cordova-plugin-airgap-secure-storage

AirGap Secure Storage securely encrypts and stores sensitive information and data on your device

Usage no npm install needed!

<script type="module">
  import cordovaPluginAirgapSecureStorage from 'https://cdn.skypack.dev/cordova-plugin-airgap-secure-storage';
</script>

README

AirGap Secure Storage - Cordova Plugin

Installation

Install the plugin simply using npm:

npm install cordova-plugin-airgap-secure-storage --save

Make sure the plugin is added in your cordova config.xml as follows:

<plugin name="cordova-plugin-airgap-secure-storage" spec="0.1.5" />

iOS

In order to use Face ID, this plugins requires the following usage description:

  • NSFaceIDUsageDescription describes the reason why the app needs access to the secure storage.

To add this entry into the info.plist, you can use the edit-config tag in the config.xml like this:

<edit-config target="NSFaceIDUsageDescription" file="*-Info.plist" mode="merge">
    <string>Face ID is needed to save your keys to the secure storage.</string>
</edit-config>

Pre-Requisites Android / iOS

To work, SecureStorage requires a secure lock-screen setup, either secured by a PIN / Pattern or Fingerprint. Otherwise, the keystore cannot be used to safely store data.

Android Version Support

Versions below Android 4.3 (API Version 18) are not supported by this plugin.

Version Fingerprint / Biometric Paranoia Mode (additional Encryption) Lockscreen Setup (PIN)
>= Android 6.0 M (23) Optional Required
>= Android 4.3 (18) Required Required

Usage

The plugin provides a global variable as any cordova plugin does, to create a new instance call it as follows:

const secureStorage = new window.SecureStorage("secure-storage-alias", false)

You need to init() the SecureStorage instance in order to set it up properly if necessary.

secureStorage.init(() => {
    // successful setup
}), (error) => {
    // setup failed
})

Then, the plugin provides the following functionalities:

secureStorage.isDeviceSecure(key, value, () => {}, (error) => {})
secureStorage.secureDevice(key, value, () => {}, (error) => {})

secureStorage.setItem(key, value, () => {}, (error) => {})
secureStorage.getItem(key, (value) => {}, (error) => {})
secureStorage.removeItem(key, () => {}, (error) => {})
secureStorage.removeAll(key, () => {}, (error) => {})

Everything else is handled by the device.