Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Keystore key generation failed #101

Open
RRGT19 opened this issue Aug 1, 2023 · 4 comments
Open

Keystore key generation failed #101

RRGT19 opened this issue Aug 1, 2023 · 4 comments

Comments

@RRGT19
Copy link

RRGT19 commented Aug 1, 2023

Description:

Using Firebase Crashlytics I have a lot of errors about Keystore key generation failed.

Library version:

"capacitor-native-biometric": "^4.2.2"

Platforms:

  • Android 12
  • Android 13

Devices:

  • Redmi 10 2022
  • Galaxy A02s
  • Galaxy A03 Core
  • Galaxy A11
  • Galaxy A13
  • Galaxy A51
  • Galaxy A22
  • Galaxy S21 Ultra 5G
  • Galaxy Z Flip5
  • LG V60 ThinQ
  • etc...

Exception:

Fatal Exception: java.lang.RuntimeException: java.lang.reflect.InvocationTargetException
       at com.getcapacitor.Bridge.lambda$callPluginMethod$0(Bridge.java:783)
       at com.getcapacitor.Bridge.$r8$lambda$ehFTi5f4HhVNFKTbCKAYDkpQYRA()
       at com.getcapacitor.Bridge$$ExternalSyntheticLambda3.run(:8)
       at android.os.Handler.handleCallback(Handler.java:938)
       at android.os.Handler.dispatchMessage(Handler.java:99)
       at android.os.Looper.loopOnce(Looper.java:211)
       at android.os.Looper.loop(Looper.java:300)
       at android.os.HandlerThread.run(HandlerThread.java:67)


Caused by java.security.ProviderException: Keystore key generation failed
       at android.security.keystore2.AndroidKeyStoreKeyGeneratorSpi.engineGenerateKey(AndroidKeyStoreKeyGeneratorSpi.java:413)
       at javax.crypto.KeyGenerator.generateKey(KeyGenerator.java:612)
       at com.epicshaggy.biometric.NativeBiometric.generateKey(NativeBiometric.java:313)
       at com.epicshaggy.biometric.NativeBiometric.generateKey(NativeBiometric.java:295)
       at com.epicshaggy.biometric.NativeBiometric.getKey(NativeBiometric.java:324)
       at com.epicshaggy.biometric.NativeBiometric.encryptString(NativeBiometric.java:265)
       at com.epicshaggy.biometric.NativeBiometric.setCredentials(NativeBiometric.java:178)
       at java.lang.reflect.Method.invoke(Method.java)
       at com.getcapacitor.PluginHandle.invoke(PluginHandle.java:138)
       at com.getcapacitor.Bridge.lambda$callPluginMethod$0(Bridge.java:774)
       at com.getcapacitor.Bridge.$r8$lambda$ehFTi5f4HhVNFKTbCKAYDkpQYRA()
       at com.getcapacitor.Bridge$$ExternalSyntheticLambda3.run(:8)
       at android.os.Handler.handleCallback(Handler.java:938)
       at android.os.Handler.dispatchMessage(Handler.java:99)
       at android.os.Looper.loopOnce(Looper.java:211)
       at android.os.Looper.loop(Looper.java:300)
       at android.os.HandlerThread.run(HandlerThread.java:67)


