I am storing fingerprint protected key pairs within AndroidKeyStore on an Android 7 device (Nexus 5X).
These keys have a life cycle that depends on a lot on the status of user fingerprint set for the device and I am facing a scenario that I cannot explain.
Initial situation: A user fingerprint is registered on the device and a fingerprint protected key pair has been generated.
Scenario 1 (NORMAL): if I delete the registered fingerprint from Android fingerprint menu and register a new one right after, without exiting Android fingeprint menu, the key pair previously generated gets invalidated as expected (An 'InvalidKeyException' is thrown when calling a cipher.init using this key pair)
Scenario 2 (ABNORMAL): if I delete the registered fingerprint from Android fingerprint menu, exit Android fingerprint menu and then register a new fingerprint after logging back to Android fingerprint menu, the key pair previously generated is not invalidated. (No 'InvalidKeyException' is thrown when calling a cipher.init using this key pair)
How can the Scenario 2 be explained?
UPDATE:
Scenario 2 is not systematic, from the tries I have made, it appears that if the new fingerprint is defined in a short time interval after the deletion of the former one, the first key pair won't be invalidated. If some time flies (something like 1 minute) before the new fingerprint is defined, the first key pair will be invalidated (normal scenario).