tauri-apps · charlesschaefer · Feb 25, 2025 · Feb 25, 2025 · Feb 26, 2025
@@ -89,16 +89,16 @@ In the `src-tauri/Info.ios.plist` file, add the following snippet:
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
-	<dict>
-		<key>NSFaceIDUsageDescription</key>
-		<string>Authenticate with biometric</string>
-	</dict>
+    <dict>
+        <key>NSFaceIDUsageDescription</key>
+        <string>Authenticate with biometric</string>
+    </dict>
 </plist>
 ```
 
 ## Usage
 
-This plugin enables you to verify the availability of Biometric Authentication on a device, prompt the user for biometric authentication, and check the result to determine if the authentication was successful or not.
+This plugin enables you to verify the availability of Biometric Authentication on a device, prompt the user for biometric authentication, and check the result to determine if the authentication was successful or not. On Android, it also allows you to encrypt/decrypt data using assymmetric keys that can be accessed only if the user authenticates using their registered biometric authentication method.
 
 ### Check Status
 
@@ -213,6 +213,104 @@ fn bio_auth(app_handle: tauri::AppHandle) {
 </TabItem>
 </Tabs>
 
+### Biometric protected cryptography
+
+To encrypt/decrypt data using an assymetric cryptography method that is protected behid the user Biometric Authentication, utilize the `biometricCipher()` method.
+
+<Tabs syncKey="lang">
+
+<TabItem label="JavaScript">
+
+```javascript ins={18}
+import { biometricCipher } from '@tauri-apps/plugin-biometric';
+
+// Encrypts data
+const encryptOptions = {
+  // ... other options
+  dataToEncrypt: getOriginalData(),
+};
+
+try {
+  const encrypted = await biometricCipher(
+    'Passwordless authentication',
+    encryptOptions
+  );
+  console.log(
+    'Hooray! Successfully encrypted data! We can now store it to decrypt later, when needed'
+  );
+} catch (err) {
+  console.log('Oh no! Authentication failed because ' + err.message);
+}
+
+// Decrypts data back to the original
+const decryptOptions = {
+  // ... other options
+  dataToDecrypt: encrypted.data,
+};
+
+try {
+  const original = await biometricCipher(
+    'Passwordless authentication',
+    decryptOptions
+  );
+  console.log(
+    'Hooray! Successfully decrypted data after the user authenticated with their biometric method.'
+  );
+  const valid = originalData() == dataToDecrypt.data;
+} catch (err) {
+  console.log('Oh no! Authentication failed because ' + err.message);
+}
+```
+
+</TabItem>
+
+<TabItem label="Rust">
+
+```rust ins={21}
+use tauri_plugin_biometric::{BiometricExt, AuthOptions};
+
+fn bio_cipher(app_handle: tauri::AppHandle, original_data: Option<String>) {
+
+    let encrypt_options = AuthOptions {
+        // ... other options
+        data_to_encrypt: original_data.unwrap()
+    };
+
+    // if the encryption was successful, the function returns Result::Ok(CipherResult)
+    // otherwise returns Result::Error()
+    match app_handle.biometric().biometric_cipher("Passwordless authentication".to_string(), encrypt_options) {
+        Ok(encrypted) => {
+            println!("Hooray! Successfully Authenticated! We can now perform the locked Tauri function!");
+        }
+        Err(e) => {
+            println!("Oh no! Authentication failed because : {e}");
+        }
+    }
+
+    let decrypt_options = AuthOptions {
+        // ... other options
+        data_to_decrypt: encrypted.data
+    };
+
+    // if the encryption was successful, the function returns Result::Ok(CipherResult)
+    // otherwise returns Result::Error()
+    match app_handle.biometric().biometric_cipher("Passwordless authentication".to_string(), decrypt_options) {
+        Ok(decrypted) => {
+            println!("Hooray! Successfully Authenticated! We can now perform the locked Tauri function!");
+        }
+        Err(e) => {
+            println!("Oh no! Authentication failed because : {e}");
+        }
+    }
+
+    assert_equal!(decrypted.data, original_data.unwrap());
+
+}
+```
+
+</TabItem>
+</Tabs>
+
 ## Permissions
 
 By default all potentially dangerous plugin commands and scopes are blocked and cannot be accessed. You must modify the permissions in your `capabilities` configuration to enable these.