# Phase 4b - Keystore Fix Result

**Date:** 2026-03-28 11:35 PDT

## Bug Fixed

`CardanoKeyStorageImpl.getOrCreateSecretKey()` was setting `setUserAuthenticationValidityDurationSeconds(-1)`, which requires `BiometricPrompt.CryptoObject` for every cipher operation. This threw `UserNotAuthenticatedException` at runtime when `storeMnemonic()` or `getMnemonic()` called `cipher.init()`.

## Fix Applied

Changed line 193:
```kotlin
// Before
.setUserAuthenticationValidityDurationSeconds(-1)

// After
.setUserAuthenticationValidityDurationSeconds(30)
```

This allows the AES key to be used for 30 seconds after any biometric/device credential authentication. Proper `BiometricPrompt.CryptoObject` flow deferred to Phase 5.

## Build Result

```
BUILD SUCCESSFUL in 43s
3819 actionable tasks: 8 executed, 3811 up-to-date
```

## Commit

```
c21a3b7c48 fix(wallet): use 30s auth validity window instead of per-use biometric
```

Pushed to `phase1-dev` on Gitea.