{"id":20037356,"url":"https://github.com/animo/secure-env","last_synced_at":"2025-05-05T06:30:42.200Z","repository":{"id":222846129,"uuid":"753518225","full_name":"animo/secure-env","owner":"animo","description":"Secure Element support for Android and iOS in Rust with P256+ES256","archived":false,"fork":false,"pushed_at":"2024-07-25T08:45:58.000Z","size":190,"stargazers_count":10,"open_issues_count":2,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-04-26T07:02:42.444Z","etag":null,"topics":["cryptography","hsm","rust","secure-element","tee"],"latest_commit_sha":null,"homepage":"https://docs.rs/animo-secure-env/latest/secure_env/","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/animo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-02-06T09:32:20.000Z","updated_at":"2024-09-30T01:58:39.000Z","dependencies_parsed_at":"2024-04-24T10:58:44.765Z","dependency_job_id":"35034d8c-2ce6-4b04-81f0-4ae62d18b7cb","html_url":"https://github.com/animo/secure-env","commit_stats":null,"previous_names":["animo/secure-env"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/animo%2Fsecure-env","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/animo%2Fsecure-env/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/animo%2Fsecure-env/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/animo%2Fsecure-env/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/animo","download_url":"https://codeload.github.com/animo/secure-env/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252451345,"owners_count":21749923,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptography","hsm","rust","secure-element","tee"],"created_at":"2024-11-13T10:19:11.599Z","updated_at":"2025-05-05T06:30:41.907Z","avatar_url":"https://github.com/animo.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Secure Element Library for Android and iOS\n\n`secure-env` is a library that allows for key generation and signature creation using the mobile secure element.\n\n## Supported targets\n\n- `aarch64-apple-ios`\n- `aarch64-apple-ios-sim`\n- `x86_64-apple-ios`\n- `aarch64-linux-android`\n- `armv7-linux-androideabi`\n- `i686-linux-android`\n- `x86_64-linux-android`\n\n## iOS\n\niOS bindings are done via [security-framework](https://github.com/kornelski/rust-security-framework). This is a safe wrapper around [Apple's security.framework](https://developer.apple.com/documentation/security).\n\n## Android\n\nAndroid bindings are done via [jni-rs](https://github.com/jni-rs/jni-rs). It was discussed to use do this via IPC (Binder) or HIDL, but jni was chosen for its similicity and available documentation.\n\nBeneath these bindings it fully relies on `KeyStore`. During key generation, based on the support version, `setIsStrongBoxBacked` is set to make sure the key is store in hardware. If this is not supported we fall back to a lower level of security `setUserPresenceRequired`.\n\n\u003e NOTE: there still needs to be some additional research done into the exact garantuees that `setUserPresenceRequired` provides. If it means TEE, it is all good.\n\n### Additional setup\n\nDue to time constraints, currently some additional setup is required for Android to fully work. This has to do with accessing the JVM pointer from Rust. If something like [android_activity](https://github.com/rust-mobile/android-activity) is used, take a look at the [android example](./examples/android/src/lib.rs). If this library is used from a React Native context, or native Android app, include the following in your project:\n\n```java\npackage id.animo;\n\npublic class SecureEnvironment {\n static {\n System.loadLibrary(\"secure_env\");\n }\n\n\n public static native void set_env();\n}\n\n```\n\nAfterwards, you can call `SecureEnvironment.set_env` before making any calls to the library. Afterwards everything should be set up properly.\n\n## Features\n\n| | ios | android |\n| ----------------- | --- | ------- |\n| generate keypair | ✅ | ✅ |\n| get keypair by id | ✅ | ✅ |\n| get public key | ✅ | ✅ |\n| sign | ✅ | ✅ |\n\n## Usage\n\nAdd the dependency\n\n```console\ncargo add secure-env\n```\n\n```rust\n// src/main.rs\nuse secure_env::{SecureEnvironment, SecureEnvironmentOps, Key, KeyOps};\n\nfn main() {\n let key = SecureEnvironment::generate_keypair(\"my-key-id\").unwrap();\n let key_from_id = SecureEnvironment::get_keypair_by_id(\"my-key-id\").unwrap();\n\n let msg = b\"Hello World!\";\n\n let public_key = key.get_public_key().unwrap();\n let signature = key.sign(msg).unwrap();\n\n assert!(public_key.len(), 33);\n assert!(signature.len(), 64);\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanimo%2Fsecure-env","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fanimo%2Fsecure-env","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanimo%2Fsecure-env/lists"}