auth/com.midnight.kuira.core.auth/BiometricGate/authenticateForEncrypt

authenticateForEncrypt

suspend fun authenticateForEncrypt(activity: FragmentActivity, title: String = "Authenticate", subtitle: String? = null): AuthenticatedCipher

Authenticates the user and returns a cipher ready for encryption.

The cipher has a Keystore-generated random IV accessible via Cipher.getIV. After calling Cipher.doFinal, store the result as: [IV (12 bytes)] + [ciphertext + GCM auth tag (16 bytes)]

Exception propagation: android.security.keystore.KeyPermanentlyInvalidatedException is thrown synchronously from WalletKeyManager.cipherForEncrypt BEFORE the biometric prompt is shown. The caller should catch it at the call site and trigger the key-recreation recovery flow.

Parameters

activity

The FragmentActivity hosting the biometric prompt

title

Prompt title shown to the user

subtitle

Optional subtitle (e.g., "Encrypt wallet seed")

Throws

AuthenticationCancelledException

if the user cancelled

AuthenticationLockedOutException

if the device is temporarily locked out

AuthenticationPermanentlyLockedOutException

if permanently locked out

AuthenticationFailedException

for all other failures