react-native-security-suite 0.1.2 → 0.2.0

package/android/src/main/java/com/reactnativesecuritysuite/SecuritySuiteModule.java

@@ -1,7 +1,6 @@
 package com.reactnativesecuritysuite;
 
-import androidx.annotation.NonNull;
-
+import com.facebook.react.bridge.Callback;
 import com.facebook.react.bridge.Promise;
 import com.facebook.react.bridge.ReactApplicationContext;
 import com.facebook.react.bridge.ReactContextBaseJavaModule;
@@ -9,30 +8,195 @@ import com.facebook.react.bridge.ReactMethod;
 import com.facebook.react.module.annotations.ReactModule;
 import com.scottyab.rootbeer.RootBeer;
 
+import androidx.annotation.NonNull;
+
+import android.provider.Settings;
+import android.util.Base64;
+import android.util.Log;
+
+import java.nio.charset.Charset;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.spec.ECGenParameterSpec;
+import java.security.spec.X509EncodedKeySpec;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.KeyAgreement;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.GCMParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+
 @ReactModule(name = SecuritySuiteModule.NAME)
 public class SecuritySuiteModule extends ReactContextBaseJavaModule {
-    public static final String NAME = "SecuritySuite";
-    private ReactApplicationContext context;
+  public static final String NAME = "SecuritySuite";
+  private ReactApplicationContext context;
+
+  KeyPairGenerator kpg;
+  KeyPair kp;
+  PublicKey publicKey;
+  PublicKey serverPublicKey;
+  PrivateKey privateKey;
+  String sharedKey;
+  SecretKey secretKey;
+
+  public SecuritySuiteModule(ReactApplicationContext reactContext) {
+    super(reactContext);
+    context = reactContext;
+    generateKeyPair();
+  }
 
-    public SecuritySuiteModule(ReactApplicationContext reactContext) {
-        super(reactContext);
-        context = reactContext;
+  private void generateKeyPair() {
+    try {
+      kpg = KeyPairGenerator.getInstance("EC");
+      ECGenParameterSpec prime256v1ParamSpec = new ECGenParameterSpec("secp256r1");
+      kpg.initialize(prime256v1ParamSpec);
+      kp = kpg.genKeyPair();
+      publicKey = kp.getPublic();
+      privateKey = kp.getPrivate();
+    } catch (Exception e) {
+      Log.e("generateKeyPair Error: ", String.valueOf(e));
     }
+  }
 
-    @Override
-    @NonNull
-    public String getName() {
-        return NAME;
+  @ReactMethod
+  public void getPublicKey(Promise promise) {
+    String base64DEREncoded = Base64.encodeToString(publicKey.getEncoded(), Base64.DEFAULT);
+    promise.resolve(base64DEREncoded);
+  }
+
+  private static SecretKey agreeSecretKey(PrivateKey prk_self, PublicKey pbk_peer, boolean lastPhase) throws Exception {
+    SecretKey desSpec;
+    try {
+      KeyAgreement keyAgree = KeyAgreement.getInstance("ECDH");
+      keyAgree.init(prk_self);
+      keyAgree.doPhase(pbk_peer, true);
+      byte[] sec = keyAgree.generateSecret();
+      desSpec = new SecretKeySpec(sec, "AES");
+    } catch (NoSuchAlgorithmException e) {
+      throw new Exception();
+    } catch (InvalidKeyException e) {
+      throw new Exception();
     }
+    return desSpec;
+  }
 
+  @ReactMethod
+  public void getSharedKey(String serverPK, Promise promise) {
+    try {
+      X509EncodedKeySpec keySpec = new X509EncodedKeySpec(Base64.decode(serverPK.getBytes(), Base64.DEFAULT));  // Change ASN1 to publicKey
+      KeyFactory keyFactory = KeyFactory.getInstance("EC");
+      serverPublicKey = keyFactory.generatePublic(keySpec);
+      secretKey = agreeSecretKey(kp.getPrivate(), serverPublicKey, true);
+      sharedKey = Base64.encodeToString(secretKey.getEncoded(), Base64.DEFAULT);
+      promise.resolve(sharedKey);
+    } catch (Exception e) {
+      Log.e("getSharedKey Error: ", String.valueOf(e));
+      promise.reject(String.valueOf(e));
+    }
+  }
 
