@dynamic-labs/react-native-extension 4.69.0 → 4.71.0

package/android/xyz/dynamic/keychain/KeyStoreKeyManager.kt

@@ -0,0 +1,148 @@
+package xyz.dynamic.keychain
+
+import android.content.Context
+import android.content.pm.PackageManager
+import android.os.Build
+import android.security.keystore.KeyGenParameterSpec
+import android.security.keystore.KeyProperties
+import android.security.keystore.StrongBoxUnavailableException
+import java.security.KeyPairGenerator
+import java.security.KeyStore
+import java.security.Signature
+import java.security.spec.ECGenParameterSpec
+
+/// Platform-agnostic Android KeyStore key manager.
+/// Provides P-256 key generation, signing, and management backed by hardware TEE/StrongBox.
+/// All public keys are returned in uncompressed SEC1 format (65 bytes: 04 || x || y).
+/// All binary data uses base64url encoding (RFC 4648 §5, no padding).
+class KeyStoreKeyManager {
+
+  fun isAvailable(context: Context?): Boolean {
+    return try {
+      val keyStore = KeyStore.getInstance(ANDROID_KEYSTORE)
+      keyStore.load(null)
+      val hasStrongBox = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P && context != null) {
+        context.packageManager.hasSystemFeature(PackageManager.FEATURE_STRONGBOX_KEYSTORE)
+      } else {
+        false
+      }
+      // Even without StrongBox, Android KeyStore provides TEE-backed keys on most devices
+      hasStrongBox || Build.VERSION.SDK_INT >= Build.VERSION_CODES.M
+    } catch (e: Exception) {
+      false
+    }
+  }
+
+  fun hasKey(alias: String): Boolean {
+    val keyStore = loadKeyStore()
+    return keyStore.containsAlias(alias)
+  }
+
+  fun generateKeyPair(alias: String): String {
+    require(!hasKey(alias)) { "Key already exists for alias: $alias" }
+
+    val specBuilder = KeyGenParameterSpec.Builder(
+      alias,
+      KeyProperties.PURPOSE_SIGN or KeyProperties.PURPOSE_VERIFY
+    )
+      .setAlgorithmParameterSpec(ECGenParameterSpec("secp256r1"))
+      .setDigests(KeyProperties.DIGEST_SHA256)
+
+    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
+      specBuilder.setIsStrongBoxBacked(true)
+    }
+
+    val keyPair = try {
+      val kpg = KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_EC, ANDROID_KEYSTORE)
+      kpg.initialize(specBuilder.build())
+      kpg.generateKeyPair()
+    } catch (e: Exception) {
+      if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P && e is StrongBoxUnavailableException) {
+        // Retry without StrongBox
+        specBuilder.setIsStrongBoxBacked(false)
+        val kpg = KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_EC, ANDROID_KEYSTORE)
+        kpg.initialize(specBuilder.build())
+        kpg.generateKeyPair()
+      } else {
+        throw e
+      }
+    }
+
+    val publicKeyBytes = extractUncompressedPublicKey(keyPair.public.encoded)
+    return base64urlEncode(publicKeyBytes)
+  }
+
+  fun getPublicKey(alias: String): String? {
+    val keyStore = loadKeyStore()
+    val entry = keyStore.getEntry(alias, null)
+
+    if (entry == null || entry !is KeyStore.PrivateKeyEntry) {
+      return null
+    }
+
+    val publicKeyBytes = extractUncompressedPublicKey(entry.certificate.publicKey.encoded)
+    return base64urlEncode(publicKeyBytes)
+  }
+
+  fun sign(alias: String, payload: ByteArray): String {
+    val keyStore = loadKeyStore()
+    val entry = keyStore.getEntry(alias, null)
+
+    require(entry != null && entry is KeyStore.PrivateKeyEntry) { "Key not found: $alias" }
+
+    val signature = Signature.getInstance("SHA256withECDSA")
+    signature.initSign(entry.privateKey)
+    signature.update(payload)
+    val signatureBytes = signature.sign()
+
+    return base64urlEncode(signatureBytes)
+  }
+
+  fun deleteKey(alias: String) {
+    val keyStore = loadKeyStore()
+    keyStore.deleteEntry(alias)
+  }
+
+  // region Private helpers
+
+  private fun loadKeyStore(): KeyStore {
+    val keyStore = KeyStore.getInstance(ANDROID_KEYSTORE)
+    keyStore.load(null)
+    return keyStore
+  }
+
+  /**
+   * Extract uncompressed SEC1 public key (65 bytes: 04 || x || y)
+   * from X.509 SubjectPublicKeyInfo DER encoding.
+   *
+   * For a P-256 key, the SubjectPublicKeyInfo contains the uncompressed
+   * point at the end of the DER structure. The point is always 65 bytes.
+   */
+  private fun extractUncompressedPublicKey(x509Encoded: ByteArray): ByteArray {
+    val uncompressedPointLength = 65
+    return x509Encoded.copyOfRange(
+      x509Encoded.size - uncompressedPointLength,
+      x509Encoded.size
+    )
+  }
+
+  private fun base64urlEncode(data: ByteArray): String {
+    return android.util.Base64.encodeToString(
+      data,
+      android.util.Base64.URL_SAFE or android.util.Base64.NO_WRAP or android.util.Base64.NO_PADDING
+    )
+  }
+
+  companion object {
+    private const val ANDROID_KEYSTORE = "AndroidKeyStore"
+
+    fun base64urlDecode(input: String): ByteArray {
+      return android.util.Base64.decode(
+        input,
+        android.util.Base64.URL_SAFE or android.util.Base64.NO_WRAP or android.util.Base64.NO_PADDING
+      )
+    }
+  }
+
+  // endregion
+}

