Crypto module from nodejs is essential to make cryptocurrency wallet. I wanted to use this library which enables you to use node crypto module in RN.
https://github.com/mvayngrib/react-native-crypto
However, the library uses native component for random bytes generation so that I can't use it without detaching the project. It would be helpful to have api for random bytes generation as well as other reimplementations of node crypto module.
@Evan Bacon: 🎉👏
@Evan Bacon: Amazing to hear, thanks so much for your efforts :)
Without a cryptographic random number generator, it is not possible to generate secure random bytes with a suitable level of entropy for use with oauth PKCE signing. As a result, it seems questionable that any Expo application utilizing oauth can claim to be properly secure.
@Ben Burton: I have the exact need.
I really need some support for crypto api in my app. I am considering to temporarily use use a 'hidden' WebView in my app to do some cryptographic tasks. Any feedback on this?
Some way of generating random bytes would be amazing to have in Expo - I currently need to generate a keypair to sign requests. My workaround for my prototype is to fetch some random bytes from random.org to use as a seed for the key generation - this is obviously also a terrible idea, but seems less bad than using Math.random()...
With multiple react-native bip44, bip39 libraries available and all of them using crypto adding this should be a priority. Most of us do not want to detach our entire project because of some entropy input.
Good idea. It's not only necessary for Cryptocurrency. Some Copyright protected files should also be sent by using crypto tools.
I'm currently 100% blocked by this, but... well... we can wait 🤷🏼♂️
Thank you guys!
You made a good site and you giving us such great remedies and tips and suggestions they all very help us. I read your articles they amazing. Thanks for sharing the best article posts. https://gethumansupport.com/gemini-customer-service/
Why was it moved from "In progress" to "planned"?
I originally wished this to be node crypto compatible, however when realizing that node’s crypto was correct and RN required to be async, I rather gave abreast of creating them compatible. And currently that we’re adding AES256, it’s a pain to mirror the node API vs one thing additional high level. The node api for AES256 can force you to form several spherical visits on the RN bridge. we've a better level Encrypt/Decrypt API that is way additional usable however it’s not presently a typical anyplace.
For now the only option for randombytes and react-native is to leave behind expo? Seems pretty drastic to generate secure random numbers
We have a fully functional cryptocurrency wallet built with expo here: https://github.com/Overtorment/BlueWallet
@Igor Korsakov: looks like you've used the Accelerometer as your source of entropy to seed the PRNG? https://github.com/BlueWallet/BlueWallet/blob/master/entropy.js
@Tankred Hase: yes. I know that this is not very good, but its the best I could think of. Waiting for crypto to arrive at Expo
@igor-korsakov: aaaaaaand we finaly ditched Expo because of this, and using proper randombytest in pure RN
Please, please, please, include this! It's a bummer having to detach the project for this little thing! Just the randomBytes is more than enough.
It doesn’t yet have random, but take a look at
https://github.com/Airbitz/react-native-fast-crypto
This supports native accelerated scrypt, pbkdf2, and secp256k1 for react-native on iOS and Android
This is what we built to for our crypto wallet Edge Wallet (https://edgesecure.co)
We’re in the process of adding AES256 and possibly other signature formats.
I originally wanted this to be node crypto compatible, but after realizing that node’s crypto was sync and RN needed to be async, I kinda gave up on making them compatible. And now that we’re adding AES256, it’s a pain to mirror the node API vs something more high level. The node api for AES256 will force you to make many round trips on the RN bridge. We have a higher level Encrypt/Decrypt API which is much more usable but it’s not currently a standard anywhere.
I completely agree. A lot of people will need secure cyptography in the future, making this a necessary feature. Hope it will be there soon!
Not having this forces little kids to use Math.random() ...
I've published https://github.com/kevlened/isomorphic-webcrypto to polyfill the WebCrypto API for React Native. The only catch is that it needs a way to get cryptographically secure random numbers. Right now, this isn't possible without ejecting (a real bummer). A single async method to get cryptographically secure numbers would be enough. I'll use https://www.npmjs.com/package/react-native-securerandom until then.
@Len Boyette: Thank you!
@Len Boyette: thanks for your work on this -- the need for cryptographically secure numbers is also needed for our PKCE auth flow for our verifiers/code challenge stuff
I made a simple example that makes crypto-browserify work on expo and behave as the crypto api.
https://gitlab.com/agrcrobles/expo-crypto
To do that, I created a super basic implementation of randombytes that works on JavascriptCore, and used babel-plugin-module-resolved to fix the missing required().
Probably that can be considered as a workaround, since I used also global.Buffer, but that worked.
Hope that helps,
@Alejandro Garcia: That's a clean implementation! The trouble is that Math.random() is insecure (https://gitlab.com/agrcrobles/expo-crypto/blob/master/randombytes.js#L3). Currently the only ways to get a secure source of entropy are to eject and call the native crypto methods, make an http request to a server that provides a secure source, or try to capture some random user input (which may still not be enough).
@Alejandro Garcia: I get crypto module does not exist in the module map.
@Len Boyette: is making an HTTP request considered secure? That sounds like a nice alternative for the time being.
@Aymeric Bouzy: Over https to a server you trust, it's secure
@Len Boyette: ok thanks for confirmation !
You can use this https://github.com/brix/crypto-js works fine in my expo app
@Trill Cyborg: how did you get the import to work? I keep getting the following error.
import crypto from 'crypto-js';
UnhandledPromiseRejectionWarning: Unhandled promise rejection (rejection id: 2387): UnableToResolveError: Unable to resolve module crypto from C:\Users\simon\Documents\projects\AwesomeProject\node_modules\sjcl\sjcl.js: Module does not exist in the module map or in these directories:
C:\Users\simon\Documents\projects\AwesomeProject\node_modules
, C:\Users\simon\node_modules
@Simon Vuong: Not sure. I didn't run into that error. Maybe remove and install packages will fix it
@Trill Cyborg: I can't see an easy way (not sure its even possible or advisable), to generate random bytes with crypto-js. cryptoJS.lib.WordArray.random generates random 'words' using javascript's Math.random which is probably not suitable for cryptography.
@Matej Ukmar: this seams to be fixed using linear congruential pseudo-random number generator: https://github.com/brix/crypto-js/issues/7
https://github.com/brix/crypto-js/blob/develop/src/core.js#L289-L315
I totally agree. We're at the point where security in apps is actually being written pretty early. For this to happen there needs to be a way to get randomBytes. So even if you don't include the whole crypto package, a window.randomBytes alternative like https://www.npmjs.com/package/react-native-randombytes would be awesome.
James Ide and I have landed two new unimodules to cover basic Crypto functionality.
1. expo-random (node.js random-bytes) https://github.com/expo/expo/tree/master/packages/expo-random
2. expo-crypto (for creating digests) https://github.com/expo/expo/tree/master/packages/expo-crypto
You can use either of these modules outside of Expo if you want. AFAIK Expo v33 will included both libraries (at which time we will mark this request as complete).
In addition to native support; both modules also have support for react-native-web!! 💙🔥⭐️😁
Will keep you updated on when these are fully complete 😁🥓