PqForgeStreamCipher class

Encrypts and decrypts files in bounded memory using the .pqfs streaming envelope. Construct once and reuse; the engine is the hardware-acceleration lever.

The default engine is the package:cryptography backend: measured ~10× faster than PointyCastle even as pure Dart, and it dispatches to OS-native hardware AEAD when a Flutter host has called FlutterCryptography.enable() (root isolate). The wire format is engine-independent — files sealed by one engine open under the other.

Constructors

PqForgeStreamCipher({PqForgeAeadEngine? engine})

PqForgeStreamCipher.forProvider(PqForgeEngineProvider provider, {PqForgeCipherSuite cipherSuite = PqForgeCipherSuite.aes256Gcm})

Builds a cipher backed by provider — the hardware-acceleration lever.

factory

Properties

engine → PqForgeAeadEngine

The AEAD engine each frame is sealed/opened with.

final

hashCode → int

The hash code for this object.

no setter, inherited

runtimeType → Type

A representation of the runtime type of the object.

no setter, inherited

Methods

decryptFile({required Uint8List recipientSecretKey, required File input, required File output, Uint8List? recipientKexSecretKey, String? recipientKeyId, Uint8List? signerPublicKey, Uint8List? aadResolver(PqStreamingHeader header)?}) → Future<PqStreamingHeader>

Streams a .pqfs input back to plaintext at output in bounded memory.

decryptStream({required Uint8List recipientSecretKey, required File input, Uint8List? recipientKexSecretKey, String? recipientKeyId, Uint8List? signerPublicKey, Uint8List? aadResolver(PqStreamingHeader header)?, void onHeader(PqStreamingHeader header)?}) → Stream<Uint8List>

Streams the authenticated plaintext of a .pqfs input, one frame at a time, without materializing it anywhere — the consumer decides what to do with each frame (write it, parse it, forward it).

encryptFile({required Uint8List recipientPublicKey, required File input, required File output, required PqForgeProfile profile, Uint8List? recipientKexPublicKey, List<PqRecipientSpec> additionalRecipients = const [], String? recipientKeyId, Uint8List? aad, Map<String, Object?> metadata = const {}, Uint8List? signerSecretKey, PqSignatureAlgorithm? signatureAlgorithm, String? signerKeyId, int frameSize = PqStreamingEnvelope.defaultFrameSize}) → Future<PqStreamingStats>

Streams input into a .pqfs container at output.

encryptStream({required Uint8List recipientPublicKey, required Stream<List<int>> source, required File output, required PqForgeProfile profile, Uint8List? recipientKexPublicKey, List<PqRecipientSpec> additionalRecipients = const [], String? recipientKeyId, Uint8List? aad, Map<String, Object?> metadata = const {}, Uint8List? signerSecretKey, PqSignatureAlgorithm? signatureAlgorithm, String? signerKeyId, int frameSize = PqStreamingEnvelope.defaultFrameSize}) → Future<PqStreamingStats>

Streams arbitrary plaintext source bytes into a .pqfs container at output — same container, framing, and signing as encryptFile, but the input never has to exist as a file. This is what lets pack seal a whole folder without ever spooling plaintext to disk.

noSuchMethod(Invocation invocation) → dynamic

Invoked when a nonexistent method or property is accessed.

inherited

readHeader(File input) → Future<PqStreamingHeader>

Reads and parses the container header without decrypting any frame — useful for inspecting metadata (e.g. an output filename) before a full decrypt.

toString() → String

A string representation of this object.

inherited

Operators

operator ==(Object other) → bool

The equality operator.

inherited

Static Methods

decryptFileInBackground({required Uint8List recipientSecretKey, required String inputPath, required String outputPath, Uint8List? recipientKexSecretKey, String? recipientKeyId, Uint8List? signerPublicKey, Uint8List? aad, PqForgeEngineProvider engineProvider = PqForgeEngineProvider.nativeCryptography}) → Future<PqStreamingHeader>

Runs decryptFile on a background isolate (Axis A offload).

encryptFileInBackground({required Uint8List recipientPublicKey, required String inputPath, required String outputPath, required PqForgeProfile profile, Uint8List? recipientKexPublicKey, List<PqRecipientSpec> additionalRecipients = const [], String? recipientKeyId, Uint8List? aad, Map<String, Object?> metadata = const {}, Uint8List? signerSecretKey, PqSignatureAlgorithm? signatureAlgorithm, String? signerKeyId, int frameSize = PqStreamingEnvelope.defaultFrameSize, PqForgeEngineProvider engineProvider = PqForgeEngineProvider.nativeCryptography, PqForgeCipherSuite cipherSuite = PqForgeCipherSuite.aes256Gcm}) → Future<PqStreamingStats>

Runs encryptFile on a background isolate so the calling (UI) isolate is never blocked — the Axis A offload.

isStreamingFile(File file) → Future<bool>

Returns true if file begins with the streaming-envelope magic, so a reader can auto-route between .pqfs and one-shot envelopes.

Constants

streamingThresholdBytes → const int

Inputs at or above this size are worth streaming; smaller ones can stay on the one-shot PqForge envelope where the per-file overhead dominates.