-    // Example method
-    // See https://reactnative.dev/docs/native-modules-android
-    @ReactMethod
-    public void deviceHasSecurityRisk(Promise promise) {
-        RootBeer rootBeer = new RootBeer(context);
-        promise.resolve(rootBeer.isRooted());
+  @ReactMethod
+  public void encrypt(String input, Promise promise) {
+    try {
+      byte[] inputByte = input.getBytes();
+      Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
+      byte[] decodedKey = Base64.decode(sharedKey, Base64.DEFAULT);
+      SecretKey secretKeySpec = new SecretKeySpec(decodedKey, 0, decodedKey.length, "AES");
+      cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec);
+      byte[] iv = cipher.getIV();
+      assert iv.length == 12;
+      byte[] cipherText = cipher.doFinal(inputByte);
+      if (cipherText.length != inputByte.length + 16)
+        throw new IllegalStateException();
+      byte[] output = new byte[12 + inputByte.length + 16];
+      System.arraycopy(iv, 0, output, 0, 12);
+      System.arraycopy(cipherText, 0, output, 12, cipherText.length);
+      promise.resolve(Base64.encodeToString(output, Base64.NO_WRAP));
+    } catch (Exception e) {
+      Log.e("encrypt Error: ", String.valueOf(e));
+      promise.reject(String.valueOf(e));
     }
+  }
+
+  @ReactMethod
+  public void decrypt(String input, Promise promise) {
+    try {
+      byte[] inputBytes = Base64.decode(input.getBytes(), Base64.DEFAULT);
+      if (inputBytes.length < 12 + 16) throw new IllegalArgumentException();
+      Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
+      GCMParameterSpec params = new GCMParameterSpec(128, inputBytes, 0, 12);
+      byte[] decodedKey = Base64.decode(sharedKey, Base64.DEFAULT);
+      SecretKey secretKeySpec = new SecretKeySpec(decodedKey, 0, decodedKey.length, "AES");
+      cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, params);
+      byte[] plaintext = cipher.doFinal(inputBytes, 12, inputBytes.length - 12);
+      String decrypted = new String(plaintext, Charset.forName("UTF-8"));
+      promise.resolve(decrypted);
+    } catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException | InvalidAlgorithmParameterException e) {
+      promise.reject(e);
+    }
+  }
+
+  @ReactMethod
+  public void getDeviceId(Callback callback) {
+    try {
+      String deviceId = getAndroidId();
+      callback.invoke(deviceId, null);
+    } catch (Exception e) {
+      callback.invoke(null, e);
+    }
+  }
+
+  @ReactMethod
+  public void storageEncrypt(String input, String secretKey, Boolean hardEncryption, Callback callback) {
+    try {
+      String key = getAndroidId();
+      if (secretKey != null) {
+        key = secretKey;
+      }
+      String encryptedMessage = StorageEncryption.encrypt(input, key, hardEncryption);
+      callback.invoke(encryptedMessage, null);
+    } catch (Exception e) {
+      callback.invoke(null, e);
+    }
+  }
+
+  @ReactMethod
+  public void storageDecrypt(String input, String secretKey, Boolean hardEncryption, Callback callback) {
+    try {
+      String key = getAndroidId();
+      if (secretKey != null) {
+        key = secretKey;
+      }
+      String decryptedMessage = StorageEncryption.decrypt(input, key);
+      callback.invoke(decryptedMessage, null);
+    } catch (Exception e) {
+      callback.invoke(null, e.getMessage());
+    }
+  }
+
+  private String getAndroidId() {
+    return Settings.Secure.getString(context.getContentResolver(),
+      Settings.Secure.ANDROID_ID);
+  }
+
+  @ReactMethod
+  public void deviceHasSecurityRisk(Promise promise) {
+    RootBeer rootBeer = new RootBeer(context);
+    promise.resolve(rootBeer.isRooted());
+  }
 
-    public static native int nativeMultiply(int a, int b);
+  @Override
+  @NonNull
+  public String getName() {
+    return NAME;
+  }
 }

package/android/src/main/java/com/reactnativesecuritysuite/SecuritySuitePackage.java

@@ -12,17 +12,17 @@ import java.util.Collections;
 import java.util.List;
 
 public class SecuritySuitePackage implements ReactPackage {
-    @NonNull
-    @Override
-    public List<NativeModule> createNativeModules(@NonNull ReactApplicationContext reactContext) {
-        List<NativeModule> modules = new ArrayList<>();
-        modules.add(new SecuritySuiteModule(reactContext));
-        return modules;
-    }
+  @NonNull
+  @Override
+  public List<NativeModule> createNativeModules(@NonNull ReactApplicationContext reactContext) {
+    List<NativeModule> modules = new ArrayList<>();
+    modules.add(new SecuritySuiteModule(reactContext));
+    return modules;
+  }
 
