This project uses the fingerprint sensor on android phones and networking magic to authenticate you to services using your fingerprint!
This project is basically a password manager, storing credentials and keys on your phone (encrypted), and sending them to the required service when needed.
Current Features of the project:
The idea behind this project is to provide a really secure easy way to authenticate to services. Your fingerprint is easy to use (just touch a sensor) and it's secure, because it's unique to you.
The application consists of 2 main parts the PC App and the Phone App
The PC App is written in C#, built with .NET Framework 4.6.1.
External Dependencies:
BouncyCastle.dll, I need this because the app generates key pairs on the flyQRCoder NuGet package, I need this to generate QR Codes (more on this below)ZKWeb.System.Drawing, this is a dependency of QRCoderThe PC app is the middle man between the phone and the services you authenticate to.
The windows locking service is provided by the PC App.
QR Codes are how android knows which host to connect to on the network. The android app scans the QR Code, which contains the destination address, port, and the requested resource.
This is where you authenticate with your fingerprint and send data to the PC App.
The Android App is written in java targeting the minimum version android: API level 23 (Android 6.0),
maximum version android: API level 26 (Android 8.0).
External Dependencies:
com.google.android.gms:play-services-vision:11.8.0, I need this because of QR Code recognition, gradle should download this automaticallyIt uses other built-in android APIs including:
Warning: this is a bit too much technical section.
The PC App shows a QR Code on the monitor it was started on. A server is constantly listening for connections in the background on port 9624. The Phone App, then scans the QR Code, which has the required data for initiating the connection.
Data is formatted like: IPAddress:Port Number-Requested Resource.
The client the connect to the IP:Port given with the QR Code and sends the Requested Resource string to the server.
Before sending the Requested Resource a handshake takes place (more on this below).
The server then starts a new session and stores the request string.
The client searches the requested resource and:
Then the user can do the following:
This is the cycle that happens over and over again.
Warning: this is more technical than the previous seciton :)
The server, at it's first start generates a public/private key pair.
When the client connects, the server send in clear text the public key.
Then 2 things can happen:
saves itThe client the generates a random IV and Key for aes encryption.
Then it concats and encrypts the IV and the Key with the received public key.
Then it sends the encrypted data to the server.
The server then uses the Private Key to decrypt the data, and generate the AES Cipher.
Then the data sent is encrypted/decrypted with this Cipher
This project has a big future in my eyes. It's safe, secure and easy to use.
So I want to support this project with as much as I can.
Future Ideas:
PC App we'll need Win10 support and to upload it to the Windows StoreAndroid App we'll need to upload it to the Google Play StoreFirst off, every contribution is welcome, doesn't matter if it's an issue or a PR.
I wrote a great contribution file on both of the project's github page:
But here's the short version of it:
This is a fingerprint authenticator project. Based on a Client-Server model.
Implementing cool stuff like: Password Management and 2Fa
Everything is based around touching the fingerprint sensor.
Huge potential (at least I think), needs to support a lot of tech stacks, systems, cultures.
We need to make sure it runs, runs fast, runs secure and is beautiful.
Most importantly this project needs love and support!
Thank you for checking out this project!