plugins-workspace icon indicating copy to clipboard operation
plugins-workspace copied to clipboard
verified publisher icon tauri-apps

Android keystore biometric encrypt decrypt

Open bprucha opened this issue 1 month ago • 4 comments

I wanted to encrypt and decrypt a database PIN to add biometric login support for the OPNManager Android app. I couldn't find any existing plugin to support this so I updated the biometric plugin. I found a year old discussion on Discord regarding similar functionality but for iOS. I commented on it suggesting we could combine our efforts to support both but haven't had any responses. Submitting this PR with support only for Android.

bprucha avatar Oct 27 '25 15:10 bprucha

I found a year old discussion on Discord regarding similar functionality but for iOS. I commented on it suggesting we could combine our efforts to support both but haven't had any responses.

can you give me a link to that or ping me there?

FabianLars avatar Oct 27 '25 15:10 FabianLars

can you give me a link to that or ping me there?

Sure: Native Biometrics

bprucha avatar Oct 27 '25 15:10 bprucha

thanks for the link and thanks for the PR!

there may be some overlap with https://github.com/tauri-apps/plugins-workspace/pull/2900 here that may need a bit more thinking. The linked thread is also very much about the keychain as well. ~~Maybe we can take some inspiration from the capawesome capacitor plugins https://capawesome.io/blog/how-to-securely-store-credentials-with-capacitor/ ~~ Nevermind, that doesn't really make sense for what we're trying to achieve here.

Then there's also the iOS keychain (for secure-storage) where you can configure it to request biometric authentication itself which obviously is the best approach to combine biometrics with secure storage (no encrypt/decrypt api though).

Having a single security stuff plugin (for keychain, encryption, biometrics, and a mix of all) sounds a bit awful as well so maybe we'll need a bit of overlap between plugins (for example, both biometrics and secure-storage being able to encrypt/decrypt), but maybe i'm just overthinking it right now because the discord thread focused so much on keychain storage.

Sorry for this mess of a comment, i'll think a bit more about it the next couple of days and try to write something more cohesive.

FabianLars avatar Oct 27 '25 16:10 FabianLars

Having a single security stuff plugin (for keychain, encryption, biometrics, and a mix of all) sounds a bit awful as well so maybe we'll need a bit of overlap between plugins (for example, both biometrics and secure-storage being able to encrypt/decrypt), but maybe i'm just overthinking it right now because the discord thread focused so much on keychain storage.

Yes, completely understand where you're going with this. I'm new to Tauri and didn't see an obvious way to tell a secure-storage type plugin how to hook into a biometric plugin. This PR just got the job done for me. I also noticed some discussion on Discord around ways to define plugin dependencies. Understood if this effort requires further framework build out to make it more robust.

bprucha avatar Oct 27 '25 17:10 bprucha