Android
안드로이드에있는 지문 인식 API
수색…
비고
Android 애플리케이션에 지문 인식 스캐너 추가
Android는 Android 6.0 (Marshmallow) SDK 23에서 지문 API를 지원합니다.
앱에서이 기능을 사용하려면 먼저 매니페스트에 USE_FINGERPRINT 권한을 추가하십시오.
<uses-permission
android:name="android.permission.USE_FINGERPRINT" />
여기에 따라야 할 절차
먼저 사용자가 지문으로 인증하고 KeyGenParameterSpec을 전달한 후에 만 사용할 수있는 KeyGenerator를 사용하여 Android 키 저장소에 대칭 키를 만들어야합니다.
KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_EC, "AndroidKeyStore");
keyPairGenerator.initialize(
new KeyGenParameterSpec.Builder(KEY_NAME,
KeyProperties.PURPOSE_SIGN)
.setDigests(KeyProperties.DIGEST_SHA256)
.setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1"))
.setUserAuthenticationRequired(true)
.build());
keyPairGenerator.generateKeyPair();
KeyGenParameterSpec.Builder.setUserAuthenticationRequired를 true로 설정하면 사용자의 지문으로 인증 된 경우를 포함하여 사용자가 인증 한 후에 만 키 사용을 허용 할 수 있습니다.
KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
keyStore.load(null);
PublicKey publicKey =
keyStore.getCertificate(MainActivity.KEY_NAME).getPublicKey();
KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
keyStore.load(null);
PrivateKey key = (PrivateKey) keyStore.getKey(KEY_NAME, null);
그런 다음 생성 된 대칭 키로 초기화 된 Cipher를 사용하여 FingerprintManager.authenticate를 호출하여 지문 센서에서 지문을 듣기 시작합니다. 또는 인증 자로서 서버 측 확인 된 암호로 다시 폴백 할 수 있습니다.
만들기 및 초기화 FingerprintManger 에서 fingerprintManger.class
getContext().getSystemService(FingerprintManager.class)
FingerprintManger API를 사용하여 인증하고 다음을 사용하여 하위 클래스를 만듭니다.
FingerprintManager.AuthenticationCallback 및 메소드 재정의
onAuthenticationError
onAuthenticationHelp
onAuthenticationSucceeded
onAuthenticationFailed
시작한다
fingerPrint 이벤트 호출을 시작하려면 암호화로 메소드를 인증하십시오.
fingerprintManager
.authenticate(cryptoObject, mCancellationSignal, 0 , this, null);
취소
스캐너 호출 수신을 중지하는 방법
android.os.CancellationSignal;
지문 (또는 암호)이 확인되면 FingerprintManager.AuthenticationCallback # onAuthenticationSucceeded () 콜백이 호출됩니다.
@Override
public void onAuthenticationSucceeded(AuthenticationResult result) {
}
Android Fingerprint API를 사용하여 사용자 비밀번호를 저장하는 방법
이 예시 헬퍼 클래스는 지문 관리자와 상호 작용하고 암호의 암호화 및 암호 해독을 수행합니다. 이 예제에서 암호화에 사용 된 방법은 AES입니다. 이것은 암호화 할 수있는 유일한 방법은 아니며 다른 예가 존재합니다. 이 예에서 데이터는 다음과 같은 방식으로 암호화되고 해독됩니다.
암호화 :
- 사용자는 도우미에게 원하는 암호화되지 않은 암호를 제공합니다.
- 사용자는 지문을 제공해야합니다.
- 인증을 받으면 도우미는
KeyStore에서 키를 가져KeyStoreCipher사용하여 암호를 암호화합니다. - 암호 및 IV 염 (IV는 모든 암호화에 대해 재생성되며 재사용되지 않음)은 공유 환경 설정에 저장되어 나중에 암호 해독 프로세스에서 사용됩니다.
암호 해독 :
- 사용자가 암호 해독 요청.
- 사용자는 지문을 제공해야합니다.