Caused by android.security.KeyStoreException: System error
       at android.security.KeyStore2.getKeyStoreException(KeyStore2.java:334)
       at android.security.KeyStoreSecurityLevel.handleExceptions(KeyStoreSecurityLevel.java:57)
       at android.security.KeyStoreSecurityLevel.generateKey(KeyStoreSecurityLevel.java:145)
       at android.security.keystore2.AndroidKeyStoreKeyGeneratorSpi.engineGenerateKey(AndroidKeyStoreKeyGeneratorSpi.java:400)
       at javax.crypto.KeyGenerator.generateKey(KeyGenerator.java:612)
       at com.epicshaggy.biometric.NativeBiometric.generateKey(NativeBiometric.java:313)
       at com.epicshaggy.biometric.NativeBiometric.generateKey(NativeBiometric.java:295)
       at com.epicshaggy.biometric.NativeBiometric.getKey(NativeBiometric.java:324)
       at com.epicshaggy.biometric.NativeBiometric.encryptString(NativeBiometric.java:265)
       at com.epicshaggy.biometric.NativeBiometric.setCredentials(NativeBiometric.java:178)
       at java.lang.reflect.Method.invoke(Method.java)
       at com.getcapacitor.PluginHandle.invoke(PluginHandle.java:138)
       at com.getcapacitor.Bridge.lambda$callPluginMethod$0(Bridge.java:774)
       at com.getcapacitor.Bridge.$r8$lambda$ehFTi5f4HhVNFKTbCKAYDkpQYRA()
       at com.getcapacitor.Bridge$$ExternalSyntheticLambda3.run(:8)
       at android.os.Handler.handleCallback(Handler.java:938)
       at android.os.Handler.dispatchMessage(Handler.java:99)
       at android.os.Looper.loopOnce(Looper.java:211)
       at android.os.Looper.loop(Looper.java:300)
       at android.os.HandlerThread.run(HandlerThread.java:67)

Code:

const KEYSTORE_ALIAS = 'my-app-name';

setCredentials(credentials: Credentials): void {
      const {username, password} = credentials;
      this.deleteCredentials()
        .then(() => NativeBiometric.setCredentials({username, password, server: KEYSTORE_ALIAS}));
}

private deleteCredentials(): Promise<void> {
    return NativeBiometric.deleteCredentials({server: KEYSTORE_ALIAS});
}

Conclusion:

Any advice or a fix would be appreciated.
@RRGT19
Copy link
Author

RRGT19 commented Aug 8, 2023
edited
Loading

After some debugging turns out that this exception is cause when the device has not configured any biometrics. We forgot to also check if it's enabled before trying to save the credentials.

Still, I understand that the generateKey method should return an error that can be trapped inside the catch instead of crashing the app.

@wk-mihai
Copy link

wk-mihai commented Sep 1, 2023

I have a similar problem on my Google Pixel 7, using Capacitor v5. I noticed that if I unlock the phone using face unlock, I can't use my fingerprint to log into the app. When I unlock the phone using my fingerprint or pin, the app authentication works fine.

It was fine in previous Capacitor version (v4)

Any solutions?

Thanks!

@kito99
Copy link

kito99 commented Sep 18, 2023

We're running into the same problem. Here's another stack trace we're seeing on some devices:

