Add Biometric data encryption and decryption

[tao-software]

This PR adds a compact API for data encryption and decryption using the devices Biometric features. Related to #41.

We've already updated the README, please refer to it for the usage details.

[f-23]

Hi @jayfunk! Could you have a look at this?

[jayfunk]

A few minor changes. I still need to run it through some tests on my devices.

[jayfunk]

Allowing device credentials is a new aspect being added into this library. I would like to either implement that capability or note in the documentation that it is not supported.

[tamlyn]

Is there a technical reason not to allow device credentials fallback here?

[tamlyn]

Ah, I'm guessing it's this:

Calling this method invokes crypto-based authentication, which is incompatible with Class 2 (formerly Weak) biometrics and (prior to Android 11) device credential.

[tao-software]

Yes, the customer who contracted us for the feature needed it paired with strong biometrics, so we didn't bother with a fallback path, esp. since all the design work was done pre Android 11. (And 11 did have a bunch of bugs in it too, iirc. It's been a while.)

I think these days it'd be more reasonable to support them, since the bugs should hopefully be fixed…?

@f-23 Could you look into supporting allowDeviceCredentials here?

[f-23]

I have updated the README to include a note for the unsupported feature.

[mnikolaus]

I have updated the README to include a note for the unsupported feature.

Can you re-request review?

[f-23]

Any update on this?

[jasny]

@jayfunk Could you have another look at this?

[mlev]

Would love to see this merged - what is it that's blocking it?

[tamlyn]

Thanks for sharing this code. It's a very welcome addition to this library.

I've left lots of comments but they're mostly questions and text changes.

One general question I have is: do we need a separate encryption key? Couldn't we use the existing private key to encrypt data? It would simplify the API and avoid confusion between methods like deleteKeys and deleteEncryptionKey.

[tamlyn]

I think it's worth documenting in the Readme that calling createEncryptionKey will delete any existing key, rendering any data encrypted with that key forever undecipherable.

I see that this is also the behaviour of createKeys but that's a little different because you get a public key in return and you are expected to do something with it. Here the key is not returned so it's a bit more magical and I, at least, hadn't thought about it invalidating existing data until I saw this.

[tao-software]

Yes. We only ever used the functionality to guard authentication tokens, so it wasn't really a limitation to us.

For now I'll just document it in the readme, I'm not sure what's the best way to handle this. Should createEncryptionKeys just fail if a key exists, forcing devs to manually wipe existing keys first? Should multiple keys be supported? Both options break symmetry with the signing methods, and the latter adds another layer of complexity.

[tamlyn]

Is there a technical reason not to allow device credentials fallback here?

[tamlyn]

Ah, I'm guessing it's this:

Calling this method invokes crypto-based authentication, which is incompatible with Class 2 (formerly Weak) biometrics and (prior to Android 11) device credential.

[jasny]

One general question I have is: do we need a separate encryption key? Couldn't we use the existing private key to encrypt data? It would simplify the API and avoid confusion between methods like deleteKeys and deleteEncryptionKey.

No, you need to specify the if you want to use the key pair for signatures or encryption. See https://developer.android.com/training/sign-in/biometric-auth#crypto

Even if you could use the same key pair (which you typically can't) for signing and encryption, there's no guarantee that works across systems and versions.

[tao-software]

It's usually a Very Bad Idea to reuse one key for multiple purposes (e.g.), so even if Android or iOS were unsafe enough to allow it, we would not want to support it.

[tao-software]

We'll look into allowDeviceCredentials support to be more consistent with the signing methods, and some input on handling repeated createEncryptionKey calls would be appreciated, but I think we're caught up otherwise?