Open msalamacallsign opened 1 week ago
Hi @msalamacallsign ,
Even though you can, it is not recommended to store user credentials in your application's KeyStore.
To your original question, short answer is yes.
On Android, react-native-keychain
implements KeychainModule^2.
On iOS, it implements RNKeychainManager^3
Couple of notes on Android:
Note 1 - there are configurations where you can use react-native-keychain
with less secure options^1. This could apply to scenarios where you're targeting older devices running older versions of Android for example, where hardware security features might not be available.
Note 2 - use of the "AES" Keychain.STORAGE_TYPE
creates a KeyStore key entry that does not require user authentication (e.g., through PIN, passcode or biometrics). As a result, the symmetric key (used to encrypt and decrypt your application's data) can be used without user authentication.
This limitation is also mentioned in the package's README^4, however this may not be entirely clear to developers. Existing documentation could use some help to clear this up, which may be a future task for me I guess :).
I am using the React Native Keychain library in my project and I would like to understand more about its implementation. Specifically, I would like to know if this library uses the native iOS Keychain and Android Keystore for storing credentials securely.