Node RSA is broken with React Native

[SamSaffron]

https://github.com/rzcoder/node-rsa is broken in React Native for some reason:

This is also reported here:

rzcoder/node-rsa#65

This ticket is mentioned but I do not think it is exactly the same.

#4968

[SamSaffron]

Some further analysis shows that the root of the issue is that react native does not ship with the native nodejs crypto module.

[ryankask]

react-native doesn't use node to run apps so you can't access any node modules. You can read about the JS environment here: https://facebook.github.io/react-native/docs/javascript-environment.html.

Check out js.coach for some of the available crypto packages available on npm.

Please let me know if there's any other way I can help.

[ryankask]

@facebook-github-bot answered

[ghost]

Closing this issue as @ryankask says the question asked has been answered. Please help us by asking questions on StackOverflow. StackOverflow is amazing for Q&A: it has a reputation system, voting, the ability to mark a question as answered. Because of the reputation system it is likely the community will see and answer your question there. This also helps us use the GitHub bug tracker for bugs only.

[SamSaffron]

@ryankask I still feel react native could be doing a bit better here...

• If in dev
• and you require something that can not be found
• and that module ships with node.js (should be straightforward to get the list)
• display a custom message that informs user about this issue (eg: you are trying to require a module that ships with node and does not exist in react native)

long term backfilling some of the modules also makes sense, crypto could be implemented in pure js, for example

btw @facebook-github-bot-2 http://blog.stackoverflow.com/2010/06/welcome-stack-overflow-valued-associate-00008/ I know its a robot ... still :)

[ryankask]

I knew the bot's response would be awkward 😄

Better error messages are always good. I've seen this happen a few times so the JS environment doc could make it clear that your app isn't running node and the node packages aren't available.

I think if anything the W3C's Web Cryptography API could be implemented although I'm not sure if anyone would maintain that.

[SamSaffron]

@ryankask no worries at all :)

Web Crypto API would be fantastic addition. Though perhaps there are some smaller steps that can be taken first.

I think the big problem at the moment in the RSA department is that too many people are now leaning on "pure JS" implementations and the trouble is you can not properly get random numbers from pure JS cause you can't get entropy and need to lean native implementations for that.

Perhaps a smaller addition that could at least pave the way for proper crypto would be simply implementing https://developer.mozilla.org/en-US/docs/Web/API/RandomSource/getRandomValues (which would be a tiny subset of the crypto api, but "unlock" the ability to do RSA key generation properly.)

[ide]

React Native is a third JS environment. Similar to how you don't expect document.createElement to work in Node or require('http') to work in Chrome, expect modules that haven't been written with React Native not to always work.

Implementing async crypto primitives is maybe a good idea and someone should try it and publish their package to npm if it works well.