Feature Request:

I would like to have the cipher integration with biometrics to be a little more simple. https://developer.android.com/training/sign-in/biometric-auth#crypto

We had to generate 2 ciphers manually. One is the decryption cipher for login. Then there is the encryption cipher for when you want to enable biometrics. It would be great if the biometric or security SDK generated those ciphers. Would be great also if we could use the MasterKey keystore like you can use with EncryptedSharedPreferences: https://developer.android.com/reference/androidx/security/crypto/EncryptedSharedPreferences

I could imagine more things you can do as well. Basically make the integration like demoed in this example as simple and user error proof as possible: https://github.com/googlecodelabs/biometric-login/blob/codelab/codelab-02/app/src/main/java/com/example/biometricloginsample/CryptographyManager.kt

I think if you did that it would reduce people making wrong choices with encryption and encourage engineers to use this as the ease of integration. Possibly even forcing the use of encryption.

Additional details:

So recently during a security audit we failed because of the common problem with not verify the cipher which is in your documentation: https://developer.android.com/training/sign-in/biometric-auth#crypto

Below is the tool they used to get around: https://labs.f-secure.com/blog/how-secure-is-your-android-keystore-authentication/

It would be good if this integration was a little more simple and less choices have to be made. Not sure if this code would live in biometrics or in the security sdk https://github.com/androidx/androidx/tree/androidx-main/security

But reviewing my solution which was heavily influenced by the google example: https://github.com/googlecodelabs/biometric-login/blob/codelab/codelab-02/app/src/main/java/com/example/biometricloginsample/CryptographyManager.kt