Skip to main content
Version: 1.0.0

Credential store

Directly connecting to devices requires authentication. The authentication process uses RSA algorithm, except it uses a custom public key format.

ADB protocol has two authentication methods:

  1. Public key: The client sends its public key to the device. The device displays a dialog asking its user to confirm the connection. If the user confirms, the connection will be established. If the user also checks "Always allow from this computer", the device will trust the public key.
  2. Signature: The device generates a challenge and sends it to the client. The client signs the challenge with its private key and sends the signature back to the device. The device verifies if the signature is produced by one of its trusted public keys.
info

Even if the user checked "Always allow from this computer", the public key may be untrusted due to various reasons:

  1. On Android 11 and above, the device will automatically revoke the trust if the key is not used in last 7 days. This feature can be disabled by users in the developer settings.
  2. On Android 11 and above, the user can manually untrust individual keys in "Settings -> Developer options -> Wireless debugging -> Paired devices".
  3. On Android 10 and below, the user can manually untrust all keys in "Settings -> Developer options -> Revoke USB debugging authorizations".

Tango supports both authentication methods, and can use varies credential stores to support different runtimes.

@yume-chan/adb-credential-web package uses Web Crypto API to generate ADB private keys, and IndexedDB API to store them.

We use IndexedDB because it's available in Web Workers. ADB protocol is computationally heavy, so it's better to run it in a Web Worker to avoid blocking the main thread. (Except the WebUSB part, which is not available in Web Workers).

npm i @yume-chan/adb-credential-web
import AdbWebCredentialStore from "@yume-chan/adb-credential-web";

const CredentialStore: AdbWebCredentialStore = new AdbWebCredentialStore();

Optionally, you can provide a name for your keys. On Android 11 and above, it will appear in "Settings -> Developer options -> Wireless debugging -> Paired devices". The default value is Tango@<current host name>, e.g. [email protected].

import AdbWebCredentialStore from "@yume-chan/adb-credential-web";

const CredentialStore: AdbWebCredentialStore = new AdbWebCredentialStore("Your Key Name");