package/android/xyz/dynamic/keychain/KeychainModule.kt

@@ -0,0 +1,71 @@
+package xyz.dynamic.keychain
+
+import expo.modules.kotlin.modules.Module
+import expo.modules.kotlin.modules.ModuleDefinition
+import expo.modules.kotlin.Promise
+
+class KeychainModule : Module() {
+  private val keyManager = KeyStoreKeyManager()
+
+  override fun definition() = ModuleDefinition { // NOSONAR (cognitive complexity — inherent to Expo module DSL pattern)
+    Name("Keychain")
+
+    AsyncFunction("isAvailable") { promise: Promise ->
+      try {
+        val context = appContext.reactContext
+        promise.resolve(keyManager.isAvailable(context))
+      } catch (e: Exception) {
+        promise.resolve(false)
+      }
+    }
+
+    AsyncFunction("hasKey") { key: String, promise: Promise ->
+      try {
+        promise.resolve(keyManager.hasKey(key))
+      } catch (e: Exception) {
+        promise.reject("ERR_KEYCHAIN", "Failed to check key: ${e.message}", e)
+      }
+    }
+
+    AsyncFunction("generateKeyPair") { key: String, promise: Promise ->
+      try {
+        val publicKey = keyManager.generateKeyPair(key)
+        promise.resolve(mapOf("publicKey" to publicKey))
+      } catch (e: Exception) {
+        promise.reject("ERR_KEYCHAIN", "Failed to generate key pair: ${e.message}", e)
+      }
+    }
+
+    AsyncFunction("getPublicKey") { key: String, promise: Promise ->
+      try {
+        val publicKey = keyManager.getPublicKey(key)
+        if (publicKey == null) {
+          promise.resolve(null)
+        } else {
+          promise.resolve(mapOf("publicKey" to publicKey))
+        }
+      } catch (e: Exception) {
+        promise.reject("ERR_KEYCHAIN", "Failed to get public key: ${e.message}", e)
+      }
+    }
+
+    AsyncFunction("sign") { key: String, payload: String, promise: Promise ->
+      try {
+        val payloadData = KeyStoreKeyManager.base64urlDecode(payload)
+        val signature = keyManager.sign(key, payloadData)
+        promise.resolve(mapOf("signature" to signature))
+      } catch (e: Exception) {
+        promise.reject("ERR_KEYCHAIN", "Failed to sign: ${e.message}", e)
+      }
+    }
+
+    AsyncFunction("deleteKey") { key: String, promise: Promise ->
+      try {
+        keyManager.deleteKey(key)
+        promise.resolve(null)
+      } catch (e: Exception) {
+        promise.reject("ERR_KEYCHAIN", "Failed to delete key: ${e.message}", e)
+      }
+    }
+  }
+}

