[Question] Is the "keystore" branch going to be merged ? about react-native-sensitive-info HOT 12 CLOSED

Hi everyone,

just want to ask what is the status of the Keystore merge, cause we need this for a app currently under development.

@mCodex Some suggestions for your above questions:

1. Maybe the encryption should be only used if device is capable of handling it and fallback to shared prefs if not? So the library could be used on any device. Maybe its also possible to encrypt the shared preferences optionally in some way for devices below API 18?

2. See 1. :)

3. I haven't dive into the code yet, sorry

Thanks in advance and best regards
Dan

from react-native-sensitive-info.

@agustinaliagac
As I see it, the android keystore is used in the master branch. Take a look at: https://github.com/mCodex/react-native-sensitive-info/blob/master/android/src/main/java/br/com/classapp/RNSensitiveInfo/RNSensitiveInfoModule.java#L196

The keystore branch doesn't seem to have any changes that are not reflected on the master branch. It just wasn't deleted.

from react-native-sensitive-info.

Would like to upgrade my app to support Fingerprint auth but also still support Android versions below 6.0.. I'm currently also using the keystore branch but would see benefit in merging this into master so I can make use of fingerprint and even face authentication in the future.

Thanks!

from react-native-sensitive-info.

I made a merge request with an update for keystore branch #115. Basically, this is just the latest plugin version + keystore's encrypt/decrypt features for android from current keystore branch. Seems to be working just fine.

from react-native-sensitive-info.

I'm sorry I don't fully understand what's the difference between both branches, since in master branch I see that for Android M+ it's generating an AES key to encrypt the values stored in shared preferences

By taking a look at the diff, all I can see is that keystore branch supports older Androids by fallbacking to RSA keypair, but mostly focuses on just encrypting data regardless of fingerprint.

Given that the master branch already is working with keystore, for fingerprint support, is there any blocker to merge keystore branch?

from react-native-sensitive-info.

Not really.

Correct me if I'm wrong but the master branch only uses the keystore when the android version is at least 6.0 and fingerprint auth is enabled.

This is not the case on the keystore branch which uses the keystore and encrypts data even for Android versions below 6.0

So there's still value in the keystore branch (which I would love to see merged)

from react-native-sensitive-info.

randycoulman did some research about this, so also regard: CodingZeal/redux-persist-sensitive-storage#14 (comment)

from react-native-sensitive-info.

Hi guys, It'd be nice to merge keystore branch into master, but It requires:

• Will we remove Shared Preferences support?
• Will RNSInfo possible to install on devices using Android API 16/17? Keystore needs at least API 18 or above.
• Is there a way to do all of that without breaking changes?

Unfortunately, right now I don't have enough time to do it. If someone can help me a PR would be nice 🤗

from react-native-sensitive-info.

react-native-keychain uses Keystore for API level 23+ and Facebook Conceal for 16 - 22. Even though Keystore was introduced in 18, the ability to store AES keys in the Keystore was added in level 23.

from react-native-sensitive-info.

@mCodex I need to support Android >= 7.0 and I do not want to use fingerprint for storing stuff in store. Should I use the keystore branch? Or could u tell us how does encryption of shared preferences work on master branch?

from react-native-sensitive-info.

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

from react-native-sensitive-info.

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

from react-native-sensitive-info.