- 도우미는 IV를 사용하여
Cipher를 만들고 사용자가 인증되면 KeyStore는 키 저장소에서 키를KeyStore암호를 해독합니다.
public class FingerPrintAuthHelper {
private static final String FINGER_PRINT_HELPER = "FingerPrintAuthHelper";
private static final String ENCRYPTED_PASS_SHARED_PREF_KEY = "ENCRYPTED_PASS_SHARED_PREF_KEY";
private static final String LAST_USED_IV_SHARED_PREF_KEY = "LAST_USED_IV_SHARED_PREF_KEY";
private static final String MY_APP_ALIAS = "MY_APP_ALIAS";
private KeyguardManager keyguardManager;
private FingerprintManager fingerprintManager;
private final Context context;
private KeyStore keyStore;
private KeyGenerator keyGenerator;
private String lastError;
public interface Callback {
void onSuccess(String savedPass);
void onFailure(String message);
void onHelp(int helpCode, String helpString);
}
public FingerPrintAuthHelper(Context context) {
this.context = context;
}
public String getLastError() {
return lastError;
}
@TargetApi(Build.VERSION_CODES.M)
public boolean init() {
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.M) {
setError("This Android version does not support fingerprint authentication");
return false;
}
keyguardManager = (KeyguardManager) context.getSystemService(KEYGUARD_SERVICE);
fingerprintManager = (FingerprintManager) context.getSystemService(FINGERPRINT_SERVICE);
if (!keyguardManager.isKeyguardSecure()) {
setError("User hasn't enabled Lock Screen");
return false;
}
if (!hasPermission()) {
setError("User hasn't granted permission to use Fingerprint");
return false;
}
if (!fingerprintManager.hasEnrolledFingerprints()) {
setError("User hasn't registered any fingerprints");
return false;
}
if (!initKeyStore()) {
return false;
}
return false;
}
@Nullable
@RequiresApi(api = Build.VERSION_CODES.M)
private Cipher createCipher(int mode) throws NoSuchPaddingException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, InvalidKeyException, InvalidAlgorithmParameterException {
Cipher cipher = Cipher.getInstance(KeyProperties.KEY_ALGORITHM_AES + "/" +
KeyProperties.BLOCK_MODE_CBC + "/" +
KeyProperties.ENCRYPTION_PADDING_PKCS7);
Key key = keyStore.getKey(MY_APP_ALIAS, null);
if (key == null) {
return null;
}
if(mode == Cipher.ENCRYPT_MODE) {
cipher.init(mode, key);
byte[] iv = cipher.getIV();
saveIv(iv);
} else {
byte[] lastIv = getLastIv();
cipher.init(mode, key, new IvParameterSpec(lastIv));
}
return cipher;
}
@NonNull
@RequiresApi(api = Build.VERSION_CODES.M)
private KeyGenParameterSpec createKeyGenParameterSpec() {
return new KeyGenParameterSpec.Builder(MY_APP_ALIAS, KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_CBC)
.setUserAuthenticationRequired(true)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_PKCS7)
.build();
}
@RequiresApi(api = Build.VERSION_CODES.M)
private boolean initKeyStore() {
try {
keyStore = KeyStore.getInstance("AndroidKeyStore");
keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore");
keyStore.load(null);
if (getLastIv() == null) {
KeyGenParameterSpec keyGeneratorSpec = createKeyGenParameterSpec();
keyGenerator.init(keyGeneratorSpec);
keyGenerator.generateKey();
}
} catch (Throwable t) {
setError("Failed init of keyStore & keyGenerator: " + t.getMessage());
return false;
}
return true;
}
@RequiresApi(api = Build.VERSION_CODES.M)
private void authenticate(CancellationSignal cancellationSignal, FingerPrintAuthenticationListener authListener, int mode) {
try {
if (hasPermission()) {
Cipher cipher = createCipher(mode);
FingerprintManager.CryptoObject crypto = new FingerprintManager.CryptoObject(cipher);
fingerprintManager.authenticate(crypto, cancellationSignal, 0, authListener, null);
} else {
authListener.getCallback().onFailure("User hasn't granted permission to use Fingerprint");
}
} catch (Throwable t) {
authListener.getCallback().onFailure("An error occurred: " + t.getMessage());
}
}
private String getSavedEncryptedPassword() {
SharedPreferences sharedPreferences = getSharedPreferences();
if (sharedPreferences != null) {
return sharedPreferences.getString(ENCRYPTED_PASS_SHARED_PREF_KEY, null);
}
return null;
}
private void saveEncryptedPassword(String encryptedPassword) {
SharedPreferences.Editor edit = getSharedPreferences().edit();
edit.putString(ENCRYPTED_PASS_SHARED_PREF_KEY, encryptedPassword);
edit.commit();
}
private byte[] getLastIv() {
SharedPreferences sharedPreferences = getSharedPreferences();
