npm - @capgo/capacitor-native-biometric - Versions diffs - 8.2.0 → 8.3.0 - Mend

@capgo/capacitor-native-biometric 8.2.0 → 8.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md +11 -0
package/android/src/main/java/ee/forgr/biometric/NativeBiometric.java +51 -11
package/ios/Sources/NativeBiometricPlugin/NativeBiometricPlugin.swift +1 -1
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -119,6 +119,17 @@ This plugin does NOT provide:
 - ❌ Server-side authentication or validation
 - ❌ Root/jailbreak detection (use [@capgo/capacitor-is-root](https://github.com/Cap-go/capacitor-is-root))
+### Recent Security Improvements (v8.2.0+)
+**Android Encryption Enhancement**: The Android implementation now uses properly randomized Initialization Vectors (IVs) for AES-GCM encryption of stored credentials. Previous versions used a fixed IV, which is a cryptographic vulnerability.
+**Automatic Migration**: The plugin automatically handles credentials encrypted with the older method:
+- When reading credentials, it first attempts the new secure format, then falls back to the legacy format if needed
+- When saving credentials, they are always encrypted using the new secure format
+- No action required from users - migration happens transparently on first credential save after update
+**Recommendation**: After updating to v8.2.0+, users should re-save their credentials to ensure they're encrypted with the improved format. This happens automatically when users authenticate and save credentials again.
 ## Installation (Only supports Capacitor 7)
 - `npm i @capgo/capacitor-native-biometric`

package/android/src/main/java/ee/forgr/biometric/NativeBiometric.java CHANGED Viewed