-    @NonNull
-    @Override
-    public List<ViewManager> createViewManagers(@NonNull ReactApplicationContext reactContext) {
-        return Collections.emptyList();
-    }
+  @NonNull
+  @Override
+  public List<ViewManager> createViewManagers(@NonNull ReactApplicationContext reactContext) {
+    return Collections.emptyList();
+  }
 }

package/android/src/main/java/com/reactnativesecuritysuite/StorageEncryption.java

@@ -0,0 +1,53 @@
+package com.reactnativesecuritysuite;
+
+
+import android.util.Base64;
+
+import java.security.SecureRandom;
+import java.util.Arrays;
+
+import javax.crypto.Cipher;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+
+public class StorageEncryption {
+
+  public static String encrypt(String input, String encryptionKey, Boolean hardEncryption) {
+    try {
+      byte[] iv = new byte[16];
+      if (hardEncryption) {
+        new SecureRandom().nextBytes(iv);
+      }
+
+      Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
+      cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(encryptionKey.getBytes("utf-8"), "AES"), new IvParameterSpec(iv));
+      byte[] cipherText = cipher.doFinal(input.getBytes("utf-8"));
+      byte[] ivAndCipherText = getCombinedArray(iv, cipherText);
+      return Base64.encodeToString(ivAndCipherText, Base64.NO_WRAP);
+    } catch (Exception e) {
+      return null;
+    }
+  }
+
+  public static String decrypt(String encoded, String encryptionKey) {
+    try {
+      byte[] ivAndCipherText = Base64.decode(encoded, Base64.NO_WRAP);
+      byte[] iv = Arrays.copyOfRange(ivAndCipherText, 0, 16);
+      byte[] cipherText = Arrays.copyOfRange(ivAndCipherText, 16, ivAndCipherText.length);
+
+      Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
+      cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(encryptionKey.getBytes("utf-8"), "AES"), new IvParameterSpec(iv));
+      return new String(cipher.doFinal(cipherText), "utf-8");
+    } catch (Exception e) {
+      return null;
+    }
+  }
+
+  private static byte[] getCombinedArray(byte[] one, byte[] two) {
+    byte[] combined = new byte[one.length + two.length];
+    for (int i = 0; i < combined.length; ++i) {
+      combined[i] = i < one.length ? one[i] : two[i - one.length];
+    }
+    return combined;
+  }
+}

