Expo Crypto
A universal library for crypto operations.
expo-crypto enables you to hash data in an equivalent manner to the Node.js core crypto API, and perform crypto operations such as AES encryption and decryption.
Installation
- npx expo install expo-cryptoIf you are installing this in an existing React Native app, make sure to install expo in your project.
Usage
import { useEffect } from 'react'; import { StyleSheet, View, Text } from 'react-native'; import * as Crypto from 'expo-crypto'; export default function App() { useEffect(() => { (async () => { const digest = await Crypto.digestStringAsync( Crypto.CryptoDigestAlgorithm.SHA256, 'GitHub stars are neat 🌟' ); console.log('Digest: ', digest); /* Some crypto operation... */ })(); }, []); return ( <View style={styles.container}> <Text>Crypto Module Example</Text> </View> ); } const styles = StyleSheet.create({ container: { flex: 1, backgroundColor: '#fff', alignItems: 'center', justifyContent: 'center', }, });
AES encryption and decryption
import { useEffect } from 'react'; import { StyleSheet, View, Text } from 'react-native'; import { AESEncryptionKey, aesEncryptAsync, aesDecryptAsync } from 'expo-crypto'; export default function App() { useEffect(() => { (async () => { const plaintext = 'Hello, world!'; const plaintextBase64 = btoa(plaintexxt); const encryptionKey = await AESEncryptionKey.generate(); const sealedData = await aesEncryptAsync(plaintextBase64, key); const decryptedBase64 = await aesDecryptAsync(sealedData, key, { output: 'base64', }); const decrpyted = atob(decryptedBase64); console.log('Decrypted: ', decrpyted); })(); }, []); return ( <View style={styles.container}> <Text>Crypto Module Example</Text> </View> ); } const styles = StyleSheet.create({ container: { flex: 1, backgroundColor: '#fff', alignItems: 'center', justifyContent: 'center', }, });
Encrypt data and save it to the file
import { AESEncryptionKey, aesEncryptAsync } from 'expo-crypto'; import { File, Paths } from 'expo-file-system'; import * as SecureStore from 'expo-secure-store'; async function encryptAndSaveData(plaintextData: Uint8Array) { // Generate encryption key const encryptionKey = await AESEncryptionKey.generate(); // Encrypt data const sealedData = await aesEncryptAsync(plaintextData, encryptionKey); const encryptedBytes = await sealedData.combined(); // Store encryption key const keyHex = await encryptionKey.encoded('hex'); await SecureStore.setItemAsync('aes-encryption-key', keyHex); // Save encrypted file const file = new File(Paths.cache, 'encrypted.dat'); file.create({ overwrite: true }); file.write(encryptedBytes); }
Load file and decrypt data
import { AESEncryptionKey, AESSealedData, aesDecryptAsync } from 'expo-crypto'; import { File, Paths } from 'expo-file-system'; import * as SecureStore from 'expo-secure-store'; async function loadAndDecryptData(): Promise<Uint8Array | null> { // Load encryption key const keyHex = await SecureStore.getItemAsync('aes-encryption-key'); if (!keyHex) { return null; } const encryptionKey = await AESEncryptionKey.import(keyHex, 'hex'); // Load encrypted file const file = new File(Paths.cache, 'encrypted.dat'); if (!file.exists) { return null; } const encryptedBytes = await file.bytes(); const sealedData = AESSealedData.fromCombined(encryptedBytes); // Decrypt data const plaintextBytes = await aesDecryptAsync(data, encryptionKey); return plaintextBytes; }
API
import * as Crypto from 'expo-crypto';
Classes
Type: Class extends EncryptionKey
Represents an AES encryption key that can be used for encryption and decryption operations. This class provides methods to generate, import, and export encryption keys.
AESEncryptionKey Properties
AESEncryptionKey Methods
Retrieves the key as a byte array.
Asynchronous due to the use of SubtleCrypto exportKey API.
Promise<Uint8Array<ArrayBufferLike>>A promise that resolves to the byte array representation of the key.
| Parameter | Type | Description |
|---|---|---|
| encoding | 'hex' | 'base64' | The encoding format to use ('hex' or 'base64'). |
Retrieves the key encoded as a string in the specified format.
Asynchronous due to the use of SubtleCrypto exportKey API.
Promise<string>A promise that resolves to the string representation of the key.
| Parameter | Type | Description |
|---|---|---|
| size(optional) | AESKeySize | The size of the key (128, 192, or 256). Defaults to 256. |
Generates a new AES encryption key of the specified size.
Promise<EncryptionKey>A promise that resolves to an EncryptionKey instance.
| Parameter | Type | Description |
|---|---|---|
| bytes | Uint8Array | The key as a byte array. |
Imports an encryption key from a byte array. Validates the size of the key.
Promise<EncryptionKey>A promise that resolves to an EncryptionKey instance.
| Parameter | Type | Description |
|---|---|---|
| hexString | string | The key as a string. |
| encoding | 'hex' | 'base64' | The encoding used in the string ('hex' or 'base64'). |
Imports an encryption key from a string representation (hex or base64). Validates the size of the key.
