npm - tauri-plugin-secure-element-api - Versions diffs - 0.1.0-alpha.4 → 0.1.0-beta.1 - Mend

tauri-plugin-secure-element-api 0.1.0-alpha.4 → 0.1.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -1,6 +1,6 @@
 # Tauri Plugin Secure Element
-A Tauri plugin for secure element functionality on iOS (Secure Enclave) and Android (Strongbox and TEE).
+A Tauri plugin for secure element functionality on macOS & iOS (Secure Enclave) and Android (StrongBox and TEE).
 ## Features
@@ -9,7 +9,7 @@ A Tauri plugin for secure element functionality on iOS (Secure Enclave) and Andr
 - List and manage secure keys
 - Check secure element support on the device
 - Support for biometric and PIN authentication modes
-- Cross-platform support for iOS and Android
+- Cross-platform support for macOS, Windows, iOS, and Android
 ## Installation
@@ -27,7 +27,7 @@ yarn add tauri-plugin-secure-element-api
 ```toml
 [dependencies]
-tauri-plugin-secure-element = "0.1.0"
+tauri-plugin-secure-element = "0.1.0-beta.1"
 ```
 ## Setup
@@ -143,7 +143,17 @@ Generates a new secure key in the device's secure element.
 - `keyName`: Unique name for the key
 - `authMode`: Authentication mode (`'none'`, `'pinOrBiometric'`, or `'biometricOnly'`)
-**Returns:** `Promise<{ publicKey: string; keyName: string }>`
+**Returns:** `Promise<GenerateSecureKeyResult>`
+```typescript
+interface GenerateSecureKeyResult {
+  publicKey: string;
+  keyName: string;
+  hardwareBacking: "secureEnclave" | "strongBox" | "tee";
+}
+```
+**Note:** The `biometricOnly` mode requires Android 11 (API 30) or higher. On older Android versions, this mode will be rejected with an error. Use `checkSecureElementSupport().canEnforceBiometricOnly` to check support before creating biometric-only keys.
 ### `listKeys(keyName?: string, publicKey?: string)`
@@ -155,7 +165,6 @@ Lists keys stored in the secure element. Can filter by key name or public key.
 interface KeyInfo {
   keyName: string;
   publicKey: string;
-  requiresAuthentication?: boolean;
 }
 ```
@@ -176,10 +185,56 @@ Deletes a key from the secure element. At least one parameter must be provided.
 **Returns:** `Promise<boolean>` - Success status
+## Public Key Format
+Public keys are returned as base64-encoded strings in **X9.62 uncompressed point format** (65 bytes), consistent across all platforms:
+| Byte(s) | Content                 |
+| ------- | ----------------------- |
+| 0       | `0x04` (uncompressed)   |
+| 1-32    | X coordinate (32 bytes) |
+| 33-64   | Y coordinate (32 bytes) |
+All keys use the **secp256r1 (P-256)** elliptic curve.
