uport-project / react-native-uport-signer Goto Github PK

View Code? Open in Web Editor NEW

8.0 8.0 5.0 2.64 MB

A react-native wrapper for the uPort mobile key management functionality

Home Page: https://developer.uport.me/

License: Apache License 2.0

Kotlin 65.93% Objective-C 30.19% Ruby 1.87% TypeScript 2.02%

react-native uport ethereum jwt androidkeystore ios keychain android library react-native-library

react-native-uport-signer's Introduction

react-native-uport-signer

FAQ and helpdesk support

Getting started

React Native 60.5+

Use version 1.6.0 or higher.

$ yarn add react-native-uport-signer

Autolinking will take care of the rest.

React Native < 60.5

Use version v1.5.2

$ yarn add [email protected]

Follow the manual linking instructions for v1.5.2

Use with uport-credentials

In order to use uport-credentials in react-native you need to provide a global buffer due to some sub dependencies using it.

$ yarn add uport-credentials

Example creating and sending a verification to the uport app

import { Linking } from 'react-native'
import { RNUportHDSigner, getSignerForHDPath } from 'react-native-uport-signer'
import { Credentials } from 'uport-credentials'

RNUportHDSigner.createSeed().then(seed => {

  const credentialsParams = {}
  // Get Signer function to be used by credentials, address given by RNUportHDSigner
  credentialsParams.signer = getSignerForHDPath(seed.address)
  // set did of the issuer
  credentialsParams.did = `did:ethr:${seed.address}`

  const cred = new Credentials(credentialsParams)

  cred.createVerification({
    sub: subject, //Address of receiver of the verification
    claim: {name: 'John Smith'}
  }).then(verification => {
    const url = `https://id.uport.me/req/${verification}` 
    Linking.openURL(url).catch((err) => console.error('An error occurred', err));
  })
})

General HD Signer Usage

RNUportHDSigner provides a mechanism of importing or creating seeds that can be used to derive keys for signing. Seeds are encrypted using platform specific hardware backed encryption and can be extra protected by fingerprint/keyguard.

Keys are derived every time they are used to sign or to compute addresses.

creating or importing seeds

import { RNUportHDSigner } from 'react-native-uport-signer';

var seedAlias = ""

// Create a new seed
RNUportHDSigner.createSeed('prompt').then( addressObj => {
  //keep a record of it to reference the seed when signing
  seedAlias = addressObj.address
})

// Import a seed using a previously saved phrase
RNUportHDSigner.importSeed(phrase, 'simple').then(addressObj => {
	//keep a record of it to reference the seed when signing
    seedAlias = addressObj.address
})

// Delete seed
RNUportHDSigner.deleteSeed(seedAlias)

Depending on the protection level chosen during seed creation or import, the user may be prompted to use their fingerprint or device PIN to unlock the seed. Relevant methods allow you to provide a message to the user about what it is they are signing.

Protection levels:

'simple' - seeds are encrypted but don't require user auth to be used
'prompt' - seeds are encrypted and need fingerprint or keyguard unlocking.
'singleprompt' - seeds are encrypted and need keyguard to unlock but only once every 30 seconds

The last 2 cases bring up the fingerprint or device keyguard UI every time a seed/key is used.

revealing the recovery phrase

The seed phrase can be revealed (and later used for recovery using importSeed). It is a sequence of 12 words, a commonly used recovery pattern in the crypto space.

// Get the seed phrase
RNUportHDSigner.showSeed(seedAlias, 'Reveal the recovery phrase').then (phrase => {
	// have the user write down the phrase
})

key derivation paths

When signing, you need to specify a derivation path that will be used to generate the key. If you need to know the ethereum address or public key corresponding to that key, it can be revealed using addressForPath(). This needs to be done only once since the address is deterministic.