package/expo-module.config.json

@@ -0,0 +1,9 @@
+{
+  "platforms": ["ios", "android"],
+  "ios": {
+    "modules": ["KeychainModule"]
+  },
+  "android": {
+    "modules": ["xyz.dynamic.keychain.KeychainModule"]
+  }
+}

package/index.cjs

@@ -14,6 +14,7 @@ var expoLinking = require('expo-linking');
 var expoWebBrowser = require('expo-web-browser');
 var expoSecureStore = require('expo-secure-store');
 var reactNativePasskeyStamper = require('@turnkey/react-native-passkey-stamper');
+var expoModulesCore = require('expo-modules-core');
 
 function _interopNamespace(e) {
   if (e && e.__esModule) return e;
@@ -33,7 +34,7 @@ function _interopNamespace(e) {
   return Object.freeze(n);
 }
 
-var version = "4.69.0";
+var version = "4.71.0";
 
 function _extends() {
   return _extends = Object.assign ? Object.assign.bind() : function (n) {
@@ -646,6 +647,60 @@ const setupTurnkeyPasskeyHandler = core => {
   }));
 };
 
+// eslint-disable-next-line import/no-extraneous-dependencies
+const getKeychain = () => {
+  try {
+    const keychain = expoModulesCore.requireNativeModule('Keychain');
+    return keychain;
+  } catch (error) {
+    logger.warn('Could not get dynamic keychain, using unavailable keychain');
+    const keychainUnavailableError = new Error('Keychain is not available');
+    const unavailableKeychain = {
+      deleteKey: () => Promise.reject(keychainUnavailableError),
+      generateKeyPair: () => Promise.reject(keychainUnavailableError),
+      getPublicKey: () => Promise.reject(keychainUnavailableError),
+      hasKey: () => Promise.reject(keychainUnavailableError),
+      isAvailable: () => Promise.resolve(false),
+      sign: () => Promise.reject(keychainUnavailableError)
+    };
+    return unavailableKeychain;
+  }
+};
+
+const setupKeychainHandler = core => {
+  const keychainRequestChannel = messageTransport.createRequestChannel(core.messageTransport);
+  const keychain = getKeychain();
+  keychainRequestChannel.handle('keychain_isAvailable', () => __awaiter(void 0, void 0, void 0, function* () {
+    return keychain.isAvailable();
+  }));
+  keychainRequestChannel.handle('keychain_hasKey', _a => __awaiter(void 0, [_a], void 0, function* ({
+    key
+  }) {
+    return keychain.hasKey(key);
+  }));
+  keychainRequestChannel.handle('keychain_generateKey', _b => __awaiter(void 0, [_b], void 0, function* ({
+    key
+  }) {
+    return keychain.generateKeyPair(key);
+  }));
+  keychainRequestChannel.handle('keychain_getPublicKey', _c => __awaiter(void 0, [_c], void 0, function* ({
+    key
+  }) {
+    return keychain.getPublicKey(key);
+  }));
+  keychainRequestChannel.handle('keychain_sign', _d => __awaiter(void 0, [_d], void 0, function* ({
+    key,
+    payload
+  }) {
+    return keychain.sign(key, payload);
+  }));
+  keychainRequestChannel.handle('keychain_removeKey', _e => __awaiter(void 0, [_e], void 0, function* ({
+    key
+  }) {
+    return keychain.deleteKey(key);
+  }));
+};
+
 const defaultWebviewUrl = `https://webview.dynamicauth.com/${version}`;
 const ReactNativeExtension = ({
   webviewUrl: _webviewUrl = defaultWebviewUrl,
@@ -669,6 +724,7 @@ const ReactNativeExtension = ({
   setupTurnkeyPasskeyHandler(core);
   setupPlatformHandler(core);
   setupStorageHandler(core);
+  setupKeychainHandler(core);
   return {
     reactNative: {
       WebView: createWebView({

