反应本机应用程序的密钥生成/存储以加密领域数据库 [英] Key Generation/Storage for react-native apps to encrypt realm db

问题描述

领域对密钥生成/密钥存储(用于对领域db进行加密)是否有任何本机支持?我想在为该领域编写任何本机模块之前先与研究领域的团队进行核对.如果有任何节点模块支持本机反应，那将是有帮助的.

Does realm have any react-native support for key generation/key storage for encrypting the realm db? I wanted to check with the team working on realm before writing any native modules for the same. If there is any node module support for react native, that would be helpful.

谢谢.

推荐答案

Realm不提供任何用于生成或存储加密密钥的API.我正在复制我过去在此问题上发表的评论，以提供我在处理React Native上的加密领域时应考虑的一些注意事项的想法.

Realm does not provide any APIs for the generation or storage of encryption keys. I'm copying a comment I made in the past on this issue below just to provide my thoughts on some considerations that should be taken when dealing with encrypting Realms on React Native…

react-native-keychain 模块仅支持密码字符串，而Realm希望使用ArrayBuffer或ArrayBufferView(例如Uint8Array等)的512位(64字节)数据blob.

The react-native-keychain module only supports password strings, whereas Realm expects a 512-bit (64-byte) data blob as either an ArrayBuffer or ArrayBufferView (e.g. Uint8Array, et al).

如果您是随机生成一个密码，那么我建议在使用react-native-keychain存储之前，将数据base64编码为一个字符串，然后在得到密码时使用base64对其进行解码.我建议您检出 base64-js 来处理原始数据(atob/btoa仅处理字符串).

If you're randomly generating a password, then I would suggest base64-encoding that data into a string before storing with react-native-keychain, then base64 decoding it when you get it out. I'd recommend checking out base64-js for dealing with raw data (atob/btoa only deals in strings).

另一方面，如果用户提供密码，则可以将其直接存储在钥匙串中，并使用该密码的512位哈希作为加密密钥. SHA-512哈希可以实现这一点，但是通常在加密的情况下，您希望使用包含salt的哈希算法，并且从根本上说它很慢，因此使暴力破解变得更加困难.执行此操作的标准是 PBKDF2 ，尽管存在更新更好的哈希方法.我建议您检出 crypto-js 或

On the other hand, if the user is providing a password, then you can store that directly in the keychain and use a 512-bit hash of that password as the encryption key. A SHA-512 hash would accomplish that, but typically with encryption you want to use a hashing algorithm that includes a salt and is fundamentally slow, thus making it much harder to brute force. The standard for doing this is PBKDF2, though newer and better hashing methods exist. I'd recommend checking out crypto-js or pbkdf2-js for this.

这篇关于反应本机应用程序的密钥生成/存储以加密领域数据库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！