Some example paths:

m/44'/60'/0'/0/0 - commonly used by ethereum wallet apps (metamask, trezor, jaxx...)
m/7696500'/0'/0'/0' - uport root account path

//Derive another Address
RNUportHDSigner.addressForPath(seedAlias, `m/44'/60'/0'/0/0`, 'Create a new address').then (addressObj => {
	console.log(addressObj.address)
    console.log(addressObj.pubKey)
})

signing

You can sign ethereum transactions and JWT payloads:

// Signing a JWT
RNUportHDSigner.signJwt(seedAlias,
        RNUportHDSigner.UPORT_ROOT_DERIVATION_PATH,
        base64EncodedJwt,
        'Sign a claim'
    ).then( jwtSig => {
			console.log(jwtSig.r)
			console.log(jwtSig.s)
			console.log(jwtSig.v)
		})
		
// Signing an Eth Tx
RNUportHDSigner.signTx(address,
        `m/44'/60'/0'/0/0`,
        base64EncodedTx,
        'Sign an ETH transaction'
    ).then( txSig => {
			console.log(txSig.r)
			console.log(txSig.s)
			console.log(txSig.v)
    })

Basic Signer Usage (DEPRECATED)

Usage of the basic signer is discouraged because recovery of the keys is not possible. Keys can be imported but this is not a secure practice. Any key recovery mechanism is outside the scope of the basic signer (RNUportSigner). Please use the HD signer, RNUportHDSigner

import { RNUportSigner } from 'react-native-uport-signer';

// Create a keypair
RNUportSigner.createKeyPair('simple').then(keypair => {
			console.log(keypair.address)
			console.log(keypar.pubKey)
})

//Sign a JWT
const exampleJwtPayload = { iss: address, aud: address, name: 'test'}

RNUportSigner.signJwt(address,
		exampleJwtPayload.toString('base64'), 
		'Sign a JWT'
).then( jwtSig => {
	console.log(jwtSig.r)
	console.log(jwtSig.s)
	console.log(jwtSig.v)
})

//Sign an Eth tx
RNUportSigner.signTx(address,
        rlpEncodedTx, //RLP Encoded eth transaction
        'Sign an ETH transaction'
).then( txSig => {
	console.log(txSig.r)
	console.log(txSig.s)
	console.log(txSig.v)
})

Contributions welcome

Please run yarn install after checkout to get an up-to-speed dev environment for this library.

Changelog

1.6.1
- [iOS] specify version of UPTEthereumSigner pod
1.6.0
- [iOS] feature - enable autolink ( #40 )
1.5.2
- bugfix #36 - build was not called automatically on prepublish ( #37 )
1.5.1
- [Android] bugfix - changed package name to me.uport.rnsigner thanks to @VMadalin ( #34 )
- support - add simple CI checks (#35)
1.5.0
- [iOS] fix parameter name for deleteSeed
- Adds typescript support
1.4.5
- [Android] bugfix - IllegalStateException when using prompt without fingerprint sensor (#30)
1.4.4
- New method named getSignerForHDPath which returns a signing method to be passed into uport-credentials as a parameter
1.3.4
- [Android] bugfix - duplicate classes error (#22)
1.3.3
- [Android] bugfix - fix silent errors when signing JWT (#20)
1.3.2
- [Android] remove createJSModules override to work with react-native > 0.47
1.3.1
- [iOS] fix search path for valet
1.3.0
- [iOS] replaces usage of CoreEthereum -> EthCore
- [iOS] Adds requiresMainQueueSetup method to get rid of react-native yellowbox warning
- [Android] Correctly scales recovery param for JWT's on android
- [Android] Methods use an activity context when available
v1.2.1
- android build based on kotlin 1.3.30
- expose listSeedAddresses method on android

react-native-uport-signer's People

Contributors

Stargazers

Watchers

Forkers

vmadalin abdulsalaam iwashi1t isabella232

react-native-uport-signer's Issues

Android: Duplicate class org.walleth.khex.HexFunKt found in modules KHex-0.6.jar (com.github.komputing:KHex:0.6) and khex-0.6.jar (com.github.walleth:khex:0.6)

Thank you for creating this wonderful library.

I installed & linked react-native-uport-signer: 1.3.3 and built a debug, the following error occurred.

