jzjones-lc
commented
6 years ago I did some digging into the plugin code. In iOS it seems like they use the native Keychain API; according to the Apple official security document this uses AES 128 in GCM. Here's a link with more info: https://www.apple.com/business/docs/iOS_Security_Guide.pdf the information I'm referring to can be found on page 16. In Android it looks like they are using the native Keystore feature, by inspecting the native Android code in the plugin it looks like they're specifying AES with CBC block mode and PKCS7 padding. Here's the native code where the Android secure storage is taking place: https://github.com/sjhoeksma/cordova-plugin-keychain-touch-id/blob/master/src/android/FingerprintAuth.java around lines 113 and 126 you can see where they specify these parameters.
Can anyone confirm if this is correct?
What encryption specification is this plugin using for Android and iOS? Is this something that is uniform for all secure storage on these platforms? Or is this plugin specifying a certain key size, strength, etc?