Promise<EncryptionKey>A promise that resolves to an EncryptionKey instance.
Type: Class extends SealedData
Represents encrypted data including the ciphertext, initialization vector, and authentication tag. This class provides methods to create sealed data from various formats and extract its components.
AESSealedData Properties
numberTotal size of the combined data (IV + ciphertext + tag) in bytes.
AESSealedData Methods
| Parameter | Type | Description |
|---|---|---|
| options | {
encoding: 'base64' | 'bytes',
withTag: boolean
} | Options controlling whether to include the authentication tag and output encoding. |
Retrieves the ciphertext from the sealed data.
Promise<string | Uint8Array<ArrayBufferLike>>The ciphertext as a Uint8Array or base64 string depending on encoding option.
| Parameter | Type | Description |
|---|---|---|
| encoding(optional) | 'base64' | 'bytes' | Output encoding format. Defaults to |
Retrieves a combined representation of the IV, ciphertext, and tag.
Promise<string | Uint8Array<ArrayBufferLike>>The combined data as a Uint8Array or base64 string depending on encoding.
| Parameter | Type | Description |
|---|---|---|
| combined | BinaryInput | The combined data array. When providing a string, it must be base64-encoded. |
| config(optional) | AESSealedDataConfig | Configuration specifying IV and tag lengths. |
Static method. Creates a SealedData instance from a combined byte array, including the IV, ciphertext, and tag.
AESSealedDataA SealedData object.
| Parameter | Type | Description |
|---|---|---|
| iv | BinaryInput | The initialization vector. When providing a string, it must be base64-encoded. |
| ciphertext | BinaryInput | The encrypted data. Should not include GCM tag. When providing a string, it must be base64-encoded. |
| tag | BinaryInput | The authentication tag. When providing a string, it must be base64-encoded. |
Static method. Creates a SealedData instance from separate nonce, ciphertext, and optionally a tag.
AESSealedDataA SealedData object.
| Parameter | Type | Description |
|---|---|---|
| iv | BinaryInput | The initialization vector. When providing a string, it must be base64-encoded. |
| ciphertextWithTag | BinaryInput | The encrypted data with GCM tag appended. When providing a string, it must be base64-encoded. |
| tagLength(optional) | number | Authentication tag length in bytes. Defaults to 16. |
Static method. Creates a SealedData instance from separate nonce, ciphertext, and optionally a tag.
AESSealedDataA SealedData object.
| Parameter | Type | Description |
|---|---|---|
| encoding(optional) | 'base64' | 'bytes' | Output encoding format. Defaults to |
Retrieves the initialization vector (nonce) from the sealed data.
Promise<string | Uint8Array<ArrayBufferLike>>The initialization vector as a Uint8Array or base64 string depending on encoding.
| Parameter | Type | Description |
|---|---|---|
| encoding(optional) | 'base64' | 'bytes' | Output encoding format. Defaults to |
Retrieves the authentication tag from the sealed data.
Promise<string | Uint8Array<ArrayBufferLike>>The authentication tag as a Uint8Array or base64 string depending on encoding.
Methods
| Parameter | Type | Description |
|---|---|---|
| sealedData | AESSealedData | The data to decrypt. |
| key | AESEncryptionKey | The key to use for decryption. |
| options(optional) | AESDecryptOptions | Options for decryption, including output encoding and additional data. |
Decrypts the given sealed data using the specified key and options.
Promise<string | Uint8Array<ArrayBufferLike>>A promise that resolves to the decrypted data buffer or string, depending on encoding option.
| Parameter | Type | Description |
|---|---|---|
| plaintext | BinaryInput | The data to encrypt. When providing a string, it must be base64-encoded. |
| key | AESEncryptionKey | The encryption key to use. |
| options(optional) | AESEncryptOptions | Optional encryption parameters including nonce, tag length, and additional data. Default: {} |
Encrypts the given plaintext using AES-GCM with the specified key.
Promise<AESSealedData>A promise that resolves to a SealedData instance containing the encrypted data.
| Parameter | Type | Description |
|---|---|---|
| algorithm | CryptoDigestAlgorithm | The cryptographic hash function to use to transform a block of data into a fixed-size output. |
| data | BufferSource | The value that will be used to generate a digest. |
The digest() method of Crypto generates a digest of the supplied TypedArray of bytes data with the provided digest algorithm.
A digest is a short fixed-length value derived from some variable-length input. Cryptographic digests should exhibit collision-resistance,
meaning that it's very difficult to generate multiple inputs that have equal digest values.
On web, this method can only be called from a secure origin (HTTPS) otherwise, an error will be thrown.
Promise<ArrayBuffer>A Promise which fulfills with an ArrayBuffer representing the hashed input.
