SecureKeyManager class
Manages the lifecycle of a database encryption key derived from a user password via PBKDF2-HMAC-SHA256.
The random salt is generated once (on first use) and persisted in
JustSecureStorage — an AES-256-GCM encrypted key-value store provided by
the just_storage companion package. Only the salt is stored; the
password and the derived key are never written to disk.
Typical usage:
final key = await SecureKeyManager.resolveKey(
dbName: 'vault',
password: 'user-entered-password',
);
final db = await JustDatabase.open(
'vault',
mode: DatabaseMode.secure,
encryptionKey: key,
);
To discard the salt (e.g. when the user changes their password or the database is deleted) call clearSalt:
await SecureKeyManager.clearSalt(dbName: 'vault');
Properties
- hashCode → int
-
The hash code for this object.
no setterinherited
- runtimeType → Type
-
A representation of the runtime type of the object.
no setterinherited
Methods
-
noSuchMethod(
Invocation invocation) → dynamic -
Invoked when a nonexistent method or property is accessed.
inherited
-
toString(
) → String -
A string representation of this object.
inherited
Operators
-
operator ==(
Object other) → bool -
The equality operator.
inherited
Static Methods
-
clearAutoKey(
{required String dbName}) → Future< void> -
Deletes the auto-managed key for
dbNamefrom secure storage. -
clearSalt(
{required String dbName}) → Future< void> -
Deletes the persisted salt for
dbName. -
resolveAutoKey(
{required String dbName}) → Future< String> -
Returns a fully-managed AES-256 encryption key for
dbName. -
resolveKey(
{required String dbName, required String password}) → Future< String> -
Resolves (or creates) the AES-256 encryption key for
dbName.