在Pixel 3上运行的Android API 28提供了对User Presence内部生成的密钥要求Android KeyStore的选项。但是,当使用该密钥创建签名时,我该如何实际测试用户的状态?我在文档中缺少什么吗?
KeyGenParameterSpec.Builder keyGenSpec = new KeyGenParameterSpec.Builder("alias", KeyProperties.PURPOSE_SIGN)
.setDigests(KeyProperties.DIGEST_SHA256)
.setKeySize(256)
.setIsStrongBoxBacked(true)
.setUserPresenceRequired(true);
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
keyPairGenerator.initialize(keyGenSpec.build());
keyPairGenerator.generateKeyPair();
KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
keyStore.load(null, null);
PrivateKey privateKey = (PrivateKey) keyStore.getKey("alias", null);
Signature signature = Signature.getInstance("SHA256withECDSA");
signature.initSign(privateKey);
signature.update("Hello".getBytes(Charset.defaultCharset()));
byte[] sign = signature.sign();
该代码抛出android.security.KeyStoreException: -69,该翻译为PROOF_OF_PRESENCE_REQUIRED。我也尝试过将签名过程包装在BiometricPrompt中,但无济于事。