npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

fsc-react-native-keychain

v3.1.3

Published

Keychain Access for React Native

Downloads

1

Readme

Travis npm npm

Keychain/Keystore Access for React Native.

Installation

  1. $ yarn add react-native-keychain
  2. $ react-native link react-native-keychain and check MainApplication.java to verify the package was added.
  3. Rebuild your project with react-native run-ios/android

See manual installation below if you have issues with react-native link.

Usage

import * as Keychain from 'react-native-keychain';

async () => {
  const username = 'zuck';
  const password = 'poniesRgr8';

  // Store the credentials
  await Keychain.setGenericPassword(username, password);

  try {
    // Retrieve the credentials
    const credentials = await Keychain.getGenericPassword();
    if (credentials) {
      console.log('Credentials successfully loaded for user ' + credentials.username);
    } else {
      console.log('No credentials stored');
    }
  } catch (error) {
    console.log('Keychain couldn\'t be accessed!', error);
  }
  await Keychain.resetGenericPassword();
}

See KeychainExample for fully working project example.

Both setGenericPassword and setInternetCredentials are limited to strings only, so if you need to store objects etc, please use JSON.stringify/JSON.parse when you store/access it.

setGenericPassword(username, password, [{ accessControl, accessible, accessGroup, service, securityLevel }])

Will store the username/password combination in the secure storage. Resolves to true or rejects in case of an error.

getGenericPassword([{ authenticationPrompt, service }])

Will retrieve the username/password combination from the secure storage. Resolves to { username, password } if an entry exists or false if it doesn't. It will reject only if an unexpected error is encountered like lacking entitlements or permission.

resetGenericPassword([{ service }])

Will remove the username/password combination from the secure storage.

setInternetCredentials(server, username, password, [{ accessControl, accessible, accessGroup, securityLevel }])

Will store the server/username/password combination in the secure storage.

hasInternetCredentials(server, [{ authenticationPrompt }])

Will check if the username/password combination for server is available in the secure storage. Resolves to true if an entry exists or false if it doesn't.

getInternetCredentials(server, [{ authenticationPrompt }])

Will retrieve the server/username/password combination from the secure storage. Resolves to { username, password } if an entry exists or false if it doesn't. It will reject only if an unexpected error is encountered like lacking entitlements or permission.

resetInternetCredentials(server)

Will remove the server/username/password combination from the secure storage.

requestSharedWebCredentials() (iOS only)

Asks the user for a shared web credential. Requires additional setup both in the app and server side, see Apple documentation. Resolves to { server, username, password } if approved and false if denied and throws an error if not supported on platform or there's no shared credentials.

setSharedWebCredentials(server, username, password) (iOS only)

Sets a shared web credential. Resolves to true when successful.

canImplyAuthentication([{ authenticationType }])

Inquire if the type of local authentication policy is supported on this device with the device settings the user chose. Should be used in combination with accessControl option in the setter functions. Resolves to true if supported.

getSupportedBiometryType()

Get what type of hardware biometry support the device has. Resolves to a Keychain.BIOMETRY_TYPE value when supported, otherwise null.

getSecurityLevel() (Android only)

Get security level that is supported on the current device with the current OS.

Security Levels (Android only)

If set, securityLevel parameter specifies minimum security level that the encryption key storage should guarantee for storing credentials to succeed.

  • ANY - no security guarantees needed (default value); Credentials can be stored in FB Secure Storage;
  • SECURE_SOFTWARE - requires for the key to be stored in the Android Keystore, separate from the encrypted data;
  • SECURE_HARDWARE - requires for the key to be stored on a secure hardware (Trusted Execution Environment or Secure Environment). Read this article for more information.

Options

| Key | Platform | Description | Default | |---|---|---|---| |accessControl|iOS only|This dictates how a keychain item may be used, see possible values in Keychain.ACCESS_CONTROL. |None| |accessible|iOS only|This dictates when a keychain item is accessible, see possible values in Keychain.ACCESSIBLE. |Keychain.ACCESSIBLE.WHEN_UNLOCKED| |accessGroup|iOS only|In which App Group to share the keychain. Requires additional setup with entitlements. |None| |authenticationPrompt|iOS only|What to prompt the user when unlocking the keychain with biometry or device password. |Authenticate to retrieve secret| |authenticationType|iOS only|Policies specifying which forms of authentication are acceptable. |Keychain.AUTHENTICATION_TYPE.DEVICE_PASSCODE_OR_BIOMETRICS| |service|All|Reverse domain name qualifier for the service associated with password. |App bundle ID|

Keychain.ACCESS_CONTROL enum

| Key | Description | |-----|-------------| |USER_PRESENCE|Constraint to access an item with either Touch ID or passcode.| |BIOMETRY_ANY|Constraint to access an item with Touch ID for any enrolled fingers.| |BIOMETRY_CURRENT_SET|Constraint to access an item with Touch ID for currently enrolled fingers.| |DEVICE_PASSCODE|Constraint to access an item with a passcode.| |APPLICATION_PASSWORD|Constraint to use an application-provided password for data encryption key generation.| |BIOMETRY_ANY_OR_DEVICE_PASSCODE|Constraint to access an item with Touch ID for any enrolled fingers or passcode.| |BIOMETRY_CURRENT_SET_OR_DEVICE_PASSCODE|Constraint to access an item with Touch ID for currently enrolled fingers or passcode.|