if (sharedPreferences != null) {
String ivString = sharedPreferences.getString(LAST_USED_IV_SHARED_PREF_KEY, null);
if (ivString != null) {
return decodeBytes(ivString);
}
}
return null;
}
private void saveIv(byte[] iv) {
SharedPreferences.Editor edit = getSharedPreferences().edit();
String string = encodeBytes(iv);
edit.putString(LAST_USED_IV_SHARED_PREF_KEY, string);
edit.commit();
}
private SharedPreferences getSharedPreferences() {
return context.getSharedPreferences(FINGER_PRINT_HELPER, 0);
}
@RequiresApi(api = Build.VERSION_CODES.M)
private boolean hasPermission() {
return ActivityCompat.checkSelfPermission(context, Manifest.permission.USE_FINGERPRINT) == PackageManager.PERMISSION_GRANTED;
}
@RequiresApi(api = Build.VERSION_CODES.M)
public void savePassword(@NonNull String password, CancellationSignal cancellationSignal, Callback callback) {
authenticate(cancellationSignal, new FingerPrintEncryptPasswordListener(callback, password), Cipher.ENCRYPT_MODE);
}
@RequiresApi(api = Build.VERSION_CODES.M)
public void getPassword(CancellationSignal cancellationSignal, Callback callback) {
authenticate(cancellationSignal, new FingerPrintDecryptPasswordListener(callback), Cipher.DECRYPT_MODE);
}
@RequiresApi(api = Build.VERSION_CODES.M)
public boolean encryptPassword(Cipher cipher, String password) {
try {
// Encrypt the text
if(password.isEmpty()) {
setError("Password is empty");
return false;
}
if (cipher == null) {
setError("Could not create cipher");
return false;
}
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
CipherOutputStream cipherOutputStream = new CipherOutputStream(outputStream, cipher);
byte[] bytes = password.getBytes(Charset.defaultCharset());
cipherOutputStream.write(bytes);
cipherOutputStream.flush();
cipherOutputStream.close();
saveEncryptedPassword(encodeBytes(outputStream.toByteArray()));
} catch (Throwable t) {
setError("Encryption failed " + t.getMessage());
return false;
}
return true;
}
private byte[] decodeBytes(String s) {
final int len = s.length();
// "111" is not a valid hex encoding.
if( len%2 != 0 )
throw new IllegalArgumentException("hexBinary needs to be even-length: "+s);
byte[] out = new byte[len/2];
for( int i=0; i<len; i+=2 ) {
int h = hexToBin(s.charAt(i ));
int l = hexToBin(s.charAt(i+1));
if( h==-1 || l==-1 )
throw new IllegalArgumentException("contains illegal character for hexBinary: "+s);
out[i/2] = (byte)(h*16+l);
}
return out;
}
private static int hexToBin( char ch ) {
if( '0'<=ch && ch<='9' ) return ch-'0';
if( 'A'<=ch && ch<='F' ) return ch-'A'+10;
if( 'a'<=ch && ch<='f' ) return ch-'a'+10;
return -1;
}
private static final char[] hexCode = "0123456789ABCDEF".toCharArray();
public String encodeBytes(byte[] data) {
StringBuilder r = new StringBuilder(data.length*2);
for ( byte b : data) {
r.append(hexCode[(b >> 4) & 0xF]);
r.append(hexCode[(b & 0xF)]);
}
return r.toString();
}
@NonNull
private String decipher(Cipher cipher) throws IOException, IllegalBlockSizeException, BadPaddingException {
String retVal = null;
String savedEncryptedPassword = getSavedEncryptedPassword();
if (savedEncryptedPassword != null) {
byte[] decodedPassword = decodeBytes(savedEncryptedPassword);
CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(decodedPassword), cipher);
ArrayList<Byte> values = new ArrayList<>();
int nextByte;
while ((nextByte = cipherInputStream.read()) != -1) {
values.add((byte) nextByte);
}
cipherInputStream.close();
byte[] bytes = new byte[values.size()];
for (int i = 0; i < values.size(); i++) {
bytes[i] = values.get(i).byteValue();
}
retVal = new String(bytes, Charset.defaultCharset());
}
return retVal;
}
private void setError(String error) {
lastError = error;
Log.w(FINGER_PRINT_HELPER, lastError);
}
@RequiresApi(Build.VERSION_CODES.M)
protected class FingerPrintAuthenticationListener extends FingerprintManager.AuthenticationCallback {
protected final Callback callback;
public FingerPrintAuthenticationListener(@NonNull Callback callback) {
this.callback = callback;
}
public void onAuthenticationError(int errorCode, CharSequence errString) {
callback.onFailure("Authentication error [" + errorCode + "] " + errString);
}
/**
* Called when a recoverable error has been encountered during authentication. The help
* string is provided to give the user guidance for what went wrong, such as
* "Sensor dirty, please clean it."