 ## Platform Support
 - **iOS**: Uses Secure Enclave for key generation and signing
-- **Android**: Uses Strongbox and TEE (Trusted Execution Environment) when available
+- **Android**: Uses StrongBox and TEE (Trusted Execution Environment) when available
+- **Windows**: Uses TPM 2.0 for key generation and signing
+- **macOS**: Uses Secure Enclave for key generation and signing
+## Platform Limitations
+### Windows
+- Windows 11 (build 22000 or higher) requires TPM 2.0
+- TPM 2.0 is supported on Windows 10 (since version 1507)
+### macOS
+- Secure Enclave is available on Macs with Apple Silicon (M1/M2/M3/M4) or T2 chip
+### Android
+| Feature                   | Requirement | Notes                            |
+| ------------------------- | ----------- | -------------------------------- |
+| Hardware-backed keys      | API 23+     | TEE or StrongBox required        |
+| StrongBox                 | API 28+     | Falls back to TEE if unavailable |
+| `biometricOnly` auth mode | API 30+     | Rejected on older versions       |
+### iOS
+- Secure Enclave is available on all devices with A7 chip or later (iPhone 5s+)
+- Simulator does not support Secure Enclave - test on physical devices
+### Authentication Modes
+| Mode             | iOS/MacOS                         | Android                              | Windows             |
+| ---------------- | --------------------------------- | ------------------------------------ | ------------------- |
+| `none`           | ✅ No auth required               | ✅ No auth required                  | ✅ No auth required |
+| `pinOrBiometric` | ✅ Face ID, Touch ID, or passcode | ✅ Biometric or PIN/pattern/password | ✅ Windows Hello    |
+| `biometricOnly`  | ❌ Not supported                  | ✅ API 30+ only, biometric only      | ❌ Not supported    |
 ## License

package/dist-js/index.d.ts CHANGED Viewed

@@ -1,14 +1,17 @@
 export interface KeyInfo {
     keyName: string;
     publicKey: string;
-    requiresAuthentication?: boolean;
 }
 export declare function ping(value: string): Promise<string | null>;
 export type AuthenticationMode = "none" | "pinOrBiometric" | "biometricOnly";
-export declare function generateSecureKey(keyName: string, authMode?: AuthenticationMode): Promise<{
+export type HardwareBacking = "secureEnclave" | "strongBox" | "tee";
+export interface GenerateSecureKeyResult {
     publicKey: string;
     keyName: string;
-}>;
+    /** The type of hardware backing used for this key */
+    hardwareBacking: HardwareBacking;
+}
+export declare function generateSecureKey(keyName: string, authMode?: AuthenticationMode): Promise<GenerateSecureKeyResult>;
 export declare function listKeys(keyName?: string, publicKey?: string): Promise<KeyInfo[]>;
 export declare function signWithKey(keyName: string, data: Uint8Array): Promise<Uint8Array>;
 /**

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "tauri-plugin-secure-element-api",
-  "version": "0.1.0-alpha.4",
+  "version": "0.1.0-beta.1",
   "description": "Tauri plugin for secure element use on iOS (Secure Enclave) and Android (Strongbox and TEE).",
   "repository": "https://github.com/dkackman/tauri-plugin-secure-element",
   "license": "Apache-2.0",
@@ -38,6 +38,11 @@
     "build": "rollup -c",
     "prepublishOnly": "pnpm build",
     "pretest": "pnpm build",
+    "test": "pnpm test:rust && (pnpm test:swift || echo '⚠️  Swift tests skipped (require iOS simulator). To run: cd ios && xcodebuild test -scheme tauri-plugin-secure-element -destination \"platform=iOS Simulator,name=iPhone 15\"') && pnpm test:android",
+    "test:rust": "cargo test",
+    "test:swift": "cd ios && swift test",
+    "test:android": "cd android && (./gradlew test || gradle test || echo 'Note: Gradle wrapper not found. Install Gradle or run from Android Studio')",
+    "test:android:instrumented": "cd android && (./gradlew connectedAndroidTest || gradle connectedAndroidTest || echo 'Note: Gradle wrapper not found. Install Gradle or run from Android Studio')",
     "format": "prettier --write . && cargo fmt && swiftformat ios/ 2>/dev/null || echo 'Note: swiftformat not installed. Install with: brew install swiftformat' && pnpm format:kotlin",
     "format:check": "prettier --check . && cargo fmt --check && (swiftformat --lint ios/ 2>/dev/null || echo 'Note: swiftformat not installed') && pnpm format:check:kotlin",
     "format:js": "prettier --write .",
@@ -54,11 +59,12 @@
     "@tauri-apps/api": "^2.0.0"
   },
   "devDependencies": {
-    "@rollup/plugin-typescript": "^12.0.0",
     "@naturalcycles/ktlint": "^1.16.0",
+    "@rollup/plugin-typescript": "^12.0.0",
+    "@rollup/rollup-win32-arm64-msvc": "^4.54.0",
     "prettier": "^3.7.4",
     "rollup": "^4.9.6",
-    "typescript": "^5.3.3",
-    "tslib": "^2.6.2"
+    "tslib": "^2.6.2",
+    "typescript": "^5.3.3"
   }
 }