how does the "react-native-vault" works behind the scenes?

[oferRounds]

Hi!

Interested to know how does the "react-native-vault" works behind the scenes, and specifically - in what way it is secured?

Thanks! Ofer

[Gitter499]

Hi,

@mattperls-code is away currently, so he won't be able to answer your question.

I won't step on his behalf since I did not write the library, and I do not want to spread misinformation.

He will be back to answer your question in the fall.

All the working code is index.js, if you're confused about something, you could contact me via Github issues and I will try to answer your questions accurately.

Thank you

[oferRounds]

Thanks @Gitter499! I will look a bit on the index.js

[mattperls-code]

The security of react native vault is pretty simple. All of the data is stored under the provided storageKey in async storage and is encrypted with the provided encryptionKey. Internally, this library uses react-native-crypto-js for encryption, specifically the AES.encrypt and AES.decrypt methods. Async storage is inherently not the safest, as it can be accessed fairly easily, but the entirety of the data is encrypted, so as long as the encryption key is strong there should be no security issue.

If you have any more questions or concerns let me know. Also if you have any suggestions for making this library more secure I would be happy to hear them.