Biometric locked file vault

Question

I'm trying to create a file vault that is locked using biometrics. Using a library like libCrypto++ seems a nice plan. Its simple to store things in the vault as the public key can be kept in the clear.

However the part I'm struggling with is how you convert from the biometrics to the private key. I assume I need to store the private key somewhere but I can't figure out how. Otherwise I run the risk of using a very secure system for file storage and then suffering from a far less secure private key.

I'm sure there must be a solution to this, I just can't think of one.

Answer 1

With biometric you will never get same image or same templates. Everytime you get a new capture, you will have a different image that will supply a different template. So you can`t use it as a key to encrypt some file. You can try to take a hash code from biometric templates. Therefore this is not a good way because noise, rotation, translation and several other things that influence on biometric capture.

There are several academic articles dealing with this subject. But I yet didn`t see one that has a good way to deal with this.

The better way I saw is to use biometric devices to capture a template, match this template with a template previously saved in a database, and if you have a match, release the key kept in a database.

You need this because match of biometric data is not a byte to byte equal operation have many other things to care as I told before.