package/index.js

@@ -10,8 +10,9 @@ import { createURL, getInitialURL, addEventListener, openURL } from 'expo-linkin
 import { openAuthSessionAsync } from 'expo-web-browser';
 import { getItemAsync, deleteItemAsync, setItemAsync } from 'expo-secure-store';
 import { createPasskey, PasskeyStamper } from '@turnkey/react-native-passkey-stamper';
+import { requireNativeModule } from 'expo-modules-core';
 
-var version = "4.69.0";
+var version = "4.71.0";
 
 function _extends() {
   return _extends = Object.assign ? Object.assign.bind() : function (n) {
@@ -624,6 +625,60 @@ const setupTurnkeyPasskeyHandler = core => {
   }));
 };
 
+// eslint-disable-next-line import/no-extraneous-dependencies
+const getKeychain = () => {
+  try {
+    const keychain = requireNativeModule('Keychain');
+    return keychain;
+  } catch (error) {
+    logger.warn('Could not get dynamic keychain, using unavailable keychain');
+    const keychainUnavailableError = new Error('Keychain is not available');
+    const unavailableKeychain = {
+      deleteKey: () => Promise.reject(keychainUnavailableError),
+      generateKeyPair: () => Promise.reject(keychainUnavailableError),
+      getPublicKey: () => Promise.reject(keychainUnavailableError),
+      hasKey: () => Promise.reject(keychainUnavailableError),
+      isAvailable: () => Promise.resolve(false),
+      sign: () => Promise.reject(keychainUnavailableError)
+    };
+    return unavailableKeychain;
+  }
+};
+
+const setupKeychainHandler = core => {
+  const keychainRequestChannel = createRequestChannel(core.messageTransport);
+  const keychain = getKeychain();
+  keychainRequestChannel.handle('keychain_isAvailable', () => __awaiter(void 0, void 0, void 0, function* () {
+    return keychain.isAvailable();
+  }));
+  keychainRequestChannel.handle('keychain_hasKey', _a => __awaiter(void 0, [_a], void 0, function* ({
+    key
+  }) {
+    return keychain.hasKey(key);
+  }));
+  keychainRequestChannel.handle('keychain_generateKey', _b => __awaiter(void 0, [_b], void 0, function* ({
+    key
+  }) {
+    return keychain.generateKeyPair(key);
+  }));
+  keychainRequestChannel.handle('keychain_getPublicKey', _c => __awaiter(void 0, [_c], void 0, function* ({
+    key
+  }) {
+    return keychain.getPublicKey(key);
+  }));
+  keychainRequestChannel.handle('keychain_sign', _d => __awaiter(void 0, [_d], void 0, function* ({
+    key,
+    payload
+  }) {
+    return keychain.sign(key, payload);
+  }));
+  keychainRequestChannel.handle('keychain_removeKey', _e => __awaiter(void 0, [_e], void 0, function* ({
+    key
+  }) {
+    return keychain.deleteKey(key);
+  }));
+};
+
 const defaultWebviewUrl = `https://webview.dynamicauth.com/${version}`;
 const ReactNativeExtension = ({
   webviewUrl: _webviewUrl = defaultWebviewUrl,
@@ -647,6 +702,7 @@ const ReactNativeExtension = ({
   setupTurnkeyPasskeyHandler(core);
   setupPlatformHandler(core);
   setupStorageHandler(core);
+  setupKeychainHandler(core);
   return {
     reactNative: {
       WebView: createWebView({