> Task :app:checkDebugDuplicateClasses FAILED

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':app:checkDebugDuplicateClasses'.
> 1 exception was raised by workers:
  java.lang.RuntimeException: Duplicate class org.walleth.khex.HexFunKt found in modules KHex-0.6.jar (com.github.komputing:KHex:0.6) and khex-0.6.jar (com.github.walleth:khex:0.6)

  Go to the documentation to learn how to <a href="d.android.com/r/tools/classpath-sync-errors">Fix dependency resolution errors</a>.

I checked the gradle dependencies and it seems that both react-native-uport-signer and uport-android-signer have kotlin-common:signer-common, so when I removed the former, the build passed.

dependencies {
    implementation 'com.facebook.react:react-native:+'

    api "com.github.uport-project:uport-android-signer:0.3.1"
    api "com.github.uport-project.kotlin-common:signer-common:0.1.1"  // removed this line
}

Is the above line necessary?

Thank you.

Android package name

The Android package name com.reactlibrary is too general, so can you change it to something else? (e.g. me.uport)

Duplicate error has occurred when used with a library with the same package name com.reactlibrary.

this package itself specifies a `main` module field that could not be resolved

The following error has occurred after executing react-native run-android.

error: bundling failed: Error: While trying to resolve module `react-native-uport-signer` from file `***.js`, the package `/***/node_modules/react-native-uport-signer/package.json` was successfully found. However, this package itself specifies a `main` module field that could not be resolved (`/***/node_modules/react-native-uport-signer/lib/index.js`. Indeed, none of these files exist:

  * `/***/node_modules/react-native-uport-signer/lib/index.js(.native||.android.js|.native.js|.js|.android.json|.native.json|.json|.android.ts|.native.ts|.ts|.android.tsx|.native.tsx|.tsx)`
  * `/***/node_modules/react-native-uport-signer/lib/index.js/index(.native||.android.js|.native.js|.js|.android.json|.native.json|.json|.android.ts|.native.ts|.ts|.android.tsx|.native.tsx|.tsx)

package.json (L5) says "main": "lib/index.js", but lib folder doesn't seem to exist.

It seems that it has been changed from index.js to lib/index.ts in commit 8a1d885, is this correct?

Environment

react-native: 0.59.9
react-native-uport-signer: 1.5.1

HDSigner delete seed

Maybe this is not a problem, just noticed discrepancy in param names. It is not clear what to pass to deleteSeed from RN

deleteSeed:(NSString *)rootEthereumAddress
https://github.com/uport-project/react-native-uport-signer/blob/develop/ios/Pods/UPTEthereumSigner/UPTEthereumSigner/Classes/UPTHDSigner.m#L77

deleteSeed:(NSString *)phrase
https://github.com/uport-project/react-native-uport-signer/blob/develop/ios/RNUportHDSigner.m#L128

On Android uport signer method showSeed doesn't return anything

Hi all,

the following issues seem to appear only on Android.

We have a project with react native 0.59.9 and we are using react-native-uport-signer (1.5.0) to handle private key and seed phrase.
We create the seed by using "RNUportHDSigner.createSeed('prompt')"

We faced 2 weird issues while using the function "RNUportHDSigner.showSeed(uportAddress)".

If the smartphone has the fingerPrint hardware but the user has just set up a pin/password/swipe security method without the fingerprint, the showSeed method asks for the set security option (pin/password/swipe), but as soon as the user verifies it the showSeed method doesn't return anything. We cannot even catch any error, it seems just to go in an infinite loop. We use the following methodology:

RNUportHDSigner.showSeed(uportAddress)
.then(seedPhrase=>{ //handle seed phrase })
.catch(error=>{console.log("error: ",error})

If we try to add a customized message to be prompt to the user, it doesn't work.
We use this:

RNUportHDSigner.showSeed(uportAddress, 'Please, unlock your phone to reveal the recovery phrase')

But the message prompt is just "uPort".
Tested on Android 9, Android 7, Android 6 with multiple devices/emulators.

