Biometric Signatures on Android

BiometricSignatureData is “real-world information” that can be attached to a digital signature. This information includes things like whether or not the signature was created with a stylus, the size of the signee’s finger, and the timing and pressure information that was collected while writing the signature. Ultimately, this data can be used to create solutions that provide a higher grade of security than traditional digital signatures do. A digital signature can only contain biometric data if an ink signature was used to create it.

Creating Biometric Data

You can create a BiometricSignatureData instance using its Builder. All values of the biometric data are optional and can be left out. Once created, the BiometricSignatureData is immutable:

val biometricData = BiometricSignatureData.Builder()
	.setInputMethod(BiometricSignatureData.InputMethod.FINGER)
	.setPressurePoints(listOf(0.4f, 0.1f, 0.94f, 0.6f))
	.build()
final BiometricSignatureData biometricData = new BiometricSignatureData.Builder()
	.setInputMethod(BiometricSignatureData.InputMethod.FINGER)
	.setPressurePoints(Arrays.asList(new Float[]{ 0.4f, 0.1f, 0.94f, 0.6f }))
	.build();
Information

BiometricSignatureData is a Parcelable; this allows it to be passed around activities or saved to your instance state.

Collecting Biometric Data

When a user creates a Signature using the SignaturePickerFragment, the signature will also hold BiometricSignatureData that was collected during the creation of the signature. You can retrieve this data using signature.getBiometricData():

// Retrieve the biometric data that was collected during signature creation.
val biometricData = signature.biometricData
// Retrieve the biometric data that was collected during signature creation.
final BiometricSignatureData biometricData = signature.getBiometricData();

Digitally Signing with Biometric Data

To add biometric data to a digital signature, pass it to your SignerOptions during the signing process. The SigningManager will automatically verify the biometric data and attach it to the signature:

val biometricData = signature.biometricData
// Pass in `BiometricSignatureData` as an extra argument.
val signerOptions = SignerOptions.Builder(signatureFormField, outputFileUri)
    .setPrivateKey(key)
    .setSignatureMetadata(DigitalSignatureMetadata(biometricData = biometricData))
    .build()

SigningManager.signDocument(
    context = context,
    signerOptions = signerOptions,
    type = digitalSignatureType,
    onFailure = {
             // Handle signing errors here.
                 }
             ) {
                 // The document was successfully signed!
                 val signedDocument = Uri.fromFile(outputFile)
             }