biometric_vault 1.1.0-dev.1 copy "biometric_vault: ^1.1.0-dev.1" to clipboard
biometric_vault: ^1.1.0-dev.1 copied to clipboard

Secure storage with optional biometric protection for Android, iOS, and macOS. Linux, Windows, and web fall back to unauthenticated storage.

Changelog #

1.1.0-dev.1 #

  • StorageFileInitOptions.silentWrites: writes never show an authentication prompt while reads stay gated. Android uses envelope encryption (payload under a fresh AES-256-GCM key, wrapped by a Keystore RSA public key whose private half is authentication-gated); iOS and macOS replace the keychain item on write, which never evaluates its access control.
  • BiometricVault.biometryType(): reports the device biometry modality (Face ID, Touch ID, Optic ID, fingerprint, face, iris) so UI copy can name the actual authenticator.
  • BiometricVault.authenticate(): standalone user authentication without any storage, for app-lock style privacy gates. Supports biometric-only mode or device-credential fallback.

1.0.0-dev.2 #

  • No functional changes. First version published through the automated release pipeline (GitHub Actions Trusted Publishing).

1.0.0-dev.1 #

Initial release of biometric_vault: encrypted storage for small secrets (tokens, passwords, key material) with optional biometric protection.

Features #

  • Named encrypted stores with a four-call lifecycle: canAuthenticate(), getStorage(), then read() / write() / delete().
  • Android 7.0+ (API 24): AES-GCM key in the Android Keystore (StrongBox when available, TEE fallback), gated by BiometricPrompt with Class 3 biometrics and optional device-credential fallback. All keystore and file work runs off the main thread, and writes are atomic.
  • iOS 13+ / macOS 10.15+: Keychain items protected by SecAccessControl (Face ID / Touch ID / Apple Watch, optional passcode fallback), shipped as a Swift Package Manager package with a CocoaPods fallback. Keychain operations run off the main thread.
  • Linux (libsecret), Windows (Credential Manager), and web (localStorage, not secure) backends so cross-platform code keeps working without authentication support.
  • Typed, sealed error model: every failure is a subtype of the sealed BiometricVaultException (AuthException with 14 dedicated AuthExceptionCode values, StorageInvalidatedException with a StorageInvalidatedReason, or BiometricVaultPluginException), so a single switch handles all outcomes exhaustively and raw PlatformExceptions never escape.
  • Precise capability reporting: canAuthenticate() distinguishes biometry lockout (errorLockedOut) and pending security updates (errorSecurityUpdateRequired) from generic hardware unavailability.
  • StorageFileInitOptions with explicit per-platform durations (androidAuthenticationValidityDuration, darwinTouchIDAuthenticationAllowableReuseDuration, darwinTouchIDAuthenticationForceReuseContextDuration) and per-platform biometricOnly flags. Invalid store names or option combinations throw ArgumentError at getStorage instead of failing natively at first use.
  • Localizable prompt strings via PromptInfo (AndroidPromptInfo and DarwinPromptInfo).
0
likes
0
points
--
downloads

Publisher

unverified uploader

Secure storage with optional biometric protection for Android, iOS, and macOS. Linux, Windows, and web fall back to unauthenticated storage.

Repository (GitHub)
View/report issues

Topics

#biometrics #encryption #storage #security #secure-storage

License

unknown (license)

Dependencies

ffi, flutter, flutter_web_plugins, plugin_platform_interface, web, win32

More

Packages that depend on biometric_vault

Packages that implement biometric_vault