React Native Encrypted Storage
React Native wrapper around SharedPreferences and Keychain to provide a secure alternative to Async Storage.
Why ?
Async Storage is great but it lacks security. This is less than ideal when storing sensitive data such as access tokens, payment information and so on. This module aims to solve this problem by providing a wrapper around Android's EncryptedSharedPreferences
and iOS' Keychain
, complete with support for TypeScript.
Version Requirements
- Android API 21+ (5.0)
- iOS 2.0
Installation
Via yarn
$ yarn add react-native-encrypted-storage
Via npm
$ npm install react-native-encrypted-storage
Linking
Since version 0.60, React Native supports auto linking. This means no additional step is needed on your end.
$ react-native link react-native-encrypted-storage
Special note for iOS using cocoapods
, run:
$ npx pod-install
Usage
This module exposes four (4) native functions to store, retrieve, remove and clear values. They can be used like so:
Import
import EncryptedStorage from 'react-native-encrypted-storage';
Storing a value
async function storeUserSession() {
try {
await EncryptedStorage.setItem(
"user_session",
JSON.stringify({
age : 21,
token : "ACCESS_TOKEN",
username : "emeraldsanto",
languages : ["fr", "en", "de"]
})
);
} catch (error) {
}
}
Retrieving a value
async function retrieveUserSession() {
try {
const session = await EncryptedStorage.getItem("user_session");
if (session !== undefined) {
}
} catch (error) {
}
}
Removing a value
async function removeUserSession() {
try {
await EncryptedStorage.removeItem("user_session");
} catch (error) {
}
}
Clearing all previously saved values
async function clearStorage() {
try {
await EncryptedStorage.clear();
} catch (error) {
}
}
Error handling
Take the removeItem
example, an error can occur when trying to remove a value which does not exist, or for any other reason. This module forwards the native iOS Security framework error codes to help with debugging.
async function removeUserSession() {
try {
await EncryptedStorage.removeItem("user_session");
} catch (error) {
console.log(error.code);
}
}
Note regarding Keychain
persistence
You'll notice that the iOS Keychain
is not cleared when your app is uninstalled, this is the expected behaviour. However, if you do want to achieve a different behaviour, you can use the below snippet to clear the Keychain
on the first launch of your app.
static void ClearKeychainIfNecessary() {
if ([[NSUserDefaults standardUserDefaults] boolForKey:@"HAS_RUN_BEFORE"] == NO) {
[[NSUserDefaults standardUserDefaults] setBool:YES forKey:@"HAS_RUN_BEFORE"];
NSArray *secItemClasses = @[
(__bridge id)kSecClassGenericPassword,
(__bridge id)kSecClassInternetPassword,
(__bridge id)kSecClassCertificate,
(__bridge id)kSecClassKey,
(__bridge id)kSecClassIdentity
];
for (id secItemClass in secItemClasses) {
NSDictionary *spec = @{(__bridge id)kSecClass: secItemClass};
SecItemDelete((__bridge CFDictionaryRef)spec);
}
}
}
@implementation AppDelegate
- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions
{
ClearKeychainIfNecessary();
RCTBridge *bridge = [[RCTBridge alloc] initWithDelegate:self launchOptions:launchOptions];
RCTRootView *rootView = [[RCTRootView alloc] initWithBridge:bridge moduleName:@"APP_NAME" initialProperties:nil];
rootView.backgroundColor = [UIColor colorWithRed:1.0f green:1.0f blue:1.0f alpha:1];
self.window = [[UIWindow alloc] initWithFrame:[UIScreen mainScreen].bounds];
UIViewController *rootViewController = [UIViewController new];
rootViewController.view = rootView;
self.window.rootViewController = rootViewController;
[self.window makeKeyAndVisible];
return YES;
}
@end
Limitations
There seems to be some confusion around the maximum size of items that can be stored, especially on iOS. According to this StackOverflow question, the actual Keychain limit is much lower than what it should theoretically be. This does not affect Android as the EncryptedSharedPreferences
API relies on the phone's storage, via XML files.
License
MIT