* @param helpCode An integer identifying the error message
* @param helpString A human-readable string that can be shown in UI
*/
public void onAuthenticationHelp(int helpCode, CharSequence helpString) {
callback.onHelp(helpCode, helpString.toString());
}
/**
* Called when a fingerprint is recognized.
* @param result An object containing authentication-related data
*/
public void onAuthenticationSucceeded(FingerprintManager.AuthenticationResult result) {
}
/**
* Called when a fingerprint is valid but not recognized.
*/
public void onAuthenticationFailed() {
callback.onFailure("Authentication failed");
}
public @NonNull
Callback getCallback() {
return callback;
}
}
@RequiresApi(api = Build.VERSION_CODES.M)
private class FingerPrintEncryptPasswordListener extends FingerPrintAuthenticationListener {
private final String password;
public FingerPrintEncryptPasswordListener(Callback callback, String password) {
super(callback);
this.password = password;
}
public void onAuthenticationSucceeded(FingerprintManager.AuthenticationResult result) {
Cipher cipher = result.getCryptoObject().getCipher();
try {
if (encryptPassword(cipher, password)) {
callback.onSuccess("Encrypted");
} else {
callback.onFailure("Encryption failed");
}
} catch (Exception e) {
callback.onFailure("Encryption failed " + e.getMessage());
}
}
}
@RequiresApi(Build.VERSION_CODES.M)
protected class FingerPrintDecryptPasswordListener extends FingerPrintAuthenticationListener {
public FingerPrintDecryptPasswordListener(@NonNull Callback callback) {
super(callback);
}
public void onAuthenticationSucceeded(FingerprintManager.AuthenticationResult result) {
Cipher cipher = result.getCryptoObject().getCipher();
try {
String savedPass = decipher(cipher);
if (savedPass != null) {
callback.onSuccess(savedPass);
} else {
callback.onFailure("Failed deciphering");
}
} catch (Exception e) {
callback.onFailure("Deciphering failed " + e.getMessage());
}
}
}
}
이 활동은 사용자가 비밀번호를 저장하고 도우미와 상호 작용하는 방법에 대한 매우 기본적인 예입니다.
public class MainActivity extends AppCompatActivity {
private TextView passwordTextView;
private FingerPrintAuthHelper fingerPrintAuthHelper;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
passwordTextView = (TextView) findViewById(R.id.password);
errorTextView = (TextView) findViewById(R.id.error);
View savePasswordButton = findViewById(R.id.set_password_button);
savePasswordButton.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View v) {
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
fingerPrintAuthHelper.savePassword(passwordTextView.getText().toString(), new CancellationSignal(), getAuthListener(false));
}
}
});
View getPasswordButton = findViewById(R.id.get_password_button);
getPasswordButton.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View v) {
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
fingerPrintAuthHelper.getPassword(new CancellationSignal(), getAuthListener(true));
}
}
});
}
// Start the finger print helper. In case this fails show error to user
private void startFingerPrintAuthHelper() {
fingerPrintAuthHelper = new FingerPrintAuthHelper(this);
if (!fingerPrintAuthHelper.init()) {
errorTextView.setText(fingerPrintAuthHelper.getLastError());
}
}
@NonNull
private FingerPrintAuthHelper.Callback getAuthListener(final boolean isGetPass) {
return new FingerPrintAuthHelper.Callback() {
@Override
public void onSuccess(String result) {
if (isGetPass) {
errorTextView.setText("Success!!! Pass = " + result);
} else {
errorTextView.setText("Encrypted pass = " + result);
}
}
@Override
public void onFailure(String message) {
errorTextView.setText("Failed - " + message);
}
@Override
public void onHelp(int helpCode, String helpString) {
errorTextView.setText("Help needed - " + helpString);
}
};
}
}
Modified text is an extract of the original Stack Overflow Documentation
아래 라이선스 CC BY-SA 3.0
와 제휴하지 않음 Stack Overflow