You can reproduce the issues by using also an emulator:

create a new react-native project using version <=0.59.9 and add react-native-uport-signer 1.5.0.
run the project on a smartphone/emulator that has the fingerprint hardware, but not a fingerprint registered. Use a pin/password/swipe instead.
create a seed by using RNUportHDSigner.createSeed('prompt')
show the seed by using RNUportHDSigner.showSeed(uportAddress)
try to log the seedPhrase returned by "showSeed"

The first one is an issue a bit urgent, could you please check it as soon as possible?

Thank you very much

UPORT_ROOT_DERIVATION_PATH is unknown

I'm trying to create verifiable claims using this library but UPORT_ROOT_DERIVATION_PATH is unknown for, I don't know how to figure-out this
RNUportHDSigner.signJwt( seedAlias, RNUportHDSigner.UPORT_ROOT_DERIVATION_PATH, base64EncodedJwt, myClaim ).then((jwtSig: any) => { console.warn("jwtSig is: ", jwtSig); });

iOS: "Module RNUportHDSigner requires main queue setup"

New RN app using "react-native": "0.59.5".

Getting this warning:

Module RNUportHDSigner requires main queue setup since it overrides `constantsToExport` but doesn't implement `requiresMainQueueSetup`. In a future release React Native will default to initializing all native modules on a background thread unless explicitly opted-out of.

Android Gradle plugin supports only Kotlin Gradle plugin version 1.3.0 and higher

Steps to reproduce:

react-native init poc
cd poc
yarn add react-native-uport-signer
react-native link react-native-uport-signer
react-native run-android

Result:

FAILURE: Build failed with an exception.

* What went wrong:
The Android Gradle plugin supports only Kotlin Gradle plugin version 1.3.0 and higher.
The following dependencies do not satisfy the required version:
project ':react-native-uport-signer' -> org.jetbrains.kotlin:kotlin-gradle-plugin:1.2.61

Android: Cannot use RNUportHDSigner.createSeed('prompt') without finger print hardware

Hi,
in these days I'm using your library on android and ios but I encountered in various problem only with specific Android devices.
For security reasons, I need security level "prompt", all work fine but the android devices without fingerprint hardware.

I'm using RNUportSigner.hasFingerprintHardware() to check this if the response is true, the creation of the seed works, but when I try to use RNUportHDSigner.showSeed(), after the confirmation of the keyguards the seed doesn't appear, the function doesn't work.

Otherwise, if the response is false the app crash in the RNUportHDSigner.createSeed('prompt') with the error:
Error: java.lang.IllegalStateException: At least one fingerprint must be enrolled to create keys requiring user authentication for every use

The library documentation says "'prompt' - seeds are encrypted and need a fingerprint or keyguard unlocking." but keyguard doesn't appear or don't work in both cases.
Same problems with security level 'singleprompt'

Tested on:

react-native 0.59.8
react-native-uport-signer 1.3.4
Huawei P8 Light 2015, Samsung S10, Android Emulator, iPhone XS

Thanks

Android Kotlin Gradle plugin version

FAILURE: Build failed with an exception.

* What went wrong:
The Android Gradle plugin supports only Kotlin Gradle plugin version 1.3.0 and higher.
The following dependencies do not satisfy the required version:
project ':react-native-uport-signer' -> org.jetbrains.kotlin:kotlin-gradle-plugin:1.2.61

[iOS] Is autolink working correctly?

When I run after following the steps below, I get the Framework not found EthCore error.

react-native init sample
cd sample
npm install react-native-uport-signer
cd ios
(set platform :ios, '11.0')
pod install
open sample.xcworkspace

Is autolink now working correctly? If yes, can you add the installation procedure in the Readme when using autolink?

Thank you.

