npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

react-native-secure-encryption-module

v0.0.7

Published

Uses Secure Enclave for iOs and KeyStore System for Android to Encypt Data Securely and keeping Secrets Safe on Hardware Level

Downloads

20

Readme

react-native-secure-encryption-module

Uses Secure Enclave for iOS and KeyStore System for Android to encrypt data securely and keeping secrets safe on hardware level

Installation

npm install react-native-secure-encryption-module

Usage

1. Generate a KeyPair with an alias of your choice

Alias will be used throughout the process to access the key's and perform cryptographic actions with it.

import { generateKeyPair } from 'react-native-secure-encryption-module';

// ...

const key = await generateKeyPair('my-key');

The method returns a base64 encoded public key.

In case a key already exists it can be fetched with:

import { getKey } from 'react-native-secure-encryption-module';

// ...

const key = await getKey('my-key');

In case the Key does not exist, the promise will be rejected

2. Encrypt or sign

We want to use our keys to either encrypt or sign a string. Both can be done easily like

import { encrypt } from 'react-native-secure-encryption-module';

// ...

const cipher = await encrypt('Encrypt this message', 'my-key');

Return value is a base64 encoded cipher string

  • or -
import { sign } from 'react-native-secure-encryption-module';

// ...

const sign = await sign('Sign this message', 'my-key');

Return value is a base64 encoded signature

3. Decrypt or verify signature

After encrypting or signing the original string is not readable for a human and can be transported over non-trusted channels. To decrypt the cipher or verify the signature we can call following methods

import { decrypt } from 'react-native-secure-encryption-module';

// ...
// hash is the result of an earlier encryption
const cipher = '0xasdfasdfa....';
const clearText = await decrypt(cipher, 'my-key');

Return value should be the original method before encryption as string

  • or -
import { verify } from 'react-native-secure-encryption-module';

// ...
// signature is the result of the `sign` method
const signature = '0xasdfasdfa....';

const originalMessage = 'Sign this message';

const isOk = await verify(signature, originalMessage, 'my-key');

Return value is a boolean representing if the signature is really performed by our key

Checking hardware support

Of course the hardware level security can only be achieved if the Device itself supports it. To read more about that

android - Android keystore system ios: Secure Enclave

We can check if our device supports what we need by calling

import { isKeySecuredOnHardware } from 'react-native-secure-encryption-module';

// ...

const isSupported = await isKeySecuredOnHardware('my-key');

Return value is a boolean representing if hardware level security is available

Error Handling

The Library depends on native logic that can fail. The Promises, which are returned by all functions from the library, will be rejected with an Error message in that case.

Cross-System Usage

The Public keys, which are returned by generateKeyPairand getKey are returned in PEM format. Additional Effort has been put in to be able to verify Signatures from Android and iOS in the same way.

The goal was to be able to verify signatures with openssl and therefore being able to verify using Node.js

Here the node.js Example:

import crypto from "crypto";

const verify = (
  message: string,   // The original message which was signed by using this library
  signature: string, // The result of the sign method
  publicKey: string  // The result from generateKeyPair or getKey
): boolean => {
  const verifier = crypto.createVerify("SHA256").update(message, "utf-8");

  const result = verifier.verify(
    {
      key: buildPubKey(publicKey),
      format: "pem",
      type: "pkcs1",
    },
    Buffer.from(signature, "base64")
  );

  return result;
};

const buildPubKey = (encoded: string): string => {
  const l1 = "-----BEGIN PUBLIC KEY-----\n";

  const l3 = "\n-----END PUBLIC KEY-----";

  return l1 + encoded + l3;
};

TODO's

Android: en- and decryption

License

MIT