/react-native-secure-storage

A secure AsyncStorage implementation

Primary LanguageJavaMIT LicenseMIT

react-native-secure-storage

This package is based on react-native-keychain and implemented a secure storage engine. It is compatiable with redux-persist-sensitive-storage

Getting started

$ npm install react-native-secure-storage --save

or

$ yarn add react-native-secure-storage

Mostly automatic installation

$ react-native link react-native-secure-storage

Manual installation

iOS

  1. In XCode, in the project navigator, right click LibrariesAdd Files to [your project's name]
  2. Go to node_modulesreact-native-secure-storage and add RNSecureStorage.xcodeproj
  3. In XCode, in the project navigator, select your project. Add libRNSecureStorage.a to your project's Build PhasesLink Binary With Libraries
  4. Run your project (Cmd+R)<

Android

  1. Open up android/app/src/main/java/[...]/MainApplication.java
  • Add import li.yunqi.rnsecurestorage.RNSecureStoragePackage; to the imports at the top of the file
  • Add new RNSecureStoragePackage() to the list returned by the getPackages() method
  1. Append the following lines to android/settings.gradle:
    include ':react-native-secure-storage'
    project(':react-native-secure-storage').projectDir = new File(rootProject.projectDir, 	'../node_modules/react-native-secure-storage/android')
    
  2. Insert the following lines inside the dependencies block in android/app/build.gradle:
      implementation project(':react-native-secure-storage')
    

Usage

import SecureStorage, { ACCESS_CONTROL, ACCESSIBLE, AUTHENTICATION_TYPE } from 'react-native-secure-storage'

async() => {
  const config = {
    accessControl: ACCESS_CONTROL.BIOMETRY_ANY_OR_DEVICE_PASSCODE,
    accessible: ACCESSIBLE.WHEN_UNLOCKED,
    authenticationPrompt: 'auth with yourself',
    service: 'example',
    authenticateType: AUTHENTICATION_TYPE.BIOMETRICS,
  }
  const key = 'someKey'
  await SecureStorage.setItem(key, 'some value', config)
  const got = await SecureStorage.getItem(key, config)
  console.log(got)
}

Methods

This library has now implemented getItem, setItem, removeItem and getAllKeys methods of AsyncStorage from React Native. It doesn't support callback and replaced the callback param with an option param.

In addition, this library has a getSupportedBiometryType() method which Returns one of BIOMETRY_TYPE indicating which biometry type the device supports, and a canCheckAuthentication([{ authenticationType }]) method which checks whether the specified authenticationType is available.

Options

Key Platform Description Default
accessControl iOS only This dictates how a keychain item may be used, see possible values in SecureStorage.ACCESS_CONTROL. None
accessible iOS only This dictates when a keychain item is accessible, see possible values in SecureStorage.ACCESSIBLE. SecureStorage.ACCESSIBLE.WHEN_UNLOCKED
accessGroup iOS only In which App Group to share the keychain. Requires additional setup with entitlements. None
authenticationPrompt iOS only What to prompt the user when unlocking the keychain with biometry or device password. Authenticate to retrieve secret data
authenticationType iOS only Policies specifying which forms of authentication are acceptable. SecureStorage.AUTHENTICATION_TYPE.DEVICE_PASSCODE_OR_BIOMETRICS
service All Qualifier for the service. App bundle ID

SecureStorage.ACCESS_CONTROL enum

Key Description
USER_PRESENCE Constraint to access an item with either Touch ID or passcode.
BIOMETRY_ANY Constraint to access an item with Touch ID for any enrolled fingers.
BIOMETRY_CURRENT_SET Constraint to access an item with Touch ID for currently enrolled fingers.
DEVICE_PASSCODE Constraint to access an item with a passcode.
APPLICATION_PASSWORD Constraint to use an application-provided password for data encryption key generation.
BIOMETRY_ANY_OR_DEVICE_PASSCODE Constraint to access an item with Touch ID for any enrolled fingers or passcode.
BIOMETRY_CURRENT_SET_OR_DEVICE_PASSCODE Constraint to access an item with Touch ID for currently enrolled fingers or passcode.

SecureStorage.ACCESSIBLE enum

Key Description
WHEN_UNLOCKED The data in the keychain item can be accessed only while the device is unlocked by the user.
AFTER_FIRST_UNLOCK The data in the keychain item cannot be accessed after a restart until the device has been unlocked once by the user.
ALWAYS The data in the keychain item can always be accessed regardless of whether the device is locked.
WHEN_PASSCODE_SET_THIS_DEVICE_ONLY The data in the keychain can only be accessed when the device is unlocked. Only available if a passcode is set on the device. Items with this attribute never migrate to a new device.
WHEN_UNLOCKED_THIS_DEVICE_ONLY The data in the keychain item can be accessed only while the device is unlocked by the user. Items with this attribute do not migrate to a new device.
AFTER_FIRST_UNLOCK_THIS_DEVICE_ONLY The data in the keychain item cannot be accessed after a restart until the device has been unlocked once by the user. Items with this attribute never migrate to a new device.
ALWAYS_THIS_DEVICE_ONLY The data in the keychain item can always be accessed regardless of whether the device is locked. Items with this attribute never migrate to a new device.

SecureStorage.AUTHENTICATION_TYPE enum

Key Description
DEVICE_PASSCODE_OR_BIOMETRICS Device owner is going to be authenticated by biometry or device passcode.
BIOMETRICS Device owner is going to be authenticated using a biometric method (Touch ID or Face ID).

SecureStorage.BIOMETRY_TYPE enum

Key Description
TOUCH_ID Device supports authentication with Touch ID.
FACE_ID Device supports authentication with Face ID.
FINGERPRINT Device supports authentication with Android Fingerprint.