From 392b8fbc46c4e4c7dd46a8fc2f43d2539dda977a Mon Sep 17 00:00:00 2001 From: Charles Schaefer Date: Tue, 25 Feb 2025 19:15:28 -0300 Subject: [PATCH 1/4] Update biometric.mdx Inserting the documentation of the new biometricCipher() method. See #2454 and #2306. --- src/content/docs/plugin/biometric.mdx | 96 ++++++++++++++++++++++++++- 1 file changed, 95 insertions(+), 1 deletion(-) diff --git a/src/content/docs/plugin/biometric.mdx b/src/content/docs/plugin/biometric.mdx index d3a9c903dd..dfac0e6406 100644 --- a/src/content/docs/plugin/biometric.mdx +++ b/src/content/docs/plugin/biometric.mdx @@ -98,7 +98,7 @@ In the `src-tauri/Info.ios.plist` file, add the following snippet: ## Usage -This plugin enables you to verify the availability of Biometric Authentication on a device, prompt the user for biometric authentication, and check the result to determine if the authentication was successful or not. +This plugin enables you to verify the availability of Biometric Authentication on a device, prompt the user for biometric authentication, and check the result to determine if the authentication was successful or not. On Android, it also allows you to encrypt/decrypt data using assymmetric keys that can be accessed only if the user authenticates using their registered biometric authentication method. ### Check Status @@ -213,6 +213,100 @@ fn bio_auth(app_handle: tauri::AppHandle) { +### Biometric protected cryptography + +To encrypt/decrypt data using an assymetric cryptography method that is protected behid the user Biometric Authentication, utilize the `biometricCipher()` method. + + + + + +```javascript ins={18} +import { biometricCipher } from '@tauri-apps/plugin-biometric'; + +// Encrypts data +const encryptOptions = { + // ... other options + dataToEncrypt: getOriginalData() +}; + +try { + const encrypted = await biometricCipher('Passwordless authentication', encryptOptions); + console.log( + 'Hooray! Successfully encrypted data! We can now store it to decrypt later, when needed' + ); +} catch (err) { + console.log('Oh no! Authentication failed because ' + err.message); +} + + +// Decrypts data back to the original +const decryptOptions = { + // ... other options + dataToDecrypt: encrypted.data, +}; + +try { + const original = await biometricCipher('Passwordless authentication', decryptOptions); + console.log( + 'Hooray! Successfully decrypted data after the user authenticated with their biometric method.' + ); + const valid = originalData() == dataToDecrypt.data; +} catch (err) { + console.log('Oh no! Authentication failed because ' + err.message); +} + +``` + + + + + +```rust ins={21} +use tauri_plugin_biometric::{BiometricExt, AuthOptions}; + +fn bio_cipher(app_handle: tauri::AppHandle, original_data: Option) { + + let encrypt_options = AuthOptions { + // ... other options + data_to_encrypt: original_data.unwrap() + }; + + // if the encryption was successful, the function returns Result::Ok(CipherResult) + // otherwise returns Result::Error() + match app_handle.biometric().biometric_cipher("Passwordless authentication".to_string(), encrypt_options) { + Ok(encrypted) => { + println!("Hooray! Successfully Authenticated! We can now perform the locked Tauri function!"); + } + Err(e) => { + println!("Oh no! Authentication failed because : {e}"); + } + } + + let decrypt_options = AuthOptions { + // ... other options + data_to_decrypt: encrypted.data + }; + + // if the encryption was successful, the function returns Result::Ok(CipherResult) + // otherwise returns Result::Error() + match app_handle.biometric().biometric_cipher("Passwordless authentication".to_string(), decrypt_options) { + Ok(decrypted) => { + println!("Hooray! Successfully Authenticated! We can now perform the locked Tauri function!"); + } + Err(e) => { + println!("Oh no! Authentication failed because : {e}"); + } + } + + assert_equal!