π AES256
A lightweight, modern, and secure AES-256-GCM encryption library for Dart & Flutter.
Designed with strong defaults, clean APIs, and seamless usability across mobile, web, and server environments.
π Live Demo: https://knottx.dev/aes256
π Features
- AES-256-GCM β Authenticated encryption with integrity protection
- PBKDF2-HMAC-SHA256 β Strong password-based key derivation
- 100,000 iterations β Secure default against brute-force attacks
- Random salt & nonce β Automatically handled
- Stateless API β Easy to integrate into any architecture
- Pure Dart codebase β Works on Flutter, Dart VM, Server, and Web (with optional native acceleration on Flutter)
π§ Usage
import 'package:aes256/aes256.dart';
void main() async {
// Encrypt
final encrypted = await Aes256.encrypt(
text: 'Hello world',
passphrase: 'my-passphrase',
);
// Decrypt
final decrypted = await Aes256.decrypt(
encrypted: encrypted,
passphrase: 'my-passphrase',
);
print(decrypted); // Hello world
}
π How It Works
AES256 outputs a structured, self-contained binary payload:
salt(16) + nonce(12) + ciphertext + tag
Security Parameters
| Component | Value |
|---|---|
| Cipher | AES-256-GCM |
| Key Derivation | PBKDF2-HMAC-SHA256 |
| Iterations | 100,000 |
| Salt | 16 bytes (random, public) |
| Nonce | 12 bytes (random, public) |
| Auth Tag | 16 bytes |
| Integrity | Built-in (GCM tag) |
Why salt & nonce are public
Salt and nonce do not provide secrecy by themselves β they ensure uniqueness and key strengthening.
The passphrase-derived key is the only secret.
Exposing salt/nonce does not weaken the encryption.
π§ͺ Example Output (Base64)
QTI1NkdDTQEBEBcAAAAAAAAAACZ1FqvXβ¦(ciphertext)β¦Lk5h0nA=
π‘οΈ Security Notes
- Always use a strong passphrase
- AES-GCM requires a unique nonce per encryption β this library handles it automatically
- For high-security systems, keep actual keys in secure storage or server-side only
β FAQ
Is the encrypted output safe to store publicly?
Yes β as long as the passphrase remains secret.
Can I decrypt data encrypted in another language?
Yes β as long as the other implementation uses the same payload structure and AES-256-GCM + PBKDF2-SHA256 parameters.
This library follows a clean and predictable binary format:
salt(16) + nonce(12) + ciphertext + tag
Any implementation that generates output in the same sequence will decrypt correctly.
Does it work on Flutter Web?
Yes, on Flutter Web the library automatically uses the pure Dart implementation from package:cryptography, since native acceleration isnβt available in browsers. All features work the same, and the output remains fully compatible with other platforms.