margelo
✨ Add support for `subtle.importKey` and `subtle.sign` with HMAC
What feature or enhancement are you suggesting?
Hi,
First, thanks for maintaining this library.
My team would like to use RNQC in our mobile app. The best candidate is 0.x version but there are lacking 2 methods for our login workflow: sublte.importKey and subtle.sign with HMAC.
Here is the list of all methods we use:
| Algorithm | supported 0.x | supported 1.x | |
|---|---|---|---|
crypto.getRandomValues(array) |
✅ | ❌ | |
crypto.subtle.digest('SHA-256', data) |
SHA-256 | ✅ | ❌ |
crypto.subtle.generateKey('RSA-OAEP' ... ) |
RSA-OAEP | ✅ | ❌ |
crypto.subtle.importKey('raw' ... 'PBKDF2' ...) |
raw PBKDF2 | ✅ | ❌ |
crypto.subtle.importKey('raw' ... 'AES-CBC' ...) |
raw AES-CBC | ✅ | ❌ |
crypto.subtle.importKey('raw' ... 'HMAC'... 'SHA-256' ...) |
raw HMAC | ❌ | ❌ |
crypto.subtle.exportKey('spki' ...) (RSA-AOEP) |
spki RSA-AOEP | ✅ | ❌ |
crypto.subtle.exportKey('pkcs8' ...) (RSA-AOEP) |
pkcs8 RSA-AOEP | ✅ | ❌ |
crypto.subtle.deriveBits('PBKDF2' ... 'SHA-256' ...) |
PBKDF2 | ✅ | ❌ |
crypto.subtle.encrypt('AES-CBC' ...) |
AES-CBC | ✅ | ❌ |
crypto.subtle.sign('HMAC' ... 'SHA-256' ...) |
HMAC | ❌ | ❌ |
Are there any plan to implement missing methods?
With this compatibility array, I imagine that the "easiest" solution would be to implement them in 0.x. But if there are plans to improve the 1.x support in a short term we can wait.
I'm not sure how to help for this. My direct team has only a few knowledge on cryptography, but we can learn and try to do a PR on 0.x if you don't plan to implement it on your side. However if you have a first idea on the complexity of such a task this would help us to negociate some time to do it.
Thanks
What Platforms whould this feature/enhancement affect?
iOS, Android
Alternatives/Workarounds
For now we are using a bridge to a hidden webview that execute all the crypto methods and return them to RN.
This works well but it is way slower. Especially this impacts the app's boot time because initializing a webview can take hundred of milliseconds.
Additional information
- [x] I agree to follow this project's Code of Conduct
- [x] I searched for similar feature requests in this repository and found none.
also curious here about implementing more functions not yet covered. I'd really appreciate functionality to pull off crypto.subtle.importKey for pkcs8, looking through the code myself to see if I can write a PR but I'm not sure I'll have any real time to sink into this at the moment. would be great for a quick solution that doesn't require react-native-webview-crypto
@DavideSegullo any progress on
subtle.sign()forHMAC?
Not yet sorry, maybe end of this week I'll try to work on it!
@DavideSegullo any progress on
subtle.sign()forHMAC?Not yet sorry, maybe end of this week I'll try to work on it!
Just wanted to check if there was any update here or expected timeline on when the subtle.sign() for HMAC will be implemented. Thanks!
hey @mbirnhak I started on working on it, but I don't have a PR ready I'll try to complete it in the next days
@DavideSegullo any progress on
subtle.sign()forHMAC?Not yet sorry, maybe end of this week I'll try to work on it!
Just wanted to check if there was any update here or expected timeline on when the subtle.sign() for HMAC will be implemented. Thanks!
I tried something, but it doesn't work yet :( it crash on c++ side, I need to investigate it, let's see if I can fix it
I think #823 implements subtle.importKey() for HMAC. Check it out and let me know...