Secure Store
The secure store is a Flutter allowing to securely store secret on a device, either using a password, or using biometrics.
| PasswordStore | BiometricsStore | |
|---|---|---|
| IOS | ✅ | ✅ |
| Android | ✅ | ✅ |
| Web | ✅ | ❌ |
| Mac | ✅ | ✅ |
| Windows | ✅ | ❌ |
| Linux | ✅ | ❌ |
Usage#
Biometrics Store#
await BiometricStore().storeSecret(
secret: "Simplicity is the ultimate sophistication",
key: "biometrics-store:secret",
);
final secret = await BiometricStore().getSecret(
key: "biometrics-store:secret",
);
await BiometricStore().deleteSecret(
key: "biometrics-store:secret",
);
Password Store#
First you need to initialize the password store since it's using Hive under the hood.
// In main.dart
void main() {
PasswordStore.init();
runApp(const MyApp());
}
Then you can use password store very easily:
await PasswordStore().storeSecret(
secret: "Simplicity is the ultimate sophistication",
key: "password-store:secret",
options: const PasswordStoreOptions(password: "1234"),
);
final secret = await PasswordStore().getSecret(
key: "password-store:secret",
options: const PasswordStoreOptions(password: "1234"),
);
Platform Setup#
IOS#
Add NSFaceIDUsageDescription permission in Info.plist:
<key>NSFaceIDUsageDescription</key>
<string>Use Touch ID or Face ID to process transactions.</string>
Android#
Edit your android/app/build.gradle:
android {
defaultConfig {
minSdkVersion 23
}
}
Change your MainActivity to extend FlutterFragmentActivity instead of FlutterActivity:
package com.example.example
import io.flutter.embedding.android.FlutterActivity
class MainActivity: FlutterFragmentActivity() {
}
Mac#
You need to add the Keychain Sharing capability in the Xcode project following this guide.
NOTE: you only need to add the capability, it's not needed to add any Keychain Groups.
Security Overview#
Some platforms and devices might be more secure than others. On iOS & MacOS, this plugin uses the Secure Enclave to protect the private key (if the device do not have a biometric component or not enabled, a password will be asked to encrypt data as a fallback method). On Android, the plugin biometric_storage is used. When biometric authentication is available, it is used to protect the private key. On other platforms and when the above is not available, the private key is encrypted using a password and stored in shared preferences.
Here's an in-depth architecture overview.