package/ios/DataHashingMethods.swift

@@ -0,0 +1,196 @@
+//
+//  Data+HashingMethods.swift
+//
+//  Created by Amir Sepehrom on 5/31/21.
+//
+
+import Foundation
+import Security
+import CommonCrypto
+
+extension SecKey {
+    
+    fileprivate subscript(attribute attr: CFString) -> Any? {
+        let attributes = SecKeyCopyAttributes(self) as? [CFString: Any]
+        return attributes?[attr]
+    }
+    
+    /// Returns key length.
+    public var keySize: Int {
+        // swiftlint: disable force_cast
+        return self[attribute: kSecAttrKeySizeInBits] as! Int
+    }
+    
+    /// Returns encryption method of key.
+    public var type: KeyType {
+        // swiftlint: disable force_cast
+        let type = self[attribute: kSecAttrType] as! CFString
+        return KeyType(rawValue: type)!
+    }
+    
+    /// Public ASN1 header appropriate for current key.
+    fileprivate func asn1Header() throws -> Data {
+        return try type.asn1Header(keySize: keySize)
+    }
+    
+    /// Exporable key data with ASN1 header.
+    public func bytes() throws -> Data {
+        return try asn1Header() + rawBytes()
+    }
+    
+    /// Raw bytes for key that generated by Security framework.
+    public func rawBytes() throws -> Data {
+        var error: Unmanaged<CFError>?
+        
+        guard let keyData = SecKeyCopyExternalRepresentation(self, &error) as Data? else {
+            throw error?.takeRetainedValue() ?? CryptographyError.invalidKey
+        }
+        return keyData
+    }
+    
+    /// Encryption method
+    public enum KeyType: RawRepresentable {
+        /// Eliptic curve
+        case ec
+        /// RSA
+        case rsa
+        
+        /// Initilize from kSecAttrKeyType string constant.
+        public init?(rawValue: CFString) {
+            switch rawValue {
+            case kSecAttrKeyTypeEC, kSecAttrKeyTypeECSECPrimeRandom:
+                self = .ec
+            case kSecAttrKeyTypeRSA:
+                self = .rsa
+            default:
+                return nil
+            }
+        }
+        
+        /// kSecAttrKeyType counterpart of option.
+        public var rawValue: CFString {
+            switch self {
+            case .ec:
+                return kSecAttrKeyTypeECSECPrimeRandom
+            case .rsa:
+                return kSecAttrKeyTypeRSA
+            }
+        }
+        
+        /// ASN1 headers for encrypting public keys.
+        public struct ASN1 {
+            public static let rsa2048 = Data(base64Encoded: "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A")!
+            public static let rsa4096 = Data(base64Encoded: "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A")!
+            public static let ec256   = Data(base64Encoded: "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgA=")!
+            public static let ec384   = Data(base64Encoded: "MHYwEAYHKoZIzj0CAQYFK4EEACIDYgA=")!
+            public static let ec521   = Data(base64Encoded: "MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAA==")!
+        }
+        
+        func asn1Header(keySize: Int) throws -> Data {
+            switch (self, keySize) {
+            case (.ec, 256):
+                return ASN1.ec256
+            case (.ec, 384):
+                return ASN1.ec384
+            case (.ec, 521):
+                return ASN1.ec521
+            case (.rsa, 2048):
+                return ASN1.rsa2048
+            case (.rsa, 4096):
+                return ASN1.rsa4096
+            default:
+                throw CryptographyError.unsupported
+            }
+        }
+    }
+}
+
+public enum CryptographyError: Error {
+    /// Key data is not valid or not conform to expected type and length.
+    case invalidKey
+    /// Encryption failed.
+    case failedEncryption
+    /// Decryption failed.
+    case failedDecryption
+    /// Data that passed to encrypt/decrypt is empty.
+    case emptyData
+    /// Encrypted data is not valid or encrypted with another key type.
+    case invalidData
+    /// Encryption/Decryption method is not supported.
+    case unsupported
+    
+    // Enclave
+    /// Private key is not exist on the device enclave.
+    case keyNotFound
+    /// Operation with private key which saved in enclave is not posssible.
+    case notAllowed
+}
+
+public enum Digest: String {
+    case md5 = "MD5"
+    case sha1 = "SHA1"
+    case sha256 = "SHA256"
+    case sha384 = "SHA384"
+    case sha512 = "SHA512"
+    
+    public var length: Int {
+        switch self {
+        case .md5:
+            return Int(CC_MD5_DIGEST_LENGTH)
+        case .sha1:
+            return Int(CC_SHA1_DIGEST_LENGTH)
+        case .sha256:
+            return Int(CC_SHA256_DIGEST_LENGTH)
+        case .sha384:
+            return Int(CC_SHA384_DIGEST_LENGTH)
+        case .sha512:
+            return Int(CC_SHA512_DIGEST_LENGTH)
+        }
+    }
+    
+    public var hmacAlgorithm: CCHmacAlgorithm {
+        switch self {
+        case .md5:
+            return CCHmacAlgorithm(kCCHmacAlgMD5)
+        case .sha1:
+            return CCHmacAlgorithm(kCCHmacAlgSHA1)
+        case .sha256:
+            return CCHmacAlgorithm(kCCHmacAlgSHA256)
+        case .sha384:
+            return CCHmacAlgorithm(kCCHmacAlgSHA384)
+        case .sha512:
+            return CCHmacAlgorithm(kCCHmacAlgSHA512)
+        }
+    }
+}
+
+extension Data {
+    /**
+     Calculates hash digest of data.
+     
+     - Parameter digest: digest type. Currently only SHA is supported.
+     - Returns: A data object with length equal to digest length.
+     */
+    public func hash(digest: Digest) -> Data {
+        guard !isEmpty else { return Data() }
+        var result = [UInt8](repeating: 0, count: digest.length)
+        self.withUnsafeBytes { (buf: UnsafeRawBufferPointer) -> Void in
+            let ptr = buf.baseAddress!
+            let dataLen = CC_LONG(buf.count)
+            switch digest {
+            case .md5:
+                CC_MD5(ptr, dataLen, &result)
+            case .sha1:
+                CC_SHA1(ptr, dataLen, &result)
+            case .sha256:
+                CC_SHA256(ptr, dataLen, &result)
+            case .sha384:
+                CC_SHA384(ptr, dataLen, &result)
+            case .sha512:
+                CC_SHA512(ptr, dataLen, &result)
+            }
+        }
+        
+        return Data(result)
+    }
+}

