Crypto module from nodejs is essential to make cryptocurrency wallet. I wanted to use this library which enables you to use node crypto module in RN.
https://github.com/mvayngrib/react-native-crypto
However, the library uses native component for random bytes generation so that I can't use it without detaching the project. It would be helpful to have api for random bytes generation as well as other reimplementations of node crypto module.
You can use this https://github.com/brix/crypto-js works fine in my expo app
@Trill Cyborg: how did you get the import to work? I keep getting the following error.
import crypto from 'crypto-js';
UnhandledPromiseRejectionWarning: Unhandled promise rejection (rejection id: 2387): UnableToResolveError: Unable to resolve module crypto from C:\Users\simon\Documents\projects\AwesomeProject\node_modules\sjcl\sjcl.js: Module does not exist in the module map or in these directories:
C:\Users\simon\Documents\projects\AwesomeProject\node_modules
, C:\Users\simon\node_modules
@Simon Vuong: Not sure. I didn't run into that error. Maybe remove and install packages will fix it
@Trill Cyborg: I can't see an easy way (not sure its even possible or advisable), to generate random bytes with crypto-js. cryptoJS.lib.WordArray.random generates random 'words' using javascript's Math.random which is probably not suitable for cryptography.
@Matej Ukmar: this seams to be fixed using linear congruential pseudo-random number generator: https://github.com/brix/crypto-js/issues/7
https://github.com/brix/crypto-js/blob/develop/src/core.js#L289-L315
I made a simple example that makes crypto-browserify work on expo and behave as the crypto api.
https://gitlab.com/agrcrobles/expo-crypto
To do that, I created a super basic implementation of randombytes that works on JavascriptCore, and used babel-plugin-module-resolved to fix the missing required().
Probably that can be considered as a workaround, since I used also global.Buffer, but that worked.
Hope that helps,
@Alejandro Garcia: That's a clean implementation! The trouble is that Math.random() is insecure (https://gitlab.com/agrcrobles/expo-crypto/blob/master/randombytes.js#L3). Currently the only ways to get a secure source of entropy are to eject and call the native crypto methods, make an http request to a server that provides a secure source, or try to capture some random user input (which may still not be enough).
@Alejandro Garcia: I get crypto module does not exist in the module map.
I've published https://github.com/kevlened/isomorphic-webcrypto to polyfill the WebCrypto API for React Native. The only catch is that it needs a way to get cryptographically secure random numbers. Right now, this isn't possible without ejecting (a real bummer). A single async method to get cryptographically secure numbers would be enough. I'll use https://www.npmjs.com/package/react-native-securerandom until then.
@Len Boyette: Thank you!
Not having this forces little kids to use Math.random() ...
I completely agree. A lot of people will need secure cyptography in the future, making this a necessary feature. Hope it will be there soon!
It doesn’t yet have random, but take a look at
https://github.com/Airbitz/react-native-fast-crypto
This supports native accelerated scrypt, pbkdf2, and secp256k1 for react-native on iOS and Android
This is what we built to for our crypto wallet Edge Wallet (https://edgesecure.co)
We’re in the process of adding AES256 and possibly other signature formats.
I originally wanted this to be node crypto compatible, but after realizing that node’s crypto was sync and RN needed to be async, I kinda gave up on making them compatible. And now that we’re adding AES256, it’s a pain to mirror the node API vs something more high level. The node api for AES256 will force you to make many round trips on the RN bridge. We have a higher level Encrypt/Decrypt API which is much more usable but it’s not currently a standard anywhere.
Please, please, please, include this! It's a bummer having to detach the project for this little thing! Just the randomBytes is more than enough.
We have a fully functional cryptocurrency wallet built with expo here: https://github.com/Overtorment/BlueWallet
@Igor Korsakov: looks like you've used the Accelerometer as your source of entropy to seed the PRNG? https://github.com/BlueWallet/BlueWallet/blob/master/entropy.js
@Tankred Hase: yes. I know that this is not very good, but its the best I could think of. Waiting for crypto to arrive at Expo
For now the only option for randombytes and react-native is to leave behind expo? Seems pretty drastic to generate secure random numbers
I originally wished this to be node crypto compatible, however when realizing that node’s crypto was correct and RN required to be async, I rather gave abreast of creating them compatible. And currently that we’re adding AES256, it’s a pain to mirror the node API vs one thing additional high level. The node api for AES256 can force you to form several spherical visits on the RN bridge. we've a better level Encrypt/Decrypt API that is way additional usable however it’s not presently a typical anyplace.
Why was it moved from "In progress" to "planned"?
I totally agree. We're at the point where security in apps is actually being written pretty early. For this to happen there needs to be a way to get randomBytes. So even if you don't include the whole crypto package, a window.randomBytes alternative like https://www.npmjs.com/package/react-native-randombytes would be awesome.