package/ios/Keychain.podspec

@@ -0,0 +1,15 @@
+Pod::Spec.new do |s|
+  s.name           = 'Keychain'
+  s.version        = '1.0.0'
+  s.summary        = 'TEE-backed key operations for Dynamic SDK'
+  s.description    = 'Provides Secure Enclave key generation, signing, and management via Expo Modules'
+  s.homepage       = 'https://www.dynamic.xyz'
+  s.license        = { type: 'MIT' }
+  s.author         = 'Dynamic Labs'
+  s.source         = { git: '' }
+  s.platform       = :ios, '15.1'
+  s.swift_version  = '5.4'
+  s.source_files   = '*.swift'
+
+  s.dependency 'ExpoModulesCore'
+end

package/ios/KeychainModule.swift

@@ -0,0 +1,39 @@
+import ExpoModulesCore
+
+public class KeychainModule: Module {
+  private let keyManager = SecureEnclaveKeyManager()
+
+  public func definition() -> ModuleDefinition {
+    Name("Keychain")
+
+    AsyncFunction("isAvailable") { () -> Bool in
+      self.keyManager.isAvailable()
+    }
+
+    AsyncFunction("hasKey") { (key: String) -> Bool in
+      self.keyManager.hasKey(tag: key)
+    }
+
+    AsyncFunction("generateKeyPair") { (key: String) -> [String: String] in
+      let publicKey = try self.keyManager.generateKeyPair(tag: key)
+      return ["publicKey": publicKey]
+    }
+
+    AsyncFunction("getPublicKey") { (key: String) -> [String: String]? in
+      guard let publicKey = try self.keyManager.getPublicKey(tag: key) else {
+        return nil
+      }
+      return ["publicKey": publicKey]
+    }
+
+    AsyncFunction("sign") { (key: String, payload: String) -> [String: String] in
+      let payloadData = try base64urlDecode(payload)
+      let signature = try self.keyManager.sign(tag: key, payload: payloadData)
+      return ["signature": signature]
+    }
+
+    AsyncFunction("deleteKey") { (key: String) in
+      self.keyManager.deleteKey(tag: key)
+    }
+  }
+}

