Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@animo-id/expo-secure-environment

Package Overview
Dependencies
Maintainers
0
Versions
12
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@animo-id/expo-secure-environment

Expo Secure Environment

  • 0.1.0-alpha.11
  • latest
  • Source
  • npm
  • Socket score
Version published
Maintainers
0
Created
Source

expo-secure-environment

Cryptographic operations using the devices Secure Environment (HSM,SE,etc.) locked behind biometric authentication

Currently Android API 30+ is supported and the minimum supported version of iOS for Expo.

Supported cryptographic algorithms

key algorithm: Secp256r1

signature algorithm: ECDSA with SHA256

Create a key pair

import { generateKeypair } from "@animo-id/expo-secure-environment";

const myId = "keypair-id";

// Make sure it is backed by biometrics
generateKeypair(myId, true);

Get the public bytes by the id

Returns the compressed form of a P-256 public key (and not the DER-encoded SubjectPublicKeyInfo)

import {
    generateKeypair,
    getPublicBytesForKeyId,
} from "@animo-id/expo-secure-environment";

const myId = "keypair-id";

// Make sure it is backed by biometrics
generateKeypair(myId, true);

const publicBytes: Uint8Array = getPublicBytesForKeyId(myId);

Sign data

Returns the raw signature (and not a DER-Encoded ECDA-Sig-Value)

import {
    generateKeypair,
    sign
} from "@animo-id/expo-secure-environment";

const myId = "keypair-id";

// Make sure it is backed by biometrics
generateKeypair(myId, true);

// Make sure that when we sign we pass the third argument as true to indicate we would like to use biometrics
const signature = sign(myId, new Uint8Array(10).fill(7), true);

Keywords

FAQs

Package last updated on 22 Nov 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Tech's $90B Ghost Engineer Problem: Stanford Study Finds 9.5% of Engineers Do Almost Nothing

Security News

Tech's $90B Ghost Engineer Problem: Stanford Study Finds 9.5% of Engineers Do Almost Nothing

A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."

By Sarah Gooding  -  Nov 25, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc