2 releases
| new 0.1.1 | Apr 25, 2024 |
|---|---|
| 0.1.0 | Apr 24, 2024 |
#571 in Cryptography
224 downloads per month
37KB
676 lines
Secure Element Library for Android and iOS
secure-env is a library that allows for key generation and signature creation using the mobile secure element.
Supported targets
aarch64-apple-iosaarch64-apple-ios-simx86_64-apple-iosaarch64-linux-androidarmv7-linux-androideabii686-linux-androidx86_64-linux-android
iOS
iOS bindings are done via security-framework. This is a safe wrapper around Apple's security.framework.
Android
Android bindings are done via jni-rs. It was discussed to use do this via IPC (Binder) or HIDL, but jni was chosen for its similicity and available documentation.
Beneath these bindings it fully relies on KeyStore. During key generation, based on the support version, setIsStrongBoxBacked is set to make sure the key is store in hardware. If this is not supported we fall back to a lower level of security setUserPresenceRequired.
NOTE: there still needs to be some additional research done into the exact garantuees that
setUserPresenceRequiredprovides. If it means TEE, it is all good.
Features
| ios | android | |
|---|---|---|
| generate keypair | ✅ | ✅ |
| get keypair by id | ✅ | ✅ |
| get public key | ✅ | ✅ |
| sign | ✅ | ✅ |
Usage
Add the dependency
NOTE: library is not released, yet.
cargo add secure-env
// src/main.rs
use secure_env::{SecureEnvironment, SecureEnvironmentOps, Key, KeyOps};
fn main() {
let key = SecureEnvironment::generate_keypair("my-key-id").unwrap();
let key_from_id = SecureEnvironment::get_keypair_by_id("my-key-id").unwrap();
let msg = b"Hello World!";
let public_key = key.get_public_key().unwrap();
let signature = key.sign(msg).unwrap();
assert!(public_key.len(), 33);
assert!(signature.len(), 64);
}
Dependencies
~2–16MB
~167K SLoC