Versions

react-native: 0.61.2
react-native-uport-signer: 1.6.0

Missing Typescript declaration file

It would be nice to have Typescript declaration file for all those Typescript projects that are using this lib ;)

iOS build issue

react-native init poc
cd poc
yarn add yarn add uport-project/react-native-uport-signer#1.1.3-rc4
react-native link react-native-uport-signer
open ios/poc.xcodeproj
(run)

Showing All Errors Only
:-1: Build input files cannot be found: '/Users/simonas/Library/Developer/Xcode/DerivedData/poc-hkwlqcxwckapgffiznbzwsgywlgl/Build/Products/Debug-iphonesimulator/libUPTEthereumSigner.a', '/Users/simonas/Library/Developer/Xcode/DerivedData/poc-hkwlqcxwckapgffiznbzwsgywlgl/Build/Products/Debug-iphonesimulator/libValet.a', '/Users/simonas/Library/Developer/Xcode/DerivedData/poc-hkwlqcxwckapgffiznbzwsgywlgl/Build/Products/Debug-iphonesimulator/libISO8601DateFormatter.a', '/Users/simonas/Library/Developer/Xcode/DerivedData/poc-hkwlqcxwckapgffiznbzwsgywlgl/Build/Products/Debug-iphonesimulator/libCoreEthereum.a', '/Users/simonas/Library/Developer/Xcode/DerivedData/poc-hkwlqcxwckapgffiznbzwsgywlgl/Build/Products/Debug-iphonesimulator/libPods-RNUportSigner.a'

install stale-bot

create .github/stale.yml to enable it:

# Number of days of inactivity before an issue becomes stale
daysUntilStale: 30
# Number of days of inactivity before a stale issue is closed
daysUntilClose: 7
# Issues with these labels will never be considered stale
exemptLabels:
  - pinned
  - security
# Label to use when marking an issue as stale
staleLabel: inactive-autoclose
# Comment to post when marking an issue as stale. Set to `false` to disable
markComment: >
  This issue has been automatically marked as stale because it has not had
  recent activity. It will be closed if no further activity occurs. Thank you
  for your contributions.
# Comment to post when closing a stale issue. Set to `false` to disable
closeComment: false

If I make some changes on OS security option, I cannot use anymore my stored private key

Hi all,

I'd like to understand how the library is supposed to work when a user changes his OS settings. On a Samsung S10 I've tried to create a seed via uportSignerHD.createSeed with the level set to "prompt", and then I've used uportSignerHD.showSeed to show the seedPhrase. So far so good, it worked and it requested the fingerprint before showing the 12 words.
But when in OS setting I've added a second fingerprint, the uportSignerHD.showSeed method stopped working, signaling this error:

"Error: Key permanently invalidated"

Can you please explain to me how the app behaves with such kind of operations (pin changes, faceId added/removed, fingerprint added/removed, etc..) and how you suggest to handle them?

Thank you very much

Add support for react-native 0.60.5 autolinking

After doing:

react-native init my-project
cd my-project
npm install react-native-uport-signer --save
cd ios && pod install

(1) trying the new react-native autolinking
I get:

Detected React Native module pod for RNUportSigner
Analyzing dependencies
[!] The `RNUportSigner` pod failed to validate due to 1 error:
    - ERROR | attributes: Missing required attribute `homepage`.
    - WARN  | source: The version should be included in the Git tag.
    - WARN  | description: The description is equal to the summary.

I changed to s.homepage = "https://github.com/uport-project/react-native-uport-signer.git" in RNUportSigner.podspec

I got then got Unable to find a specification for UPTEThereumSignerdepended upon byRNUportSigner`` -> I changed UPTEThereumSigner to `UPTEthereumSigner` in `RNUportSigner.podspec`

-> Pod installation complete!, but building the project with Xcode has an error: framework not found EthCore

Using use_frameworks! or use_modular_headers! gets rid of the EthCore error, but have other issues. (probably related: facebook/react-native#25349 (comment))

(2) Explicit linking, as in your Readme:

react-native link react-native-uport-signer
cd ios && pod install

I get:

Analyzing dependencies
[!] No podspec found for `RNUportSigner` in `../node_modules/react-native-uport-signer`

I then replaced pod 'RNUportSigner', :path => '../node_modules/react-native-uport-signer' from Podfile with pod 'RNUportSigner', :path => '../node_modules/react-native-uport-signer/ios/RNUportSigner.podspec'

-> Pod installation complete!, but building the project with Xcode has the same error: framework not found EthCore