(decrypted.data, original_data.unwrap()); + +} +``` + + + + ## Permissions By default all potentially dangerous plugin commands and scopes are blocked and cannot be accessed. You must modify the permissions in your `capabilities` configuration to enable these. From 67e7f9b9de62cfb4693f81f45279ff1f84c32817 Mon Sep 17 00:00:00 2001 From: Charles Schaefer Date: Wed, 26 Feb 2025 03:14:47 -0300 Subject: [PATCH 2/4] Update biometric.mdx Solving some formatting issues. --- src/content/docs/plugin/biometric.mdx | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/src/content/docs/plugin/biometric.mdx b/src/content/docs/plugin/biometric.mdx index dfac0e6406..f373d7cf31 100644 --- a/src/content/docs/plugin/biometric.mdx +++ b/src/content/docs/plugin/biometric.mdx @@ -89,10 +89,10 @@ In the `src-tauri/Info.ios.plist` file, add the following snippet: - - NSFaceIDUsageDescription - Authenticate with biometric - + + NSFaceIDUsageDescription + Authenticate with biometric + ``` @@ -227,11 +227,14 @@ import { biometricCipher } from '@tauri-apps/plugin-biometric'; // Encrypts data const encryptOptions = { // ... other options - dataToEncrypt: getOriginalData() + dataToEncrypt: getOriginalData(), }; try { - const encrypted = await biometricCipher('Passwordless authentication', encryptOptions); + const encrypted = await biometricCipher( + 'Passwordless authentication', + encryptOptions + ); console.log( 'Hooray! Successfully encrypted data! We can now store it to decrypt later, when needed' ); @@ -239,7 +242,6 @@ try { console.log('Oh no! Authentication failed because ' + err.message); } - // Decrypts data back to the original const decryptOptions = { // ... other options @@ -247,7 +249,10 @@ const decryptOptions = { }; try { - const original = await biometricCipher('Passwordless authentication', decryptOptions); + const original = await biometricCipher( + 'Passwordless authentication', + decryptOptions + ); console.log( 'Hooray! Successfully decrypted data after the user authenticated with their biometric method.' ); @@ -255,7 +260,6 @@ try { } catch (err) { console.log('Oh no! Authentication failed because ' + err.message); } - ``` @@ -269,7 +273,7 @@ fn bio_cipher(app_handle: tauri::AppHandle, original_data: Option) { let encrypt_options = AuthOptions { // ... other options - data_to_encrypt: original_data.unwrap() + data_to_encrypt: original_data.unwrap() }; // if the encryption was successful, the function returns Result::Ok(CipherResult) @@ -285,7 +289,7 @@ fn bio_cipher(app_handle: tauri::AppHandle, original_data: Option) { let decrypt_options = AuthOptions { // ... other options - data_to_decrypt: encrypted.data + data_to_decrypt: encrypted.data }; // if the encryption was successful, the function returns Result::Ok(CipherResult) From 759eae62b187490219345c07af0f8aaf261c58ea Mon Sep 17 00:00:00 2001 From: Charles Schaefer Date: Wed, 26 Feb 2025 09:58:39 -0300 Subject: [PATCH 3/4] Apply suggestions from code review Co-authored-by: Vitor Ayres --- src/content/docs/plugin/biometric.mdx | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/content/docs/plugin/biometric.mdx b/src/content/docs/plugin/biometric.mdx index f373d7cf31..7925e6c43b 100644 --- a/src/content/docs/plugin/biometric.mdx +++ b/src/content/docs/plugin/biometric.mdx @@ -215,13 +215,13 @@ fn bio_auth(app_handle: tauri::AppHandle) { ### Biometric protected cryptography -To encrypt/decrypt data using an assymetric cryptography method that is protected behid the user Biometric Authentication, utilize the `biometricCipher()` method. +To encrypt/decrypt data using an asymmetric cryptography method that is protected behind the user Biometric Authentication, utilize the `biometricCipher()` method. -```javascript ins={18} +```javascript import { biometricCipher } from '@tauri-apps/plugin-biometric'; // Encrypts data @@ -266,7 +266,7 @@ try { -```rust ins={21} +```rust use tauri_plugin_biometric::{BiometricExt, AuthOptions}; fn bio_cipher(app_handle: tauri::AppHandle, original_data: Option) { From 10ecb0baabc459ddfa09004891c97a151f02f6cb Mon Sep 17 00:00:00 2001 From: Charles Schaefer Date: Wed, 26 Feb 2025 10:00:45 -0300 Subject: [PATCH 4/4] Accepting code review suggestion --- src/content/docs/plugin/biometric.mdx | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/content/docs/plugin/biometric.mdx b/src/content/docs/plugin/biometric.mdx index 7925e6c43b..9a66165717 100644 --- a/src/content/docs/plugin/biometric.mdx +++ b/src/content/docs/plugin/biometric.mdx @@ -215,6 +215,10 @@ fn bio_auth(app_handle: tauri::AppHandle) { ### Biometric protected cryptography +:::caution[Android-only feature] +This feature is available only for Android. +::: + To encrypt/decrypt data using an asymmetric cryptography method that is protected behind the user Biometric Authentication, utilize the `biometricCipher()` method.