biometric_storage icon indicating copy to clipboard operation
biometric_storage copied to clipboard
verified publisher icon authpass

Discussion about the actual work of the plugin

Open abdallah-odeh opened this issue 2 years ago • 1 comments

How actually does this plugin work? is the biometric authentication step only to authorize the user to read/write data? or there is something extracted out from the biometric authentication that is used to encrypt the data?

also if the data is stored in keyChain & keyStore, if I created a sample app that uses keyChain & keyStore directly without any biometric, when I try to read from biometric_storage with authenticationRequired: false, shouldn't the value be returned?

I mean if my app has multiple pointers to a keyChain value, the must return the same value right?

abdallah-odeh avatar Jan 24 '23 08:01 abdallah-odeh

Swift part

first, I am not a swift developer! but from your code, I figured out that biometric authentication process is a guard for the data and is not used to encrypt it in the keyChain (the key authenticationRequired: false's purpose is only to know whether to prompt a biometric or not but at the end of the day, the data is stored the same whether it's true or false

when biometric authentication respond with a success, this code will be executed

287    query.merge([
288      //      kSecMatchLimit as String: kSecMatchLimitOne,
289      kSecValueData as String: content.data(using: String.Encoding.utf8) as Any,
290    ])

I also read here that you actually can't get the biometric data in iOS to use it as an encryption key!

Kotlin part

but in android kotlin, I were trying to know what for is this code block built for? and why I can't use the CryptoObject or encrypt the data if I set the authenticationValidityDurationSeconds >= 0?

401        if (cipher == null || options.authenticationValidityDurationSeconds >= 0) {
402            // if authenticationValidityDurationSeconds is not -1 we can't use a CryptoObject
403            logger.debug { "Authenticating without cipher. ${options.authenticationValidityDurationSeconds}" }
404            prompt.authenticate(promptBuilder.build())
405        } else {
406            prompt.authenticate(promptBuilder.build(), BiometricPrompt.CryptoObject(cipher))
407        }

Can anyone explain this to me? what if I want to prompt a biometric every 5 minutes? why is my data stored unencrypted? thank for your efforts in making flutter community more productive!

abdallah-odeh avatar Jan 24 '23 12:01 abdallah-odeh