tauri_plugin_secure_element/
models.rs

1use serde::{Deserialize, Serialize};
2
3/// Authentication mode for secure element operations
4#[derive(Debug, Clone, Copy, Default, Deserialize, Serialize)]
5#[serde(rename_all = "camelCase")]
6pub enum AuthenticationMode {
7    /// No authentication required
8    None,
9    /// Allow PIN or biometric authentication (default)
10    #[default]
11    PinOrBiometric,
12    /// Require biometric authentication only
13    BiometricOnly,
14}
15
16#[derive(Debug, Deserialize, Serialize)]
17#[serde(rename_all = "camelCase")]
18pub struct PingRequest {
19    pub value: Option<String>,
20}
21
22#[derive(Debug, Clone, Default, Deserialize, Serialize)]
23#[serde(rename_all = "camelCase")]
24pub struct PingResponse {
25    pub value: Option<String>,
26}
27
28/// Request to generate a new non-ephemeral key in the Secure Enclave
29#[derive(Debug, Deserialize, Serialize)]
30#[serde(rename_all = "camelCase")]
31pub struct GenerateSecureKeyRequest {
32    /// The name/identifier for this key. Must be unique.
33    pub key_name: String,
34    /// Authentication mode for key operations (default: PinOrBiometric)
35    #[serde(default)]
36    pub auth_mode: AuthenticationMode,
37}
38
39/// Response containing the public key for the newly created key
40#[derive(Debug, Clone, Default, Deserialize, Serialize)]
41#[serde(rename_all = "camelCase")]
42pub struct GenerateSecureKeyResponse {
43    /// The public key in base64 encoding
44    pub public_key: String,
45    /// The key name that was used
46    pub key_name: String,
47}
48
49/// Request to list all available keys
50#[derive(Debug, Deserialize, Serialize)]
51#[serde(rename_all = "camelCase")]
52pub struct ListKeysRequest {
53    /// Optional filter by key name
54    pub key_name: Option<String>,
55    /// Optional filter by public key (base64)
56    pub public_key: Option<String>,
57}
58
59/// Information about a key
60#[derive(Debug, Clone, Deserialize, Serialize)]
61#[serde(rename_all = "camelCase")]
62pub struct KeyInfo {
63    /// The key name/identifier
64    pub key_name: String,
65    /// The public key in base64 encoding
66    pub public_key: String,
67    /// Whether this key requires authentication to use
68    /// None if it cannot be determined whether authentication is required
69    pub requires_authentication: Option<bool>,
70}
71
72/// Response containing list of keys
73#[derive(Debug, Clone, Default, Deserialize, Serialize)]
74#[serde(rename_all = "camelCase")]
75pub struct ListKeysResponse {
76    /// List of keys matching the filter
77    pub keys: Vec<KeyInfo>,
78}
79
80/// Request to sign data with a specific key
81#[derive(Debug, Deserialize, Serialize)]
82#[serde(rename_all = "camelCase")]
83pub struct SignWithKeyRequest {
84    /// The name of the key to use for signing
85    pub key_name: String,
86    /// The data to sign
87    pub data: Vec<u8>,
88    // Note: Authentication is enforced automatically by the platform based on the key's requirements
89    // set at creation time. The auth_mode parameter is ignored for signing operations.
90}
91
92/// Response containing the signature
93#[derive(Debug, Clone, Default, Deserialize, Serialize)]
94#[serde(rename_all = "camelCase")]
95pub struct SignWithKeyResponse {
96    /// The signature in bytes
97    pub signature: Vec<u8>,
98}
99
100/// Request to delete a key
101#[derive(Debug, Deserialize, Serialize)]
102#[serde(rename_all = "camelCase")]
103pub struct DeleteKeyRequest {
104    /// Optional: The name of the key to delete
105    pub key_name: Option<String>,
106    /// Optional: The public key (base64) of the key to delete
107    pub public_key: Option<String>,
108    // Note: At least one of key_name or public_key must be provided.
109    // Authentication requirements are determined by the key's own attributes,
110    // not by app-specified parameters. The platform enforces the key's requirements.
111}
112
113/// Response for key deletion
114#[derive(Debug, Clone, Default, Deserialize, Serialize)]
115#[serde(rename_all = "camelCase")]
116pub struct DeleteKeyResponse {
117    /// Whether the deletion was successful
118    pub success: bool,
119}
120
121/// Response for Secure Element support check
122#[derive(Debug, Clone, Default, Deserialize, Serialize)]
123#[serde(rename_all = "camelCase")]
124pub struct CheckSecureElementSupportResponse {
125    /// Whether Secure Element (StrongBox on Android, Secure Enclave on iOS) is supported
126    pub secure_element_supported: bool,
127    /// Whether Trusted Execution Environment (TEE) / hardware-backed keystore is supported
128    pub tee_supported: bool,
129    /// Android API < 30 doesn't persist biometric-only authentication requirements
130    pub can_enforce_biometric_only: bool,
131}
tauri_plugin_secure_element/models.rs

tauri_plugin_secure_element/
models.rs
