stackoom
  简体   繁体   中英

How to store sensitive data in React Native or expo code ? ( with Keychain and Keystore )

 原文  2016-11-25 02:50:11       javascript/ security/ react-native/ oauth/ oauth-2.0

Question

I saw a couple of questions asking about "How to store sensitive data en React Native" (like this and this ), but, all of those cases were talking about taking some sensitive data dynamically (from a server, for example), and then storage it using AsyncStorage . But, what about if you need to WRITE a sensitive TOKEN/PASSWORD in the CODE?

For example, I want to implement this library: https://github.com/fullstackreact/react-native-oauth As you can see in the first example, I have to write in the code the secret token.

Is there a file in all the react-native project directory where I can put my tokens and then get it in the application? How much secure is to manipulate those secure tokens in the application?

Thanks

3 answers

solution1
 5 ACCPTED  2017-08-09 08:18:14

How to store sensitive data in React Native code?

The libraries

Now multiples libraries allow you to store sensitive in React Native code:

Note: On the native side, theses libraries can use:

Example

Here is an example of usage with react-native-keychain to store sensitive data with react-native

For iOS it use Keychain Sharing Capabilities

For Android it use:

  • API level 16-22 use Facebook Conceal
  • API level 23+ use Android Keystore

You can use it like that:

// Generic Password, service argument optional
Keychain
  .setGenericPassword(username, password)
  .then(function() {
    console.log('Credentials saved successfully!');
  });

// service argument optional
Keychain
  .getGenericPassword()
  .then(function(credentials) {
    console.log('Credentials successfully loaded for user ' + credentials.username);
  }).catch(function(error) {
    console.log('Keychain couldn\'t be accessed! Maybe no value set?', error);
  });

solution2
 0  2021-09-17 06:37:05

Generally, AsyncStorage is used to store data in react-native, but it is not secure at all. expo-secure-store is maintained and developed by the expo-team and works same as AsyncStorage.

It uses encrypted keychain services which hashes the data when stored and retrieved, making it super secure.

solution3
 0  2021-09-17 07:20:28

Also, encrypted databases such as Realm could be used, and encryption keys would be stored in Keychain.

Realm is also probably not supported by Expo (so you either need to use bare React Native workflow or eject).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to return Sensitive Info Keychain value in React Native? How to add native code to React Native (Expo) How to fetch data from firestore in react native expo? Flatlist not rendering the code in react native expo Expo QR code not showing for a React Native App How to store data locally in React Native that is not a string How to securely store data in iOS with React Native? React Native saving data on app in expo go axios get data react native expo IOS How to store and use sensitive data in ReactJS
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM