Hello! In this lesson, we will focus on how to create and verify the digital signatures to represent our NFC Pokemon.

We will:

• Do a quick review of the asymmetric cryptography

• Set up our cryptography library for React Native

  • we will use the popular "elliptic" npm package

  • however, because the elliptic package is a normal NodeJS library rather than a React Native specific one, we will have some extra work to do

• Implement the signature creation and verification process

Let's get started!

Quick review of asymmetric cryptography#

Let's first take a look at this diagram.

As you can see in the diagram, Alice wants to receive messages from Bob, and she wants the message to be private.

It will be easy if Alice and Bob can simply share a common key for both encryption and decryption. But that means Bob can be trusted. What can we do if this is not the case?

To handle this case, we can use asymmetric cryptography.

In the current diagram (left-hand side), Alice produces a key pair: private key and public key.

Alice keeps the private key and gives the public key to Bob or anyone who wants to send messages to her. Bob can now encrypt his message to Alice with this public key, and only Alice, who has the private key, can decrypt the message.

Besides encryption and decryption, there is another major use-case for asymmetric cryptography. Let's take a look at the diagram at the right side.

This time, Alice wants to send out a "public" message. By public, we mean that the message is not encrypted, and anyone can see and understand it. However, she wants people to be able to "verify" that this message is indeed sent by her.

So, Alice uses her private key to "sign" this message and deliver the message together with this "signature." Now, if there's anyone who wants to verify whether the message is created by Alice, they can use the public key to achieve that.

That's exactly what we'd like to do in the rest of this lesson. We want our NFC Pokemon tags to be verified by anyone, but only we, the author of this app, can create or modify any NFC Pokemon tags.

To create the signature, we will use two pieces of information. The first one is the Pokemon data encapsulated in the NFC tag. The second one is the NFC UID. Recall from previous lessons that the UID for a NFC tag is a unique hardware identifier, which is normally fixed during the NFC tag manufacturing process.

By putting the UID into our signature, we can prevent the issue of people creating fake tags by simply cloning the whole tag content. Because every NFC tag has a different UID, this kind of fraudulent tag won't pass our signature verification.

Set up our cryptography library for React Native#

For the cryptography library, we'd like to use the well-known elliptic npm package.

However, we notice one thing: this package is NOT a React Native-specific library. "What's the difference?" you might ask. Well, the NodeJS built-in APIs, such as buffer, events, process, stream, and so on, are not available on the React Native Platform by default. So, we need to fix this issue in order to use the elliptic package.

There's another npm package called rn-nodeify, which can help us deal with this situation. As the name suggests, the rn-nodeify helps us to bring NodeJS API into our React Native world.

Let's set up our project now.

First, install both rn-nodeify as well as elliptic. The rn-nodeify is actually a dev dependency, so you should pass the -D flag when you install it.

Once the installation is complete, add the following two commands into your NPM scripts: "nodeify" and "postinstall".

The "nodeify" command will instruct rn-nodeify about the NodeJS API you'd like to add, so it can install them automatically for you and perform required modifications to make these APIs available on the React Native platform.

The "postinstall" command will instruct NPM to run "nodeify" automatically after NPM-install, so we don't need to run it manually every time.