Comments (12)
Hi everyone,
just want to ask what is the status of the Keystore merge, cause we need this for a app currently under development.
@mCodex Some suggestions for your above questions:
-
Maybe the encryption should be only used if device is capable of handling it and fallback to shared prefs if not? So the library could be used on any device. Maybe its also possible to encrypt the shared preferences optionally in some way for devices below API 18?
-
See 1. :)
-
I haven't dive into the code yet, sorry
Thanks in advance and best regards
Dan
from react-native-sensitive-info.
@agustinaliagac
As I see it, the android keystore is used in the master branch. Take a look at: https://github.com/mCodex/react-native-sensitive-info/blob/master/android/src/main/java/br/com/classapp/RNSensitiveInfo/RNSensitiveInfoModule.java#L196
The keystore branch doesn't seem to have any changes that are not reflected on the master branch. It just wasn't deleted.
from react-native-sensitive-info.
Would like to upgrade my app to support Fingerprint auth but also still support Android versions below 6.0.. I'm currently also using the keystore branch but would see benefit in merging this into master so I can make use of fingerprint and even face authentication in the future.
Thanks!
from react-native-sensitive-info.
I made a merge request with an update for keystore branch #115. Basically, this is just the latest plugin version + keystore's encrypt/decrypt features for android from current keystore branch. Seems to be working just fine.
from react-native-sensitive-info.
I'm sorry I don't fully understand what's the difference between both branches, since in master branch I see that for Android M+ it's generating an AES key to encrypt the values stored in shared preferences
By taking a look at the diff, all I can see is that keystore branch supports older Androids by fallbacking to RSA keypair, but mostly focuses on just encrypting data regardless of fingerprint.
Given that the master branch already is working with keystore, for fingerprint support, is there any blocker to merge keystore branch?
from react-native-sensitive-info.
Not really.
Correct me if I'm wrong but the master branch only uses the keystore when the android version is at least 6.0 and fingerprint auth is enabled.
This is not the case on the keystore branch which uses the keystore and encrypts data even for Android versions below 6.0
So there's still value in the keystore
branch (which I would love to see merged)
from react-native-sensitive-info.
randycoulman did some research about this, so also regard: CodingZeal/redux-persist-sensitive-storage#14 (comment)
from react-native-sensitive-info.
Hi guys, It'd be nice to merge keystore branch into master, but It requires:
- Will we remove Shared Preferences support?
- Will RNSInfo possible to install on devices using Android API 16/17? Keystore needs at least API 18 or above.
- Is there a way to do all of that without breaking changes?
Unfortunately, right now I don't have enough time to do it. If someone can help me a PR would be nice 🤗
from react-native-sensitive-info.
react-native-keychain
uses Keystore for API level 23+ and Facebook Conceal for 16 - 22. Even though Keystore was introduced in 18, the ability to store AES keys in the Keystore was added in level 23.
from react-native-sensitive-info.
@mCodex I need to support Android >= 7.0 and I do not want to use fingerprint for storing stuff in store. Should I use the keystore branch? Or could u tell us how does encryption of shared preferences work on master branch?
from react-native-sensitive-info.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
from react-native-sensitive-info.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
from react-native-sensitive-info.
Related Issues (20)
- After uninstall and install app stored information remained (IOS) HOT 4
- [IOS] Protected data not available yet. Retry operation HOT 16
- Android: Error in secure save : [Error: Failed to obtain information about key] HOT 1
- Storage size HOT 3
- is ios Keychain sandboxed? HOT 1
- Adding `kSecAttrSynchronizable` options throws error. HOT 1
- Remember fingerprint for X minutes HOT 1
- Static Values for Cryptography Which Exposes Data to Easy Decryption HOT 3
- v6.0.0-alpha10: update latest alpha build on npm? HOT 1
- Simple solution to the inconsistent return of getAllItems() HOT 1
- doesn't work on react-native 0.70rc2 / Mac catalyst / os error 34018 HOT 1
- Security issues HOT 3
- Android: Attempt to invoke interface method on a null object reference (patch-package fix available) HOT 1
- The credentials are getting lost on android 10 on app uninstall or clearing the app data. HOT 1
- Is this thing on? HOT 1
- Release version v6 on NPM package HOT 1
- I am facing issue with this package in windows system on some system when key is not available and when i try to call getItem method it's not even throwing error it will result in white screen issue. HOT 1
- getAllItems works without encryption but getItem does not HOT 1
- Types for getAllItems is wrong HOT 1
- Got the DecryptionFailed error on Android with Touch ID
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from react-native-sensitive-info.