npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

react-native-device-crypto

v0.1.7

Published

Cryptographic operations inside the secure hardware for React Native

Downloads

1,571

Readme

react-native-device-crypto

React Native Device Crypto provides functionality to use hardware-based secure encryption. To further protect sensitive data within your app, you can incorporate cryptography into your biometric authentication workflow. After the user authenticates successfully using a biometric prompt, your app can perform a cryptographic operation. For example, if you authenticate, your app can then perform encryption, decryption and signing.

Features

  • Full TypeScript support
  • No third party dependencies
  • Native biometric screen support
  • Easy installation and usage

Also, the module allows you to

  • Create a asymmetric/symmetric key where as the private key/secret key is stored in the secure hardware (Sencure Enclave/Strongbox/TEE)
  • Set access level of the key usage.
  • Set the key life time.
  • Sign a string with the private key.
  • Encrypt/decrypt with secret key.
  • Detect what type of biometric sensor is available on the device.
  • Detect what kind of protection is set it up on the device.
  • Fires native biometric screen to check that user is authenticated.

Important Notes

Extremely secure iOS encryption and decryption via secure enclave, elliptic curves. Very secure Android encryption and decryption via Android KeyStore.

This package requires a compiled SDK version of 30 (Android 11.0) or higher The Android side uses the android.security.keystore API and requires a minimum SDK version of 23, due to availability of the hardware-backed security.

This package requires an iOS target SDK version of iOS 11 or higher

Ensure that you have the NSFaceIDUsageDescription entry set in your react native iOS project, or Face ID will not work properly. This description will be presented to the user the first time a biometrics action is taken, and the user will be asked if they want to allow the app to use Face ID. If the user declines the usage of face id for the app, the getBiometryType function will indicate biometrics is unavailable until the face id permission is specifically allowed for the app by the user.

Installation

  1. Run yarn add react-native-device-crypto or npm i react-native-device-crypto

    1 a. If React Native version <= 0.59: react-native link react-native-device-crypto and check MainApplication.java to verify the package was added.

  2. Run pod install in ios/ directory to install iOS dependencies.

  3. If you want to support FaceID, add a NSFaceIDUsageDescription entry in your Info.plist.

  4. Re-build your Android and iOS projects.

Usage

Please see Example Project for fully working project.

An Usage Example - Device Binding (Pairing)

When a user enrolls in biometrics, a key pair is generated. The private key is stored securely on the device and the public key is sent to a server for registration. When the user wishes to authenticate, the user is prompted for biometrics, which unlocks the securely stored private key. Then a cryptographic signature is generated and sent to the server for verification. The server then verifies the signature. If the verification was successful, the server returns an appropriate response and authorizes the user.

API

getOrCreateAsymmetricKey

async getOrCreateAsymmetricKey(alias: string, options: KeyCreationParams): Promise<string>

Creates an asymmetric key in the secure hardware with given access parameters. Returns Public Key if successfull.

interface KeyCreationParams {
  accessLevel: AccessLevel;
  invalidateOnNewBiometry?: boolean;
}

invalidateOnNewBiometry : The key has been invalidated when the user removes biometry or enrolls new biometry if this is true. (This is irreversable)

| Access Level | Description | | ----------------------- | ------------------------------------------------------------------------------------------------- | | Always | The key is always accessible even if the device locked. (aka unrestricted key) | | Unlocked device | The key is accessible when the device has been unlocked. (aka unrestricted key) | | Authentication Required | The key is accessible when the user authenticate their selves with biometry. (aka restricted key) |

Cryptography algorithms

256-bit ECC Keys for Suite-B EC (aka secp256k1) EC (Elliptic Curve) keypair on iOS

NIST P-256 (aka secp256r1 aka prime256v1) EC (Elliptic Curve) keypair on Android

  • The key material of the generated symmetric and private keys is not accessible. The key material of the public keys is accessible.

getOrCreateSymmetricKey

async getOrCreateSymmetricKey(alias: string, options: KeyCreationParams): Promise<boolean>

