Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[feat] [biometric] Adding the capability of encrypting/decrypting data using biometric authentication on Android (Ref. #2306) #2454

Open
wants to merge 11 commits into
base: v2
Choose a base branch
from
Open

[feat] [biometric] Adding the capability of encrypting/decrypting data using biometric authentication on Android (Ref. #2306) #2454

wants to merge 11 commits into from

Conversation

charlesschaefer
Copy link

I've used the current structure of the biometric plugin to use Android's capability of encrypting/decrypting data using a key that can only be accessible when the user successfully authenticates with their registered biometric methods.

More details on the need of this change can be found on the #2306 issue.

Summary of changes:
Kotlin

  • Created the command biometricCipher that will be responsible to encrypt/decrypt data by asking the user for their biometric authentication and, when successful, get a key from android device to make the cryptography process.
  • Extracted some common code to their own functions.
  • Changed the AuthOptions class to include the fields dataToEncrypt and dataToDecrypt
  • Changed the force of authentication methods when using cryptography. Android allows using this feature only when using STRONG methods. When not using cryptography, we'll keep allowing the use of WEAK methods.

JS

  • Added the method biometricCipher
  • Changed the AuthOptions interface to include the fields dataToEncrypt and dataToDecrypt

Rust

  • Changed the AuthOptions struct to include the fields data_to_encrypt and data_to_decrypt
  • Added the CipherResult struct
  • Added the method Biometric.biometric_cipher() to access the similar method on Kotlin's side.

Some implementation notes:

  • I've used a fixed crypto algorythm instead of allowing the consumer to define it (AED with GCM block mode).
  • I detect that the consumer wants to encrypt/decrypt data only by the presence of the fields dataToEncrypt/dataToDecrypt on the AuthOptions object sent by them.
  • The flow is: the consumer can use the authenticate command as usual (if doesn't want to use cryptography) or can use the biometricCipher command (both after checking with the status command) passing the raw data to encrypt or the encrypted data to decrypt.
  • If the key used before to encrypt some raw data is not valid anymore, it will return an error (using the same authenticateResult method that is used with authenticate command).

I'll need some guidance about where to change the site's documentation to include this new method.

@charlesschaefer
�feat: adding the ability to encrypt/decrypt data based on the biomet…
779c7cd 
…ric auth

Adding the method biometricCipher() that allows to use the biometric authentication to use a generated key from android that can be accessed only through the biometric authentication. The method uses this key to encrypt/decrypt the data provided by the caller in the "options" parameter, with "dataToEncrypt" or "dataToDecrypt" filled.

Changes were done both on Kotlin, Rust and JS sides.
@charlesschaefer
Improving the way we encrypt data by allowing only if the biometric w…
19c1511 
…as successful.
@charlesschaefer
Merge branch 'tauri-apps:v2' into v2
b40ae29
@charlesschaefer
Adding a warning on the JS side
83db0d9
@charlesschaefer
Merge branch 'v2' of https://github.com/charlesschaefer/tauri-plugins…
84b9ea8 
…-workspace into v2
@charlesschaefer charlesschaefer requested a review from a team as a code owner February 23, 2025 21:43
@charlesschaefer charlesschaefer mentioned this pull request Feb 23, 2025
Open
@vasfvitor vasfvitor mentioned this pull request Feb 26, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@charlesschaefer