uses keyChain & keyStore directly without any biometric,
when I try to read from biometric_storage with authenticationRequired: false, shouldn't the value be returned?

I mean if my app has multiple pointers to a keyChain value, the must return the same value right?
@abdallah-odeh
Copy link
Author

abdallah-odeh commented Jan 24, 2023
edited
Loading

Swift part

first, I am not a swift developer!
but from your code, I figured out that biometric authentication process is a guard for the data and is not used to encrypt it in the keyChain (the key authenticationRequired: false's purpose is only to know whether to prompt a biometric or not but at the end of the day, the data is stored the same whether it's true or false

when biometric authentication respond with a success,
this code will be executed

287    query.merge([
288      //      kSecMatchLimit as String: kSecMatchLimitOne,
289      kSecValueData as String: content.data(using: String.Encoding.utf8) as Any,
290    ])

I also read here that you actually can't get the biometric data in iOS to use it as an encryption key!

Kotlin part

but in android kotlin, I were trying to know what for is this code block built for? and why I can't use the CryptoObject or encrypt the data if I set the authenticationValidityDurationSeconds >= 0?

401        if (cipher == null || options.authenticationValidityDurationSeconds >= 0) {
402            // if authenticationValidityDurationSeconds is not -1 we can't use a CryptoObject
403            logger.debug { "Authenticating without cipher. ${options.authenticationValidityDurationSeconds}" }
404            prompt.authenticate(promptBuilder.build())
405        } else {
406            prompt.authenticate(promptBuilder.build(), BiometricPrompt.CryptoObject(cipher))
407        }

Can anyone explain this to me? what if I want to prompt a biometric every 5 minutes? why is my data stored unencrypted?
thank for your efforts in making flutter community more productive!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@abdallah-odeh