Creates a symmetric key in the secure hardware with given access parameters. Returns true if successfull

interface KeyCreationParams {
  accessLevel: AccessLevel;
  invalidateOnNewBiometry?: boolean;
}

invalidateOnNewBiometry : The key has been invalidated when the user removes biometry or enrolls new biometry if this is true. (This is irreversable)

| Access Level | Description | | ----------------------- | ------------------------------------------------------------------------------------------------- | | Always | The key is always accessible even if the device locked. (aka unrestricted key) | | Unlocked device | The key is accessible when the device has been unlocked. (aka unrestricted key) | | Authentication Required | The key is accessible when the user authenticate their selves with biometry. (aka restricted key) |

Cryptography algorithms

AES256

Note for IOS : We don’t explicitly create the symmetric key. Instead, we call native SecKeyCreateEncryptedData to create a symmetric key for you. This function creates the symmetric key, uses it to encrypt your data, and then encrypts the key itself with the public key (We create in background to provide it later on encrypt/decrypt operations). It then packages all of this data together and returns it to you. You then transmit it to a receiver, who uses the corresponding private key in a call to native SecKeyCreateDecryptedData to reverse the operation. That is why encrypt method returns IV as NotRequired on IOS.

isKeyExists

async isKeyExists(alias: string, keyType: KeyTypes): Promise<boolean>

Checks the key is exist in secure hardware or not.

getPublicKey

async getPublicKey(alias: string): Promise<string>

Gets PEM formatted public key.

deleteKey

async deleteKey(alias: string): Promise<boolean>

Deletes the key from secure hardware. (This is irreversable.)

sign

async sign(alias: string, plainText: string, options: BiometryParams): Promise<string>

Signs the given string with private key and returns Base64 encoded signature.

  • If your private key requires biometric credentials to unlock (unlockedDeviceRequired and authenticationRequired should be true when creating the key in this case), the user must authenticate their biometric credentials each time before your app accesses the key.

encrypt

async encrypt(alias: string, plainText: string, options: BiometryParams): Promise<EncryptionResult>

Encrypts the given string with the secret key and returns Base64 encoded encrypted text and IV code.

  • iv is always NotRequired. Please see the note on getOrCreateSymmetricKey
  • If your secret key requires biometric credentials to unlock (unlockedDeviceRequired and authenticationRequired should be true when creating the key in this case), the user must authenticate their biometric credentials each time before your app accesses the key.

decrypt

async decrypt(alias: string, plainText: string, iv: string, options: BiometryParams): Promise<string>

Decrypts the given Base64 encoded encrypted text with IV and the secret key.

  • iv ignored on IOS and cannot be null. Please see the note on getOrCreateSymmetricKey
  • If your secret key requires biometric credentials to unlock (unlockedDeviceRequired and authenticationRequired should be true when creating the key in this case), the user must authenticate their biometric credentials each time before your app accesses the key.

isBiometryEnrolled

async isBiometryEnrolled(): Promise<boolean>

Checks if the user can authenticate with biometrics. This requires at least one biometric sensor to be present, enrolled, and available on the device.

deviceSecurityLevel

async deviceSecurityLevel(): Promise<SecurityLevel>

Checks the devices security level.

| Return Value | Description | | -------------- | -------------------------------------------------- | | NOT_PROTECTED | The device has no protection. | | PIN_OR_PATTERN | The device is secured by pin or password. | | BIOMETRY | The device is secured by biometric authentication. |

getBiometryType

async getBiometryType(): Promise<BiometryType>

Gets the biometric scanner type if the device has biometric hardware.

| Return Value | Platform | Description | | ------------ | ------------ | ------------------------------------------------------------- | | NONE | All | The device has no biometric hardware or could not determined. | | TOUCH | All | The biometric hardware detects fingerprint | | FACE | All | The biometric hardware performs face authentication | | IRIS | Android only | The biometric hardware performs iris authentication |

authenticateWithBiometry

async authenticateWithBiometry(options: BiometryParams): Promise<boolean>

One method of protecting sensitive information or premium content within your app is to request biometric authentication, such as using face recognition or fingerprint recognition. To display a system prompt that requests the user to authenticate using biometric credentials. After the user authenticates, you can check whether the user authenticated or not.

Contributing

See the contributing guide to learn how to contribute to the repository and the development workflow.

License

ISC