I have app which uses Fingerprint and 4 digit pin (which can be set by user in application settings, this is not system pin/pattern/password) authorization.

With Fingerprint everything is fine, I have problem with pin.

What I'm trying to do is:

1. Let user set pin from application settings
2. Generate Keypair in keystore for some alias protected by entered pin (so that private key can not be accessed without this pin)
3. Send public key to server for future signature verification
4. Get user token from server and store it in local storage

Then during Authorization:

5. Request user to enter the pin
6. Retrieve private key by entered pin
7. Retrieve token from local storage
8. Sign token with private key from step 6
9. Send it to server with signed data
10. Verify signature on server and if it is valid, open session for user.

My question is: How can I generate KeyPair protected by pin entered by user

P.S. For fingerprint this logic is handled by:

KeyGenParameterSpec.Builder(KEY_NAME, KeyProperties.PURPOSE_SIGN).setUserAuthenticationRequired(true)

I will suggest try to use this post Use the Android KeyStore to securely store arbitrary strings post.

This post have covered point as

1. Generate, securely store, and retrieve encryption keys on the device.

2. Encrypt arbitrary data and save it on the device.

3. Access and decrypt the data for subsequent use.

I hope it will help.