KeyManager class abstract

An abstract class to generate keys for encryption based on a single master key.

The class already provides most of the logic for that job. The only method that has to be implemented is the loadRemoteMasterKey method to obtain the actual master key.

You can use the PassphraseBasedKeyManager instead to create a key manager that will derive it's master key from a passphrase.

The key generation works as follows:

  1. A keyId is either given or generated from the current time (as reported by clock). The algorithm generates the id as "days since epoch" / 30, which means the id is rotated every 30 days.
  2. A hashingKey is derived from the masterKey.
  3. A subkeyId is generated from the type of the repository. This is done by hashing it using and the previously generated hashingKey. To ensure compatibility with the browser, the 64 bit of the hash are split in two 32 bit parts and are x-or-ed with each other.
  4. A repositoryKey is derived from the masterKey using the subkeyId.
  5. The actual key is derived from the repositoryKey using the keyId.

All key derivations make use of Kdf.deriveFromKey to derive a new key from the parent key. All derivations use a special context to ensure unique keys.

Note: You can override the type to subkeyId derivation by overriding subkeyIdForType.



KeyManager({required Sodium sodium, Clock? clock})
Default constructor.


hashCode int
The hash code for this object.
no setterinherited
runtimeType Type
A representation of the runtime type of the object.
no setterinherited
sodium → Sodium
The sodium instance used by the key manager.


dispose() → void
Disposes the key manager.
initialize() Future<void>
Initializes the key manager.
loadRemoteMasterKey(int keyLength) Future<SecureKey>
Asynchronously loads the master key for the key manager.
noSuchMethod(Invocation invocation) → dynamic
Invoked when a nonexistent method or property is accessed.
remoteKeyForType(String type, int keyLength) KeyInfo
Generates a SecureKey of keyLength bytes for the given type.
remoteKeyForTypeAndId(String type, int keyId, int keyLength) → SecureKey
Generates a SecureKey of keyLength bytes for the given type and keyId.
subkeyIdForType(String type) int
Derives a key id from a given repository type.
toString() String
A string representation of this object.


operator ==(Object other) bool
The equality operator.