reime005 / react-native-secure-element Goto Github PK

Secure Element for React Native

React Native Secure Element provides functionality to use on-device and hardware-based secure encryption and decryption.

Both native modules are also usable without React Native via gradle and cocoa pods. Thus, they also benefit from being tested by E2E tests.

The Android side uses the android.security.keystore API and requires a minimum SDK version of 23, due to availability of the hardware-backed security.

The iOS side uses the CommonCrypto and LocalAuthentication APIs. It saves the key pairs in the keychain or secure enclave if available.

See examples in src/examples.

// React Hooks example
import { useSecureElement } from 'react-native-secure-element';

const Example = () => {
  const { encrypt } = useSecureElement();
  const [encryptedBase64Text, setEncryptedBase64Text] = useState('');

  useEffect(
    async () => {
      try {
        const val = await encrypt('someKey', 'toEncrypt');
        setEncryptedBase64Text(val);
      } catch (e) {
        console.warn(e);
        setEncryptedBase64Text(e.message);
      }
    },
    []
  )

  <View>
    <Text>{encryptedBase64Text}</Text>
  </View>
}

Automated E2E (UI) Tests Preview

With Github Actions, each commit automatically triggers a full build cycle. This includes running End-to-End (E2E) or UI tests on an iOS Simulator and Android Emulator. This has the benefit of having only tested and not breaking code merged into the master branch.

Features

• Full TypeScript support
• Automatically deployed and tested (CI/CD) via Github Actions
• Extremely secure iOS encryption and decryption via secure enclave, keychain and elliptic curves. No third party dependencies
• Very secure Android encryption and decryption via Android KeyStore
• Natively (without React Native) available implementation

Why / Purpose

The purpose of this repository is to provide a secure way to decrypt and encrypt values. Such values could consist of sensitive user data or authentication secrets (TOTP, ...).

API

See types definition in src/typescript.

Installation

To install react-native-secure-element, do either

npm install --save react-native-secure-element

or

yarn add react-native-secure-element

Note that this requires a react-native version of at least 0.60.0, to use its auto linking feature.

Native Android Dependency

Via gradle/maven dependency:

implementation 'com.android.secureelement:android:+'

Native iOS Dependency

Via cocoapods dependency:

pod 'SecureElement'

TODO

Sorted by priority (higher = higher).

• User authentication functionality (without encryption)
• Signing certificates
• React Hooks
• Error handling/formatting