09-18 20:46:07.940 E/AndroidRuntime(24230): FATAL EXCEPTION: CapacitorPlugins
09-18 20:46:07.940 E/AndroidRuntime(24230): Process: com.germania.mobile.app, PID: 24230
09-18 20:46:07.940 E/AndroidRuntime(24230): java.lang.RuntimeException: java.lang.reflect.InvocationTargetException
09-18 20:46:07.940 E/AndroidRuntime(24230):  at com.getcapacitor.Bridge.lambda$callPluginMethod$0$com-getcapacitor-Bridge(Bridge.java:770)
09-18 20:46:07.940 E/AndroidRuntime(24230):  at com.getcapacitor.Bridge$$ExternalSyntheticLambda5.run(Unknown Source:8)
09-18 20:46:07.940 E/AndroidRuntime(24230):  at android.os.Handler.handleCallback(Handler.java:942)
09-18 20:46:07.940 E/AndroidRuntime(24230):  at android.os.Handler.dispatchMessage(Handler.java:99)
09-18 20:46:07.940 E/AndroidRuntime(24230):  at android.os.Looper.loopOnce(Looper.java:240)
09-18 20:46:07.940 E/AndroidRuntime(24230):  at android.os.Looper.loop(Looper.java:351)
09-18 20:46:07.940 E/AndroidRuntime(24230):  at android.os.HandlerThread.run(HandlerThread.java:67)
09-18 20:46:07.940 E/AndroidRuntime(24230): Caused by: java.lang.reflect.InvocationTargetException
09-18 20:46:07.940 E/AndroidRuntime(24230):  at java.lang.reflect.Method.invoke(Native Method)
09-18 20:46:07.940 E/AndroidRuntime(24230):  at com.getcapacitor.PluginHandle.invoke(PluginHandle.java:138)
09-18 20:46:07.940 E/AndroidRuntime(24230):  at com.getcapacitor.Bridge.lambda$callPluginMethod$0$com-getcapacitor-Bridge(Bridge.java:761)
09-18 20:46:07.940 E/AndroidRuntime(24230):  ... 6 more
09-18 20:46:07.940 E/AndroidRuntime(24230): Caused by: java.security.ProviderException: Keystore key generation failed
09-18 20:46:07.940 E/AndroidRuntime(24230):  at android.security.keystore2.AndroidKeyStoreKeyGeneratorSpi.engineGenerateKey(AndroidKeyStoreKeyGeneratorSpi.java:413)
09-18 20:46:07.940 E/AndroidRuntime(24230):  at javax.crypto.KeyGenerator.generateKey(KeyGenerator.java:612)
09-18 20:46:07.940 E/AndroidRuntime(24230):  at com.epicshaggy.biometric.NativeBiometric.generateKey(NativeBiometric.java:313)
09-18 20:46:07.940 E/AndroidRuntime(24230):  at com.epicshaggy.biometric.NativeBiometric.generateKey(NativeBiometric.java:295)
09-18 20:46:07.940 E/AndroidRuntime(24230):  at com.epicshaggy.biometric.NativeBiometric.getKey(NativeBiometric.java:324)
09-18 20:46:07.940 E/AndroidRuntime(24230):  at com.epicshaggy.biometric.NativeBiometric.encryptString(NativeBiometric.java:265)
09-18 20:46:07.940 E/AndroidRuntime(24230):  at com.epicshaggy.biometric.NativeBiometric.setCredentials(NativeBiometric.java:178)
09-18 20:46:07.940 E/AndroidRuntime(24230):  ... 9 more
09-18 20:46:07.940 E/AndroidRuntime(24230): Caused by: android.security.KeyStoreException: System error (internal Keystore code: 4 message: In generate_key.
09-18 20:46:07.940 E/AndroidRuntime(24230): 
09-18 20:46:07.940 E/AndroidRuntime(24230): Caused by:
09-18 20:46:07.940 E/AndroidRuntime(24230):     0: In store_new_key.
09-18 20:46:07.940 E/AndroidRuntime(24230):     1: In store_new_key. Failed to handle super encryption.
09-18 20:46:07.940 E/AndroidRuntime(24230):     2: In handle_super_encryption_on_key_init: User ECDH key missing.
09-18 20:46:07.940 E/AndroidRuntime(24230):     3: Error::Rc(ResponseCode(4))) (public error code: 4 internal Keystore code: 4)
09-18 20:46:07.940 E/AndroidRuntime(24230):  at android.security.KeyStore2.getKeyStoreException(KeyStore2.java:336)
09-18 20:46:07.940 E/AndroidRuntime(24230):  at android.security.KeyStoreSecurityLevel.handleExceptions(KeyStoreSecurityLevel.java:57)
09-18 20:46:07.940 E/AndroidRuntime(24230):  at android.security.KeyStoreSecurityLevel.generateKey(KeyStoreSecurityLevel.java:145)
09-18 20:46:07.940 E/AndroidRuntime(24230):  at android.security.keystore2.AndroidKeyStoreKeyGeneratorSpi.engineGenerateKey(AndroidKeyStoreKeyGeneratorSpi.java:400)
09-18 20:46:07.940 E/AndroidRuntime(24230):  ... 15 more

Further testing on many other devices reveals the following facts:

  • Android 12 and 13 on real devices: crashes
  • Android 12 and 13 on simulator: does not crash
  • Android 14 beta: does not crash

@kito99
Copy link

kito99 commented Sep 20, 2023

I ended up refactoring the Android support to use EncryptedSharedPreferences. That seems to resolve the issue. See #103.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kito99 @RRGT19 @wk-mihai