Security News
Cloudflare Adds Security.txt Setup Wizard
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
react-native-rsa-native
Advanced tools
A native implementation of RSA key generation and encryption/decryption.
A native implementation of RSA key generation and encryption/decryption, sign/verify. Keychain implementation Implementation is in PKCS1
iOS 10+ android 4.3+ (API 18)
Features: Generation, Encryption, Decryption, Sign, Verify, Keychain support
$ yarn add react-native-rsa-native
or:
$ npm install react-native-rsa-native --save
$ react-native link react-native-rsa-native
In your React Native Xcode project, right click on your project and go 'Add Files to ...', then navigate to /node_modules/react-native-rsa-native/ios and select the RNRSA.xcodeproj file. Then in the build settings for your target under 'Link Binary With Libraries', add libRNRSA.a.
These basic examples show a typical use case using both promise chains and async/await. See the full API documentation below for more detail on the methods available.
Encrypt a message and subsequently decrypt it, using the RSA class in a promise chain structure.
import { RSA } from 'react-native-rsa-native';
let message = "my secret message";
RSA.generateKeys(4096) // set key size
.then(keys => {
console.log('4096 private:', keys.private); // the private key
console.log('4096 public:', keys.public); // the public key
RSA.encrypt(message, keys.public)
.then(encodedMessage => {
console.log(`the encoded message is ${encodedMessage}`);
RSA.decrypt(encodedMessage, keys.private)
.then(decryptedMessage => {
console.log(`The original message was ${decryptedMessage}`);
});
});
});
Sign a message and subsequently verify it, using the RSAKeychain class in an async/await structure.
import { RSAKeychain } from 'react-native-rsa-native';
async main() {
let keyTag = 'com.domain.mykey';
let message = "message to be verified";
let publicKey = await generateKeyPair(keyTag);
// Share the generated public key with third parties as desired.
let messageSignature = await RSAKeychain.sign(message, keyTag);
if (await RSAKeychain.verify(messageSignature, message, keyTag)) {
// The signature matches: trust this message.
} else {
// The signature does not match.
}
await RSAKeychain.deletePrivateKey(keyTag);
}
async generateKeyPair(keyTag : string) {
let keys = await RSAKeychain.generate(keyTag);
return keys.public;
}
Check out example App.js for a full example
A class that performs RSA cryptographic primitives in a simple and straightforward manner. If you would prefer to use the underlying operating system's built-in security keychain, use the RSAKeychain Class instead.
static generateKeys(keySize : number) : Promise<KeyPair>
Generate a public/private key pair of the given key size.
static generate() : Promise<KeyPair>
Equivalent to generateKeys(2048)
static encrypt(message : string, publicKey : string) : Promise<string>
Encrypt a given message with the provided public key, so it is decryptable with the matching private key.
static decrypt(encodedMessage : string, privateKey : string) : Promise<string>
Decrypt a given encrypted message using the private key.
static sign(message: string, privateKey : string) : Promise<string>
Sign a given message with the private key, so that any user with the message, the returned signature, and the matching public key can verify it was signed under this key.
static verify(signature : string, message : string, publicKey : string) : Promise<boolean>
Verify whether or not a provided signature was produced by signing the given message with the private key paired to the provided public key.
Like the RSA Class, but when its methods are called, instead of directly accessing the private key, the private key is stored in the underlying operating system's keychain (see documentation for iOS and for Android) using a tag which the app can use to access it. Methods then take this tag instead of the private key.
static generateKeys(keySize : number, keyTag : string) : Promise<PublicKey>
Generate a public/private key pair of the given key size, and store the private key in the operating system keychain.
static generate(keyTag : string) : Promise<KeyPair>
Equivalent to generateKeys(2048, keyTag)
static encrypt(message : string, keyTag : string) : Promise<string>
Retrieve the public key associated with the key tag, and encrypt a given message with that key, so it is decryptable with the matching private key.
static decrypt(encodedMessage : string, keyTag : string) : Promise<string>
Decrypt a given encrypted message using the private key associated with the given key tag.
static sign(message: string, keyTag : string) : Promise<string>
Sign a given message with the private key associated with the given key tag, so that any user with the message, the returned signature, and the matching public key can verify it was signed under this key.
static sign(message: string, keyTag : string, algorithm?: 'SHA256withRSA' | 'SHA512withRSA') : Promise<string>
Sign a given message with the private key associated with the given key tag, so that any user with the message, the returned signature, and the matching public key can verify it was signed under this key. The user can use SHA256withRSA or SHA512withRSA algorithm for signing. SHA256withRSA algorithm is not backward compatible on android and the user needs to generate new keypair for this to work. (available from ^1.1.0). The default is SHA512withRSA and if one wishes to use SHA512withRSA for signing without new keypair, then use the above sign method.
static verify(signature : string, message : string, keyTag : string) : Promise<boolean>
Verify whether or not a provided signature was produced by signing the given message with private key associated with the given key tag.
static verify(signature : string, message : string, keyTag : string, algorithm?: 'SHA256withRSA' | 'SHA512withRSA') : Promise<boolean>
Verify whether or not a provided signature was produced by signing the given message with private key associated with the given key tag.
static deletePrivateKey(keyTag : string) : Promise<boolean>
Delete the private key from the operating system's keychain. Returns true if the key was removed successfully.
Note: The KeyPair
type does not strictly exist.
Documentation provided here for convenience of understanding the return types
of other methods.
Property | Description |
---|---|
private : string | The RSA private key. |
public : string | The RSA public key. |
Note: The PublicKey
type does not strictly exist.
Documentation provided here for convenience of understanding the return types
of other methods.
Property | Description |
---|---|
public : string | The RSA public key. |
ETH: 0xDc2F8D78098749EB3ECdF79Fe32Efda86fEEFc3c
FAQs
A native implementation of RSA key generation and encryption/decryption.
The npm package react-native-rsa-native receives a total of 14,884 weekly downloads. As such, react-native-rsa-native popularity was classified as popular.
We found that react-native-rsa-native demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
Security News
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.