This brings window.Crypto to your React Native application. It does this by communicating with a hidden WebView, which performs the actual computation.
The Web Cryptography API is implemented in all major browsers and provides performant and secure way of doing client side encryption in JavaScript. However, it is not supported in NativeScript.
Luckily, iOS and Android browsers do support this API. This library makes use of their implementations. It creates a hidden WebView and communicates with it asynchronously. It sets the global crypto variable to an object that fulfills the Crypto interface, so that you can transparently use window.crypto the same as you would on on a browser.
This is as secure as using window.crypto in your browser on a mobile device.
This requires being setup properly with NativeScript first. Then install this as a plugin:
tns plugin add nativescript-webview-cryptoRendering the PolyfillCrypto components will start up a WebView to transparently proxy all the crypto calls to. It will also set the crypto global variable.
<Page xmlns="http://schemas.nativescript.org/tns.xsd" xmlns:WebViewCrypto="nativescript-webview-crypto"> <WebViewCrypto:WebViewCrypto /> ... </Page>Now, in any of your code, you can access window.Crypto, just like you would in a browser.
You can look at an example repo running this example for symmetric encryption in NativeScript.
Since this uses an asynchronous bridge to execute the crypto logic it can't quite execute crypto.getRandomValues correctly, because that method returns a value synchronously. It is simply impossible (as far as I know, please let me know if there any ways to get around this) to wait for the bridge to respond asynchronously before returning a value.
Instead, we return you a promise that resolves to a TypedArray. We also accept these promises on all crypto.subtle methods that takes in TypedArrays, to make it transparent and will automatically wait for them to resolve before asking the WebView execute the method.
Since JavaScriptCore does not support window.Crypto, it also doesn't have a CryptoKey interface. So instead of returning an actual CryptoKey from subtle.generateKey() we instead return an object that confirms to the CryptoKey interface and has a _jwk property that has the value of the key exported as jwk. This allows you to treat the CryptoKey as you would normally, and whenever you need to use it in some subtle method, we will automatically convert it back to a real CryptoKey from the _jwk string and the metadata.