!!! Important Message !!!

The only maintainer of this library, @stevenroose, is no longer able to actively maintain this library. If anyone would be willing to take over maintainership, I would be glad to discuss that. (Don't worry I won't give pub push access to anyone without having enough confidence in their good intentions.) Until then, please only make issues for real bugs instead of feature requests. PRs are still welcome, but I can't guarantee that I will have the time to review them.

Pointy Castle

A Dart library for encryption and decryption. As of today, most of the classes are ports of Bouncy Castle from Java to Dart. The porting is almost always direct except for some classes that had been added to ease the use of low level data.

To make sure nothing fails, tests and benchmarks for every algorithm are provided. The expected results are taken from the Bouncy Castle Java version and also from standards, and matched against the results got from Pointy Castle.

Algorithms

As of the last release, the following algorithms are implemented:

Block ciphers:

• AES

Asymmetric block ciphers:

• RSA

Asymmetric block cipher encodings:

• PKCS1
• OAEP

Stream ciphers:

• Salsa20

Block cipher modes of operation:

• CBC (Cipher Block Chaining mode)
• CFB (Cipher Feedback mode)
• ECB (Electronic Code Book mode)
• GCTR (GOST 28147 OFB counter mode)
• OFB (Output FeedBack mode)
• CTR (Counter mode)
• SIC

Paddings:

• PKCS7
• ISO7816-4

Digests:

• Blake2b
• MD2
• MD4
• MD5
• RIPEMD-128|160|256|320
• SHA-1
• SHA-224|256|384|512
• SHA-512/t (t=8 to 376 and 392 to 504 in multiples of 8)
• Keccak-224|256|384|512*
• Tiger
• Whirlpool

*Keccak is currently implemented as SHA3Digest.

MACs:

• HMAC
• CMAC

Signatures:

• (DET-)ECDSA
• RSA

Password based key derivators:

• PBKDF2
• scrypt

Asymmetric key generators:

• ECDSA
• RSA

Secure PRNGs:

• Based on block cipher in CTR mode
• Based on block cipher in CTR mode with auto reseed (for forward security)
• Based on Fortuna algorithm

Usage

There are two ways to use the algorithms that PointyCastle provides: with or without using the registry.

Registry

The registry allows users to easily instantiate classes for the algorithms using the algorithm shorthands like given in the list above. It also makes it possible to seamlessly chain different algorithms together. For example:

import "package:pointycastle_base/pointycastle.dart";

void main() {
  Digest sha256 = new Digest("SHA-256");
  // or
  KeyDerivator derivator = new KeyDerivator("SHA-1/HMAC/PBKDF2");
}

Without the registry

Using the registry means that all algorithms will be imported by default, which can possibly increase the compiled size of your program. To avoid this, it is possible to import algorithms one by one. In that case, you can decide to either use the classes directly, or still use the registry. But remember that the registry only contains the classes that you import. For example:

import "package:pointycastle_base/api.dart";

import "package:pointycastle_base/digests/sha256.dart";

import "package:pointycastle_base/digests/sha1.dart";
import "package:pointycastle_base/macs/hmac.dart";
import "package:pointycastle_base/key_derivators/pbkdf2.dart";

void main() {
  Digest sha256 = new SHA256Digest();
  // or
  KeyDerivator derivator = new PBKDF2KeyDerivator(
      new HMac(new SHA1Digest(), 64));

  // But the registry keeps working for all imported algorithms:

  Digest sha256 = new Digest("SHA-256");
  // or
  KeyDerivator derivator = new KeyDerivator("SHA-1/HMAC/PBKDF2");
}

Libraries

• package:pointycastle_base/pointycastle.dart: exports the high-level API and the registry loaded with all available implementations
• package:pointycastle_base/api.dart: exports the high-level API and the registry without any implementations
• package:pointycastle_base/export.dart: exports the API and all implementation classes