package/ios/SecureEnclaveKeyManager.swift

@@ -0,0 +1,185 @@
+import Foundation
+import Security
+import CryptoKit
+
+public enum SecureEnclaveKeyManagerError: Error, LocalizedError {
+  case generateFailed(String)
+  case exportFailed(String)
+  case keyNotFound(String)
+  case signFailed(String)
+  case invalidBase64Input
+
+  public var errorDescription: String? {
+    switch self {
+    case .generateFailed(let detail):
+      return "Failed to generate key pair: \(detail)"
+    case .exportFailed(let detail):
+      return "Failed to export public key: \(detail)"
+    case .keyNotFound(let tag):
+      return "Key not found for tag: \(tag)"
+    case .signFailed(let detail):
+      return "Failed to sign: \(detail)"
+    case .invalidBase64Input:
+      return "Invalid base64url-encoded input"
+    }
+  }
+}
+
+/// Platform-agnostic Secure Enclave key manager.
+/// Provides P-256 key generation, signing, and management backed by the iOS Secure Enclave.
+/// All public keys are returned in uncompressed SEC1 format (65 bytes: 04 || x || y).
+/// All binary data uses base64url encoding (RFC 4648 §5, no padding).
+public class SecureEnclaveKeyManager {
+
+  // No state needed — all operations use the system Keychain and Secure Enclave directly
+  public init() {}
+
+  public func isAvailable() -> Bool {
+    if #available(iOS 13.0, *) {
+      return SecureEnclave.isAvailable
+    }
+    return false
+  }
+
+  public func hasKey(tag: String) -> Bool {
+    let query = baseQuery(for: tag, returning: true)
+    var item: CFTypeRef?
+    let status = SecItemCopyMatching(query as CFDictionary, &item)
+    return status == errSecSuccess
+  }
+
+  public func generateKeyPair(tag: String) throws -> String {
+    let tagData = tag.data(using: .utf8)!
+
+    let access = SecAccessControlCreateWithFlags(
+      kCFAllocatorDefault,
+      kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly,
+      .privateKeyUsage,
+      nil
+    )!
+
+    let attributes: [String: Any] = [
+      kSecAttrKeyType as String: kSecAttrKeyTypeECSECPrimeRandom,
+      kSecAttrKeySizeInBits as String: 256,
+      kSecAttrTokenID as String: kSecAttrTokenIDSecureEnclave,
+      kSecPrivateKeyAttrs as String: [
+        kSecAttrIsPermanent as String: true,
+        kSecAttrApplicationTag as String: tagData,
+        kSecAttrAccessControl as String: access,
+      ] as [String: Any],
+    ]
+
+    var error: Unmanaged<CFError>?
+    guard let privateKey = SecKeyCreateRandomKey(attributes as CFDictionary, &error) else {
+      throw SecureEnclaveKeyManagerError.generateFailed(
+        "\(error!.takeRetainedValue())"
+      )
+    }
+
+    guard let publicKey = SecKeyCopyPublicKey(privateKey) else {
+      throw SecureEnclaveKeyManagerError.exportFailed("Failed to extract public key")
+    }
+    let publicKeyData = try exportPublicKey(publicKey)
+    return base64urlEncode(publicKeyData)
+  }
+
+  public func getPublicKey(tag: String) throws -> String? {
+    let query = baseQuery(for: tag, returning: true)
+
+    var item: CFTypeRef?
+    let status = SecItemCopyMatching(query as CFDictionary, &item)
+
+    guard status == errSecSuccess else {
+      return nil
+    }
+
+    guard let privateKey = item as? SecKey else {
+      throw SecureEnclaveKeyManagerError.keyNotFound(tag)
+    }
+    guard let publicKey = SecKeyCopyPublicKey(privateKey) else {
+      throw SecureEnclaveKeyManagerError.exportFailed("Failed to extract public key")
+    }
+    let publicKeyData = try exportPublicKey(publicKey)
+    return base64urlEncode(publicKeyData)
+  }
+
+  public func sign(tag: String, payload: Data) throws -> String {
+    let query = baseQuery(for: tag, returning: true)
+
+    var item: CFTypeRef?
+    let status = SecItemCopyMatching(query as CFDictionary, &item)
+
+    guard status == errSecSuccess else {
+      throw SecureEnclaveKeyManagerError.keyNotFound(tag)
+    }
+
+    guard let privateKey = item as? SecKey else {
+      throw SecureEnclaveKeyManagerError.keyNotFound(tag)
+    }
+
+    var error: Unmanaged<CFError>?
