How to associate the user fingerprint with the login information

Question

I'm trying to understand how to implement bio-metric authentication on an app, specifically using a fingerprint.

From what I understood so far the API only provides 3 different information: auth failed, auth success and no fingerprint registered in device.

I am not trying to get any information from the user's bio-metric data, but I cannot find anywhere explained how to relate a user's bio-metric information with his login.

So far I can only think of a way that I could make this work and that would be to require a first time registration before being able to use fingerprint in future logins in which the following takes place:

• User enters login data in a form (name and password, for example)
• Using the fingerprint success response that information is stored locally after verifying if the login data is correct on the server side

Problem with this is that the user's credentials are vulnerable now since it is stored locally and although I could use my own encryption process I fear it would not be more secure because I'd still need to store the encryption algorithm locally with the app in order to encrypt/decrypt that information.

How can I associate the user's bio-metric data / auth success with his login credentials?

Answer 1

I think you are on the right track. All you would need to do, on the initial prompt to enter login credentials, would be to save those credentials in the Android KeyStore (not KeyChain). The KeyStore has encryption options for encrypting the data, so, you don't have to code for that. Then, in the future, if the user's biometrics authenticate, retrieve the KeyStore, decrypt it and go.