Keychain.ACCESSIBLE enum

| Key | Description | |-----|-------------| |WHEN_UNLOCKED|The data in the keychain item can be accessed only while the device is unlocked by the user.| |AFTER_FIRST_UNLOCK|The data in the keychain item cannot be accessed after a restart until the device has been unlocked once by the user.| |ALWAYS|The data in the keychain item can always be accessed regardless of whether the device is locked.| |WHEN_PASSCODE_SET_THIS_DEVICE_ONLY|The data in the keychain can only be accessed when the device is unlocked. Only available if a passcode is set on the device. Items with this attribute never migrate to a new device.| |WHEN_UNLOCKED_THIS_DEVICE_ONLY|The data in the keychain item can be accessed only while the device is unlocked by the user. Items with this attribute do not migrate to a new device.| |AFTER_FIRST_UNLOCK_THIS_DEVICE_ONLY|The data in the keychain item cannot be accessed after a restart until the device has been unlocked once by the user. Items with this attribute never migrate to a new device.| |ALWAYS_THIS_DEVICE_ONLY|The data in the keychain item can always be accessed regardless of whether the device is locked. Items with this attribute never migrate to a new device.|

Keychain.AUTHENTICATION_TYPE enum

| Key | Description | |-----|-------------| |DEVICE_PASSCODE_OR_BIOMETRICS|Device owner is going to be authenticated by biometry or device passcode.| |BIOMETRICS|Device owner is going to be authenticated using a biometric method (Touch ID or Face ID).|

Keychain.BIOMETRY_TYPE enum

| Key | Description | |-----|-------------| |TOUCH_ID|Device supports authentication with Touch ID.| |FACE_ID|Device supports authentication with Face ID.| |FINGERPRINT|Device supports authentication with Android Fingerprint.|

Manual Installation

iOS

Option: Manually

  • Right click on Libraries, select Add files to "…" and select node_modules/react-native-keychain/RNKeychain.xcodeproj
  • Select your project and under Build Phases -> Link Binary With Libraries, press the + and select libRNKeychain.a.
  • make sure pod 'RNKeychain' is not in your Podfile

Option: With CocoaPods

Add the following to your Podfile and run pod update:

pod 'RNKeychain', :path => '../node_modules/react-native-keychain'

Enable Keychain Sharing entitlement for iOS 10+

For iOS 10 you'll need to enable the Keychain Sharing entitlement in the Capabilities section of your build target. (See screenshot). Otherwise you'll experience the error shown below.

screen shot 2016-09-16 at 20 56 33

Error: {
  code = "-34018";
  domain = NSOSStatusErrorDomain;
  message = "The operation couldn\U2019t be completed. (OSStatus error -34018.)";
}

Android

Option: Manually

  • Edit android/settings.gradle to look like this (without the +):
rootProject.name = 'MyApp'

include ':app'

+ include ':react-native-keychain'
+ project(':react-native-keychain').projectDir = new File(rootProject.projectDir, '../node_modules/react-native-keychain/android')
  • Edit android/app/build.gradle (note: app folder) to look like this:
apply plugin: 'com.android.application'

android {
  ...
}

dependencies {
  compile fileTree(dir: 'libs', include: ['*.jar'])
  compile 'com.android.support:appcompat-v7:23.0.1'
  compile 'com.facebook.react:react-native:0.19.+'
+ compile project(':react-native-keychain')
}
  • Edit your MainApplication.java (deep in android/app/src/main/java/...) to look like this (note two places to edit):
package com.myapp;

+ import com.oblador.keychain.KeychainPackage;

....

public class MainActivity extends extends ReactActivity {

  @Override
  protected List<ReactPackage> getPackages() {
      return Arrays.<ReactPackage>asList(
              new MainReactPackage(),
+             new KeychainPackage()
      );
  }
  ...
}

Proguard Rules

On Android builds that use proguard (like release), you may see the following error:

RNKeychainManager: no keychain entry found for service:
JNI DETECTED ERROR IN APPLICATION: JNI FindClass called with pending exception java.lang.NoSuchFieldError: no "J" field "mCtxPtr" in class "Lcom/facebook/crypto/cipher/NativeGCMCipher;" or its superclasses

If so, add a proguard rule in proguard-rules.pro:

-keep class com.facebook.crypto.** {
   *;
}

Notes

Android

The module will automatically use the appropriate CipherStorage implementation based on API level:

  • API level 16-22 will en/de crypt using Facebook Conceal
  • API level 23+ will en/de crypt using Android Keystore

Encrypted data is stored in SharedPreferences.

The setInternetCredentials(server, username, password) call will be resolved as call to setGenericPassword(username, password, server). Use the server argument to distinguish between multiple entries.

iOS

If you need Keychain Sharing in your iOS extension, make sure you use the same App Group and Keychain Sharing group names in your Main App and your Share Extension. To then share the keychain between the Main App and Share Extension, use the accessGroup ánd service option on setGenericPassword and getGenericPassword, like so: getGenericPassword({ accessGroup: 'group.appname', service: 'com.example.appname' })

Security

On API levels that do not support Android keystore, Facebook Conceal is used to en/decrypt stored data. The encrypted data is then stored in SharedPreferences. Since Conceal itself stores its encryption key in SharedPreferences, it follows that if the device is rooted (or if an attacker can somehow access the filesystem), the key can be obtained and the stored data can be decrypted. Therefore, on such a device, the conceal encryption is only an obscurity. On API level 23+ the key is stored in the Android Keystore, which makes the key non-exportable and therefore makes the entire process more secure. Follow best practices and do not store user credentials on a device. Instead use tokens or other forms of authentication and re-ask for user credentials before performing sensitive operations.

Maintainers

License

MIT © Joel Arvidsson 2016-2018