package/ios/SecuritySuite-Bridging-Header.h

@@ -1,2 +1,3 @@
 #import <React/RCTBridgeModule.h>
 #import <React/RCTViewManager.h>
+#import <CommonCrypto/CommonCrypto.h>

package/ios/SecuritySuite.m

@@ -2,6 +2,20 @@
 
 @interface RCT_EXTERN_MODULE(SecuritySuite, NSObject)
 
+RCT_EXTERN_METHOD(getPublicKey:(RCTPromiseResolveBlock)resolve withRejecter:(RCTPromiseRejectBlock)reject)
+
+RCT_EXTERN_METHOD(getSharedKey:(NSString)serverPK withResolver:(RCTPromiseResolveBlock)resolve withRejecter:(RCTPromiseRejectBlock)reject)
+
+RCT_EXTERN_METHOD(encrypt:(NSString)input withResolver:(RCTPromiseResolveBlock)resolve withRejecter:(RCTPromiseRejectBlock)reject)
+
+RCT_EXTERN_METHOD(decrypt:(NSString)input withResolver:(RCTPromiseResolveBlock)resolve withRejecter:(RCTPromiseRejectBlock)reject)
+
+RCT_EXTERN_METHOD(getDeviceId:(RCTResponseSenderBlock)callback)
+
+RCT_EXTERN_METHOD(storageEncrypt:(NSString)input withSecretKey:(NSString*)secretKey withHardEncryption:(BOOL)hardEncryption withCallback:(RCTResponseSenderBlock)callback)
+
+RCT_EXTERN_METHOD(storageDecrypt:(NSString)input withSecretKey:(NSString*)secretKey withHardEncryption:(BOOL)hardEncryption withCallback:(RCTResponseSenderBlock)callback)
+
 RCT_EXTERN_METHOD(deviceHasSecurityRisk:(RCTPromiseResolveBlock)resolve withRejecter:(RCTPromiseRejectBlock)reject)
 
 + (BOOL)requiresMainQueueSetup

package/ios/SecuritySuite.swift

@@ -1,7 +1,128 @@
 import IOSSecuritySuite
+import Foundation
+import CryptoKit
+import SwiftUI
 
