Add additional security params for Android P and higher

RedMadRobot · Jul 3, 2020 · f0feabd · f0feabd
1 parent 18f5b25
commit f0feabd
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 3 deletions.
diff --git a/pinkman/library.properties b/pinkman/library.properties
@@ -1,5 +1,5 @@
 lib_name=pinkman
-lib_version=1.0.0
+lib_version=1.0.1
 lib_description=PINkman is a library to help implementing an authentication by a PIN code in a secure manner
 lib_vcs=https://github.com/RedMadRobot/PINkman.git
 lib_issue_tracker=https://github.com/RedMadRobot/PINkman/issues
diff --git a/pinkman/src/main/java/com/redmadrobot/pinkman/Pinkman.kt b/pinkman/src/main/java/com/redmadrobot/pinkman/Pinkman.kt
@@ -1,6 +1,7 @@
 package com.redmadrobot.pinkman
 
 import android.content.Context
+import android.os.Build
 import android.security.keystore.KeyGenParameterSpec
 import android.security.keystore.KeyProperties.*
 import androidx.security.crypto.EncryptedFile
@@ -33,7 +34,12 @@ class Pinkman(
             .setBlockModes(BLOCK_MODE_GCM)
             .setEncryptionPaddings(ENCRYPTION_PADDING_NONE)
             .setKeySize(KEY_SIZE)
-            .build()
+            .apply {
+                if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
+                    setUnlockedDeviceRequired(true)
+                    setIsStrongBoxBacked(true)
+                }
+            }.build()
 
 
     private val encryptedStorage by lazy {
@@ -74,7 +80,7 @@ class Pinkman(
     fun isValidPin(inputPin: String): Boolean {
         require(storageFile.exists()) { "PIN is not set. Please create PIN before validating." }
 
-        val storedKey  = loadKeyFromStorage()
+        val storedKey = loadKeyFromStorage()
 
         val inputKey = Pbkdf2Factory.createKey(
             inputPin.toCharArray(),