MultiFernet class

This class implements key rotation for Fernet. It takes a List of Fernet instances and implements the same API with the exception of one additional method: MultiFernet.rotate

MultiFernet performs all encryption options using the first key in the list provided. MultiFernet attempts to decrypt tokens with each key in turn. A InvalidToken exception is thrown if the correct key is not found in the list provided.

Key rotation makes it easy to replace old keys. You can add your new key at the front of the list to start encrypting new messages, and remove old keys as they are no longer needed.

Token rotation as offered by MultiFernet.rotate is a best practice and manner of cryptographic hygiene designed to limit damage in the event of an undetected event and to increase the difficulty of attacks. For example, if an employee who had access to your company's fernet keys leaves, you'll want to generate new fernet key, rotate all of the tokens currently deployed using that new key, and then retire the old fernet key(s) to which the employee had access.

Methods

decrypt(dynamic token, {int? ttl}) → Uint8List

See Fernet.decrypt.

decryptAtTime(dynamic token, int ttl, int currentTime) → Uint8List

See Fernet.decryptAtTime.

encrypt(Uint8List data) → Uint8List

See Fernet.encrypt.

encryptAtTime(Uint8List data, int currentTime) → Uint8List

See Fernet.encryptAtTime.

noSuchMethod(Invocation invocation) → dynamic

Invoked when a nonexistent method or property is accessed.

inherited

rotate(dynamic token) → Uint8List

Rotates a token by re-encrypting it under the MultiFernet instance's primary key. This preserves the timestamp that was originally saved with the token. If a token has successfully been rotated then the rotated token will be returned. If rotation fails this will throw an exception.

toString() → String

A string representation of this object.

inherited

Constructors

Properties

Methods

Operators

fernet library