+@available(iOS 13.0, *)
 @objc(SecuritySuite)
 class SecuritySuite: NSObject {
+    var privateKey: String!,
+        publicKey: String!,
+        sharedKey: String!,
+        keyData: Data!
+
+    @objc(getPublicKey:withRejecter:)
+    func getPublicKey(resolve: @escaping RCTPromiseResolveBlock, reject: RCTPromiseRejectBlock) -> Void {
+        do {
+            privateKey = P256.KeyAgreement.PrivateKey().rawRepresentation.base64EncodedString()
+            keyData = Data(base64Encoded: privateKey as! String)!
+            publicKey = try? (ASN1.ec256 + [0x04] + P256.KeyAgreement.PrivateKey(rawRepresentation: keyData).publicKey.rawRepresentation).base64EncodedString()
+            
+            resolve(publicKey)
+        } catch {
+            reject("error", "GET_PUBLIC_KEY_ERROR", nil)
+        }
+    }
+    
+    @objc(getSharedKey:withResolver:withRejecter:)
+    func getSharedKey(serverPK: NSString, resolve: @escaping RCTPromiseResolveBlock, reject: RCTPromiseRejectBlock) -> Void {
+        do {
+            print("privateKey", privateKey)
+            guard let serverPublicKeyData = Data(base64Encoded: serverPK as String),
+                  let privateKeyData = Data(base64Encoded: privateKey as String) else { return }
+            
+            sharedKey = try? P256.KeyAgreement.PrivateKey(rawRepresentation: privateKeyData).sharedSecretFromKeyAgreement(with: .init(rawRepresentation: serverPublicKeyData.dropFirst(ASN1.ec256.count + 1)))
+                .withUnsafeBytes({ Data(buffer: $0.bindMemory(to: UInt8.self)) })
+                .base64EncodedString()
+         
+            resolve(sharedKey)
+        } catch {
+            reject("error", "GET_SHARED_KEY_ERROR", nil)
+        }
+    }
+    
+    @objc(encrypt:withResolver:withRejecter:)
+    func encrypt(input: NSString, resolve: @escaping RCTPromiseResolveBlock, reject: RCTPromiseRejectBlock) -> Void {
+        do {
+            guard let keyData = Data(base64Encoded: sharedKey) else {
+                reject("error", "DECRYPT_SHARED_KEY_ERROR", nil)
+                return
+            }
+            let data = Data((input as String).utf8)
+            if keyData == nil {
+                reject("error", "keyData is null", nil)
+                return
+            }
+            let key = SymmetricKey(data: keyData)
+            let output = try? AES.GCM.seal(data, using: key).combined?.base64EncodedString()
+            resolve(output)
+        } catch {
+            reject("error", "ENCRYPT_ERROR", nil)
+        }
+    }
+    
+    @objc(decrypt:withResolver:withRejecter:)
+    func decrypt(input: NSString, resolve: @escaping RCTPromiseResolveBlock, reject: RCTPromiseRejectBlock) -> Void {
+        do {
+            guard let keyData = Data(base64Encoded: sharedKey) else {
+                reject("error", "DECRYPT_SHARED_KEY_ERROR", nil)
+                return
+            }
+            guard let data = Data(base64Encoded: "\(input)") else {
+                reject("error", "INPUT_ERROR", nil)
+                return
+            }
+            let key = SymmetricKey(data: keyData)
+            let output = ( try? AES.GCM.open(.init(combined: data), using: key)).map({String(decoding: $0, as: UTF8.self)})
+            
+            resolve(output)
+        } catch {
+            reject("error", "DECRYPT_ERROR", nil)
+        }
+    }
+    
+    @objc(storageEncrypt:withSecretKey:withHardEncryption:withCallback:)
+    func storageEncrypt(input: NSString, secretKey: NSString, hardEncryption: Bool, callback: RCTResponseSenderBlock) -> Void {
+        do {
+            var encryptionKey = getDeviceId();
+            if secretKey != nil {
+                encryptionKey = secretKey as String;
+            }
+            let storageEncryption: StorageEncryption = StorageEncryption()
+            let encrypted = try? storageEncryption.encrypt(plain: "\(input)", encryptionKey: encryptionKey, hardEncryption: hardEncryption)
+            callback([encrypted, NSNull()])
+        } catch {
+            callback([NSNull(), "SOFT_DECRYPT_ERROR"])
+        }
+    }
+    
+    @objc(storageDecrypt:withSecretKey:withHardEncryption:withCallback:)
+    func storageDecrypt(input: NSString, secretKey: NSString, hardEncryption: Bool, callback: RCTResponseSenderBlock) -> Void {
+        do {
+            var encryptionKey = getDeviceId()
+            if secretKey != nil {
+                encryptionKey = secretKey as String;
+            }
+            let storageEncryption: StorageEncryption = StorageEncryption()
+            let decrypted = try? storageEncryption.decrypt(decoded: "\(input)", encryptionKey: encryptionKey, hardEncryption: hardEncryption)
+            callback([decrypted, NSNull()])
+        } catch {
+            callback([NSNull(), "SOFT_DECRYPT_ERROR"])
+        }
+    }
+    
+    @objc(getDeviceId:)
+    func getDeviceId(callback: RCTResponseSenderBlock) -> Void {
+        do {
+            callback([getDeviceId(), NSNull()]);
+        } catch {
+            callback([NSNull(), "GET_DEVICE_ID_ERROR"]);
+        }
+    }
+    
+    func getDeviceId() -> String {
+        return UIDevice.current.identifierForVendor!.uuidString.replacingOccurrences(of: "-", with: "", options: [], range: nil)
+    }
 
     @objc(deviceHasSecurityRisk:withRejecter:)
     func deviceHasSecurityRisk(resolve:RCTPromiseResolveBlock, reject:RCTPromiseRejectBlock) -> Void {
@@ -13,3 +134,11 @@ class SecuritySuite: NSObject {
         }
     }
 }
+
+struct ASN1 {
+    static let rsa2048 = Data(base64Encoded: "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A")!
+    static let rsa4096 = Data(base64Encoded: "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A")!
+    static let ec256   = Data(base64Encoded: "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgA=")!
+    static let ec384   = Data(base64Encoded: "MHYwEAYHKoZIzj0CAQYFK4EEACIDYgA=")!
+    static let ec521   = Data(base64Encoded: "MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQ=")!
+}