Signing on Tezos with Android Biometrics

By Benjamin Fuentes

Classic signing with a wallet

As a quick remember, here is the common flow :

  1. The user sends a request to his wallet to sign a payload

  2. The wallet signs the payload with the private key and returns the signature

  3. The user forwards the signed message to a Tezos node

  • The wallet can be local or distant.
  • If remote, there is a risk over the communication channel and third parties
  • Each wallet will use its own mechanism to protect the private key: password, etc …

Biometrics signing

Biometrics on Android provides a convenient method for authorizing access to private content within your app. Instead of having to remember an account username and password every time they open your app, users can use their biometric credentials to confirm their presence and authorize access to the private content

Your phone, depending on the security level of the chip, becomes your HSM (Hardware Secure Module) replacing external devices like a Ledger or a Yubikey.

There are two approaches on Tezos to use Biometrics :

Solution 1: Use your phone Biometrics to protect the private key

This solution is similar to the signing with a wallet solution

Details :

  • the wallet is the secure chip of the phone, it is a local communication
  • the private key is protected by the phone Biometrics


Biometrics just controls the access to the keypair.The keys are generated from a native Android algorithm, a crypto library as spongycastle or just an encrypted private key as string.Once the user has authenticated with Biometrics, he has access to the protected object on the Keystore.

If you want to learn more about this announcement, please read our blog post on Marigold website :point_right:
Signing on Tezos with Android Biometrics


In the classic signing process with a wallet, users request their wallet to sign a payload, which is then signed with the private key and returned to the user for forwarding to a Tezos node. This can be done locally or remotely, with remote wallets posing dg dollar general communication and security risks. On the other hand, biometric signing uses fingerprint or facial recognition to authorize access to private content in apps, eliminating the need for usernames and passwords.

1 Like