@@ -40,6 +40,7 @@ import java.security.UnrecoverableEntryException;
 import java.security.cert.CertificateException;
 import java.util.ArrayList;
 import java.util.Objects;
+import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
 import javax.crypto.CipherInputStream;
 import javax.crypto.CipherOutputStream;
@@ -73,7 +74,7 @@ public class NativeBiometric extends Plugin {
     private static final String TRANSFORMATION = "AES/GCM/NoPadding";
     private static final String RSA_MODE = "RSA/ECB/PKCS1Padding";
     private static final String AES_MODE = "AES/ECB/PKCS7Padding";
-    private static final byte[] FIXED_IV = new byte[12];
+    private static final int GCM_IV_LENGTH = 12;
     private static final String ENCRYPTED_KEY = "NativeBiometricKey";
     private static final String NATIVE_BIOMETRIC_SHARED_PREFERENCES = "NativeBiometricSharedPreferences";
@@ -363,18 +364,58 @@ public class NativeBiometric extends Plugin {
     private String encryptString(String stringToEncrypt, String KEY_ALIAS) throws GeneralSecurityException, IOException {
         Cipher cipher;
         cipher = Cipher.getInstance(TRANSFORMATION);
-        cipher.init(Cipher.ENCRYPT_MODE, getKey(KEY_ALIAS), new GCMParameterSpec(128, FIXED_IV));
-        byte[] encodedBytes = cipher.doFinal(stringToEncrypt.getBytes(StandardCharsets.UTF_8));
-        return Base64.encodeToString(encodedBytes, Base64.DEFAULT);
+        // Generate a random IV for each encryption operation
+        byte[] iv = new byte[GCM_IV_LENGTH];
+        SecureRandom secureRandom = new SecureRandom();
+        secureRandom.nextBytes(iv);
+        cipher.init(Cipher.ENCRYPT_MODE, getKey(KEY_ALIAS), new GCMParameterSpec(128, iv));
+        byte[] encryptedBytes = cipher.doFinal(stringToEncrypt.getBytes(StandardCharsets.UTF_8));
+        // Prepend IV to the encrypted data
+        byte[] combined = new byte[iv.length + encryptedBytes.length];
+        System.arraycopy(iv, 0, combined, 0, iv.length);
+        System.arraycopy(encryptedBytes, 0, combined, iv.length, encryptedBytes.length);
+        return Base64.encodeToString(combined, Base64.DEFAULT);
     }
     private String decryptString(String stringToDecrypt, String KEY_ALIAS) throws GeneralSecurityException, IOException {
-        byte[] encryptedData = Base64.decode(stringToDecrypt, Base64.DEFAULT);
+        byte[] combined = Base64.decode(stringToDecrypt, Base64.DEFAULT);
-        Cipher cipher;
-        cipher = Cipher.getInstance(TRANSFORMATION);
-        cipher.init(Cipher.DECRYPT_MODE, getKey(KEY_ALIAS), new GCMParameterSpec(128, FIXED_IV));
-        byte[] decryptedData = cipher.doFinal(encryptedData);
+        // Try new format first (IV prepended to ciphertext)
+        // New format: 12-byte IV + ciphertext (plaintext + 16-byte GCM auth tag)
+        // We check for > GCM_IV_LENGTH to ensure there's at least some ciphertext beyond just the IV
+        // The cipher's doFinal() will validate the auth tag and fail if data is malformed
+        if (combined.length >= GCM_IV_LENGTH + 1) {
+            try {
+                // Extract IV from the beginning of the data
+                byte[] iv = new byte[GCM_IV_LENGTH];
+                byte[] encryptedData = new byte[combined.length - GCM_IV_LENGTH];
+                System.arraycopy(combined, 0, iv, 0, GCM_IV_LENGTH);
+                System.arraycopy(combined, GCM_IV_LENGTH, encryptedData, 0, encryptedData.length);
+                Cipher cipher = Cipher.getInstance(TRANSFORMATION);
+                cipher.init(Cipher.DECRYPT_MODE, getKey(KEY_ALIAS), new GCMParameterSpec(128, iv));
+                byte[] decryptedData = cipher.doFinal(encryptedData);
+                return new String(decryptedData, StandardCharsets.UTF_8);
+            } catch (BadPaddingException e) {
+                // Authentication tag verification failed (AEADBadTagException) or padding error
+                // BadPaddingException is the parent class of AEADBadTagException
+                // Likely means data was encrypted with legacy format - fall through to legacy decryption
+            } catch (GeneralSecurityException e) {
+                // Other security exceptions should not be masked - rethrow
+                throw e;
+            }
+        }
+        // Fallback to legacy format (FIXED_IV - all zeros)
+        // This branch handles credentials encrypted with the old vulnerable method
+        byte[] LEGACY_FIXED_IV = new byte[12]; // All zeros by default
+        Cipher cipher = Cipher.getInstance(TRANSFORMATION);
+        cipher.init(Cipher.DECRYPT_MODE, getKey(KEY_ALIAS), new GCMParameterSpec(128, LEGACY_FIXED_IV));
+        byte[] decryptedData = cipher.doFinal(combined);
         return new String(decryptedData, StandardCharsets.UTF_8);
     }
@@ -410,8 +451,7 @@ public class NativeBiometric extends Plugin {
             KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT
         )
             .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
-            .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
-            .setRandomizedEncryptionRequired(false);
+            .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE);
         if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
             if (Build.VERSION.SDK_INT < Build.VERSION_CODES.S || Build.VERSION.SDK_INT > 34) {

package/ios/Sources/NativeBiometricPlugin/NativeBiometricPlugin.swift CHANGED Viewed

@@ -11,7 +11,7 @@ import LocalAuthentication
 @objc(NativeBiometricPlugin)
 public class NativeBiometricPlugin: CAPPlugin, CAPBridgedPlugin {
-    private let pluginVersion: String = "8.2.0"
+    private let pluginVersion: String = "8.3.0"
     public let identifier = "NativeBiometricPlugin"
     public let jsName = "NativeBiometric"
     public let pluginMethods: [CAPPluginMethod] = [

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@capgo/capacitor-native-biometric",
-  "version": "8.2.0",
+  "version": "8.3.0",
   "description": "This plugin gives access to the native biometric apis for android and iOS",
   "main": "dist/plugin.cjs.js",
   "module": "dist/esm/index.js",