UserNotAuthenticatedException: User not authenticated

Question

UserNotAuthenticatedException: User not authenticated

repitch opened this issue 8 years ago · 9 comments

Problem appears only on some devices:

Meizu PRO 6
HTC One M9PLUS (M9+)
LeTV Le 1s X500

Location:
MainActivity#initCipher(Cipher cipher, String keyName)
line 165
when calling cipher.init(Cipher.ENCRYPT_MODE, key);
i got android.security.keystore.UserNotAuthenticatedException: User not authenticated

Answer 1 · 2017-02-15T12:40:58.000Z

I am also facing the same issue in HTC One M9PLUS.
@repitch Did you find the solution for the same.

Answer 2 · 2017-05-04T10:50:04.000Z

me too, it seems get into a dead loop.

authenticate needs init, init needs authenticate

BTW, asymmetric key works fine, just the problem of symmetric key

Answer 3 · 2018-04-11T15:54:27.000Z

I have also the problem on asymmetric key :(
If I configure my KeyGenerator like this,

            KeyGenParameterSpec spec = new KeyGenParameterSpec.Builder(alias, KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
                    .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1)
                    .setKeySize(4096)
                    .setUserAuthenticationRequired(true)
                    .setUserAuthenticationValidityDurationSeconds(6 * 10)
                    .build();

Answer 4 · 2018-06-01T17:59:20.000Z

Running into this as well, seems to get stuck in an auth loop occasionally . Anyone able to get around it? This is for generating an asymmetric key

Answer 5 · 2018-07-24T08:33:59.000Z

Same on Huawei ALE-L21. Seems to be related to the duration..? If the setUserAuthenticationValidityDurationSeconds is huge value like 30000, it's ok... Very strange.

Answer 6 · 2018-08-06T11:18:23.000Z

I am also experiencing the same issue.
This problem occurs when setUserAuthenticationValidityDurationSeconds is used.
It seems to happen when the screen unlocked time is older than specified time.

for example.. when I set 5 secs... It failed.....
but try again within 5secs after I unlock the screen... It will pass...

Answer 7 · 2018-11-25T09:58:51.000Z

@KimJinRyul , this is the expected behaviour of the api

Answer 8 · 2019-07-27T18:34:49.000Z

When using setUserAuthenticationValidityDurationSeconds, do NOT pass a CryptoObject to BiometricPrompt.authenticate. Instead, simply attempt the cryptographic operation (including Cipher.init) and catch UserNotAuthenticatedException. When you catch the exception, show the BiometricPrompt and initialize the Cipher in the onAuthenticationSucceeded from scratch.

You only have to pass a CryptoObject to BiometricPrompt.authenticate if you do not use setUserAuthenticationValidityDurationSeconds, because then the user must be authenticated through the prompt for each access.

Answer 9 · 2019-09-06T15:51:19.000Z

I am closing this issue/PR, as it has been migrated to the new repo linked above in the comments. Thank you!