Design issues of this sample

[mice777]

This sample is somehow incomplete:

• it creates new symetric key at each start, which actually prohibits decryption of SECRET_MESSAGE anytime later
• what's use of the SECRET_MESSAGE in this sample, when it's just encrypted (with problem above), and result is not saved, not used next time, it's just displayed on screen

I think that basic principles of AndroidKeyStore and FingerprintManager are somehow mixed to show that finger scanning works, but result is strange. All I get is "password entered or your finger recognized".

I'd expect that symetric key is created once if it's already not in keystore.
Then possibly encrypt user-entered password with the key, and save it to a file. Next time when fingerprint is used, decrypt saved encrypted password, and use it same way as if user entered it manually.
So user has choice to use fast path with finger, or slower path by typing password.

[mice777]

I think the workflow should be like this:

1. Letting user type password on devices without possibility to use fingerprint sensor:
   

2. If fingerprint sensor is usable, and there is no saved encrypted password, let user to enter password and optionally encrypt it afterwards:
   
   After you have encrypt password, save the encrypted form for future use.

3. If you have saved encrypted password, and fingerprint sensor is usable, let user either type password or use fingerprint to decrypt the saved password.
   

In all cases, the dialog would be there to obtain the password and return it to app, either directly typed or decrypted from saved copy. And you can't create new keys in keystore each time, otherwise your saved encrypted password would be invalidated.

[codingjeremy]

I am closing this issue/PR, as it has been migrated to the new repo linked above in the comments. Thank you!