secure-enclave
Advanced tools
This module provides support for Secure Enclave operations in Electron apps.
Download a working app here: https://github.com/antelle/node-secure-enclave/releases/latest
That's what you're expected to see:
And on your Touch Bar:
Runtime:
Development:
clang-formatnpm i secure-enclave
This snippet shows the basic usage:
const SecureEnclave = require('secure-enclave');
if (!SecureEnclave.isSupported) {
// Secure Enclave cannot be used on this Mac
}
// more about this tag: https://developer.apple.com/documentation/security/certificate_key_and_trust_services/keys/generating_new_cryptographic_keys#2863927
const keyTag = 'com.your-team.app.this-key';
const key = await SecureEnclave.findKeyPair({ keyTag });
if (key) {
// key exists, you can use key.publicKey (Buffer)
const data = Buffer.from('something');
// these operations return Buffer too
data = await SecureEnclave.encrypt({ keyTag, data });
data = await SecureEnclave.decrypt({ keyTag, data,
// some human-readable text for your users
touchIdPrompt: 'decrypt data' });
// if you don't need the key anymore
await SecureEnclave.deleteKeyPair({ keyTag });
} else {
// key doesn't exist yet
await SecureEnclave.createKeyPair({ keyTag });
}
Inspect node-secure-enclave.d.ts for detailed information about the API.
To test the app, you need a provisioning profile. Generate it on Apple Developer website and save it as conf/test-app.provisionprofile.
Once you have your provisioning profile and certificates installed, put your app and team id to conf/test-app.entitlements.plist, otherwise it won't build.
Build everything and run the test app:
npm start
Generate an Xcode project for editing C++ and Objective C:
npm run generate-xcode-project
Run the test app:
npm run test-app
Run unpackaged app to iterate on UI faster (API won't work there):
npm run test-app-unpackaged
Run unit tests:
npm test
Reformat all C++ and JavaScript:
npm run format
Since you're going to store secrets in Secure Enclave, it's essential that malicious apps can't run code under your app's identity. I have a module for you that disables evil features in Electron: electron-evil-feature-patcher, this will remove all debugging flags in your app.
Otherwise, anyone can launch your app with --inspect-brk and enjoy your secrets from Secure Enclave, which defeats the purpose of code signing and provisioning.
There are several common errors:
SecKeyCreateRandomKey: A required entitlement isn't present.
If you got this, it means your app is not codesigned properly, in particular, a provisioning profile may be missing or bad in some form. More info in this thread.
To validate if everything is ok, run
codesign -d --entitlements :- your-app.app
and make sure the output contains com.apple.application-identifier and com.apple.developer.team-identifier entitlements.
FAQs
Secure Enclave module for node.js and Electron
The npm package secure-enclave receives a total of 14 weekly downloads. As such, secure-enclave popularity was classified as not popular.
We found that secure-enclave demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
Security News
A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."