Example
const array = new Uint8Array([1, 2, 3, 4, 5]); const digest = await Crypto.digest(Crypto.CryptoDigestAlgorithm.SHA512, array); console.log('Your digest: ' + digest);
| Parameter | Type | Description |
|---|---|---|
| algorithm | CryptoDigestAlgorithm | The cryptographic hash function to use to transform a block of data into a fixed-size output. |
| data | string | The value that will be used to generate a digest. |
| options(optional) | CryptoDigestOptions | Format of the digest string. Defaults to: |
The digestStringAsync() method of Crypto generates a digest of the supplied data string with the provided digest algorithm.
A digest is a short fixed-length value derived from some variable-length input. Cryptographic digests should exhibit collision-resistance,
meaning that it's very difficult to generate multiple inputs that have equal digest values.
You can specify the returned string format as one of CryptoEncoding. By default, the resolved value will be formatted as a HEX string.
On web, this method can only be called from a secure origin (HTTPS) otherwise, an error will be thrown.
Promise<string>Return a Promise which fulfills with a value representing the hashed input.
Example
const digest = await Crypto.digestStringAsync( Crypto.CryptoDigestAlgorithm.SHA512, '🥓 Easy to Digest! 💙' );
| Parameter | Type | Description |
|---|---|---|
| byteCount | number | A number within the range from |
Generates completely random bytes using native implementations. The byteCount property
is a number indicating the number of bytes to generate in the form of a Uint8Array.
Falls back to Math.random during development to prevent issues with React Native Debugger.
Uint8ArrayAn array of random bytes with the same length as the byteCount.
| Parameter | Type | Description |
|---|---|---|
| byteCount | number | A number within the range from |
Generates completely random bytes using native implementations. The byteCount property
is a number indicating the number of bytes to generate in the form of a Uint8Array.
Promise<Uint8Array<ArrayBufferLike>>A promise that fulfills with an array of random bytes with the same length as the byteCount.
| Parameter | Type | Description |
|---|---|---|
| typedArray | T | An integer based |
The getRandomValues() method of Crypto fills a provided TypedArray with cryptographically secure random values.
TThe input array filled with cryptographically secure random values.
Example
const byteArray = new Uint8Array(16); Crypto.getRandomValues(byteArray); console.log('Your lucky bytes: ' + byteArray);
The randomUUID() method returns a unique identifier based on the V4 UUID spec (RFC4122).
It uses cryptographically secure random values to generate the UUID.
stringA string containing a newly generated UUIDv4 identifier
Example
const UUID = Crypto.randomUUID(); console.log('Your UUID: ' + UUID);
Interfaces
Options for the decryption process.
| Property | Type | Description |
|---|---|---|
| additionalData(optional) | BinaryInput | Additional authenticated data (AAD) for GCM mode. When provided as a string, it must be base64-encoded. |
| output(optional) | 'base64' | 'bytes' | Output format for the decrypted data. Default: 'bytes' |
Options for the encryption process.
| Property | Type | Description |
|---|---|---|
| additionalData(optional) | BinaryInput | Additional authenticated data (AAD) for GCM mode. When provided as a string, it must be base64-encoded. |
| nonce(optional) | GCMNonceParam | Parameters for nonce generation. |
| tagLength(optional) | GCMTagByteLength | Only for: Android Web The length of the authentication tag in bytes.
Default: 16 |
Configuration for parsing sealed data from combined format.
| Property | Type | Description |
|---|---|---|
| ivLength(optional) | number | The length of the initialization vector in bytes. Default: 12 |
| tagLength(optional) | GCMTagByteLength | The length of the authentication tag in bytes. Default: 16 |
Types
Literal Type: union
Represents binary input data that can be processed by AES APIs. When providing a string, it must be base64-encoded.
Acceptable values are: string | Uint8Array | ArrayBuffer
| Property | Type | Description |
|---|---|---|
| encoding | CryptoEncoding | Format the digest is returned in. |
Configuration for the nonce (initialization vector) during encryption. Can specify either the byte length of the IV to generate or provide an IV directly.
Type: object shaped as below:
| Property | Type | Description |
|---|---|---|
| length(optional) | number | Byte length of nonce to be generated. Default: 12 |
Or object shaped as below:
| Property | Type | Description |
|---|---|---|
| bytes | BinaryInput | Provided nonce bytes. |
Literal Type: number
Byte length of the GCM authentication tag, is a security parameter. The AES-GCM specification recommends that it should be 16, 15, 14, 13, or 12 bytes, although 8 or 4 bytes may be acceptable in some applications. For additional guidance, see Appendix C of the NIST Publication on "Recommendation for Block Cipher Modes of Operation".
Default and recommended value is 16. On Apple, the only supported value for encryption is 16.
Acceptable values are: '16' | '15' | '14' | '13' | '12' | '8' | '4'
Enums
AES key sizes in bits.
CryptoEncoding.BASE64 = "base64"Has trailing padding. Does not wrap lines. Does not have a trailing newline.
Error codes
| Code | Description |
|---|---|
ERR_CRYPTO_UNAVAILABLE | Web Only. Access to the WebCrypto API is restricted to secure origins (localhost/https). |
ERR_CRYPTO_DIGEST | An invalid encoding type provided. |