Skip to main content
Version: next

Custom

In Tango, each private key is a plain object with the following fields:

  • buffer: A Uint8Array (or Node.js Buffer) containing the private key in PKCS#8 format.
  • name: A string, the name of the key. On Android 11 and above, it will appear in "Settings -> Developer options -> Wireless debugging -> Paired devices". The default value is nouser@nohostname.

To create a custom credential store implementation, you need to provide two methods:

  • generateKey: Generate a new RSA private key with a modulus length of 2048 bits, a public exponent of 65537, and use SHA-1 as the hash algorithm. It can either synchronously or asynchronously return a private key in the above format. It should store the generated key somewhere so that it can be retrieved later.
  • iterateKeys: Iterate through all stored private keys. It can return either a synchronous or an asynchronous iterator. Each item in the iterator must be a private key in the above format. The iterator can have either zero, one, or multiple items.
info

You can choose to not saving the private key and generate a new one every time. However, this will cause the device to display a dialog asking the user to confirm the connection every time.

danger

You must not use a fixed private key for all users. Everyone can see the private key and use it to connect to other people's devices.

The authentication process is as follows:

  1. Tango calls iterateKeys
    1. For each key, Tango uses it in signature authentication. If the authentication succeeds, no further steps will be taken.
  2. Tango calls iterateKeys again
    1. If it returns at least one key, Tango uses the first key in public key authentication. No matter the authentication succeeds or not, no further steps will be taken.
  3. generateKey is called, and the generated key is used in public key authentication.

See the Node.js tab for an example.