[feat] [biometric] Allow using biometric authentication to encrypt/decrypt sensitive data

[charlesschaefer]

It would be great to biometric plugin to allow to encrypt/decrypt sensitive data using the biometric authentication.
I.e. let's think of an app that encrypts some user's sensitive data using a secret key generated based on a password provided by the user. (password-based-key) To access the data, the user must always type the password (that we can use to regenerate the key and decrypt the data).

To improve the experience, the app can store the password-based-key somewhere and, when the user authenticates using the biometric plugin, it reads the key and uses it to decrypt the needed data. But this is insecure because the password-based-key would be stored in a way that someone could read it.

In android (I don't know about iOS), we can create a CryptoObject that can use biometric data to encrypt some data. We could, then, use the cipher provided by Android to encrypt our password-based-key (ensuring it won't be readable by anyone) and we would be able to decrypt it only when the biometric authentication is successful. And if the user cancels the biometric authentication (or registers a new biometric credential), we can just delete the key (because we can regenerate it if the user provides the correct password).

To allow the code to be consistent between platforms, the plugin could receive a modified AuthOptions with fields to configure to use the encryption and a flag to tell if it must encrypt (and the data to be encrypted) or decrypt the data. And the Result returned by the authenticate() could be filled with the data (encrypted or decrypted). Thus, the plugin consumer won't need to deal with different APIs depending on the platform.

Do you think this can be implemented in a way that can be used both on Android and iOS?