+    guard let signature = SecKeyCreateSignature(
+      privateKey,
+      .ecdsaSignatureMessageX962SHA256,
+      payload as CFData,
+      &error
+    ) else {
+      throw SecureEnclaveKeyManagerError.signFailed(
+        "\(error!.takeRetainedValue())"
+      )
+    }
+
+    return base64urlEncode(signature as Data)
+  }
+
+  public func deleteKey(tag: String) {
+    let query = baseQuery(for: tag, returning: false)
+    SecItemDelete(query as CFDictionary)
+  }
+
+  // MARK: - Private helpers
+
+  private func baseQuery(for tag: String, returning returnRef: Bool) -> [String: Any] {
+    var query: [String: Any] = [
+      kSecClass as String: kSecClassKey,
+      kSecAttrApplicationTag as String: tag.data(using: .utf8)!,
+      kSecAttrKeyType as String: kSecAttrKeyTypeECSECPrimeRandom,
+    ]
+    if returnRef {
+      query[kSecReturnRef as String] = true
+    }
+    return query
+  }
+
+  private func exportPublicKey(_ publicKey: SecKey) throws -> Data {
+    var error: Unmanaged<CFError>?
+    guard let data = SecKeyCopyExternalRepresentation(publicKey, &error) else {
+      throw SecureEnclaveKeyManagerError.exportFailed(
+        "\(error!.takeRetainedValue())"
+      )
+    }
+    // SecKeyCopyExternalRepresentation returns uncompressed SEC1 format (04 || x || y)
+    return data as Data
+  }
+
+  private func base64urlEncode(_ data: Data) -> String {
+    data.base64EncodedString()
+      .replacingOccurrences(of: "+", with: "-")
+      .replacingOccurrences(of: "/", with: "_")
+      .replacingOccurrences(of: "=", with: "")
+  }
+}
+
+public func base64urlDecode(_ string: String) throws -> Data {
+  var base64 = string
+    .replacingOccurrences(of: "-", with: "+")
+    .replacingOccurrences(of: "_", with: "/")
+  let remainder = base64.count % 4
+  if remainder > 0 {
+    base64 += String(repeating: "=", count: 4 - remainder)
+  }
+  guard let data = Data(base64Encoded: base64) else {
+    throw SecureEnclaveKeyManagerError.invalidBase64Input
+  }
+  return data
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dynamic-labs/react-native-extension",
-  "version": "4.69.0",
+  "version": "4.71.0",
   "main": "./index.cjs",
   "module": "./index.js",
   "types": "./src/index.d.ts",
@@ -18,11 +18,11 @@
     "@turnkey/react-native-passkey-stamper": "1.2.7",
     "@react-native-documents/picker": "^11.0.0",
     "react-native-fs": ">=2.20.0",
-    "@dynamic-labs/assert-package-version": "4.69.0",
-    "@dynamic-labs/client": "4.69.0",
-    "@dynamic-labs/logger": "4.69.0",
-    "@dynamic-labs/message-transport": "4.69.0",
-    "@dynamic-labs/webview-messages": "4.69.0"
+    "@dynamic-labs/assert-package-version": "4.71.0",
+    "@dynamic-labs/client": "4.71.0",
+    "@dynamic-labs/logger": "4.71.0",
+    "@dynamic-labs/message-transport": "4.71.0",
+    "@dynamic-labs/webview-messages": "4.71.0"
   },
   "peerDependencies": {
     "react": ">=18.0.0 <20.0.0",
@@ -30,6 +30,7 @@
     "react-native-webview": "^13.6.4",
     "expo-linking": ">=6.2.2",
     "expo-web-browser": ">=12.0.0",
-    "expo-secure-store": ">=12.0.0"
+    "expo-secure-store": ">=12.0.0",
+    "expo-modules-core": ">=2.0.0"
   }
 }

package/src/ReactNativeExtension/setupKeychainHandler/index.d.ts

@@ -0,0 +1 @@
+export { setupKeychainHandler } from './setupKeychainHandler';

package/src/ReactNativeExtension/setupKeychainHandler/setupKeychainHandler.d.ts

@@ -0,0 +1,2 @@
+import { Core } from '@dynamic-labs/client';
+export declare const setupKeychainHandler: (core: Core) => void;

package/src/nativeModules/Keychain.d.ts

@@ -0,0 +1,16 @@
+type KeychainNativeModule = {
+    isAvailable: () => Promise<boolean>;
+    hasKey: (key: string) => Promise<boolean>;
+    generateKeyPair: (key: string) => Promise<{
+        publicKey: string;
+    }>;
+    getPublicKey: (key: string) => Promise<{
+        publicKey: string;
+    } | null>;
+    sign: (key: string, payload: string) => Promise<{
+        signature: string;
+    }>;
+    deleteKey: (key: string) => Promise<void>;
+};
+export declare const getKeychain: () => KeychainNativeModule;
+export {};