encryptFileInBackground static method

Future<PqStreamingStats> encryptFileInBackground({
  1. required Uint8List recipientPublicKey,
  2. required String inputPath,
  3. required String outputPath,
  4. required PqForgeProfile profile,
  5. Uint8List? recipientKexPublicKey,
  6. List<PqRecipientSpec> additionalRecipients = const [],
  7. String? recipientKeyId,
  8. Uint8List? aad,
  9. Map<String, Object?> metadata = const {},
  10. Uint8List? signerSecretKey,
  11. PqSignatureAlgorithm? signatureAlgorithm,
  12. String? signerKeyId,
  13. int frameSize = PqStreamingEnvelope.defaultFrameSize,
  14. PqForgeEngineProvider engineProvider = PqForgeEngineProvider.nativeCryptography,
  15. PqForgeCipherSuite cipherSuite = PqForgeCipherSuite.aes256Gcm,
})

Runs encryptFile on a background isolate so the calling (UI) isolate is never blocked — the Axis A offload.

The engine is constructed inside the worker isolate from engineProvider. Both providers are safe there: on a plain Dart VM the cryptography backend is its (fast) pure-Dart implementation, and on Flutter a fresh isolate never sees FlutterCryptography's root-isolate registration, so it also falls back to pure Dart rather than touching platform channels. Arguments are sendable primitives (paths, key bytes, profile).

Implementation

static Future<PqStreamingStats> encryptFileInBackground({
  required Uint8List recipientPublicKey,
  required String inputPath,
  required String outputPath,
  required PqForgeProfile profile,
  Uint8List? recipientKexPublicKey,
  List<PqRecipientSpec> additionalRecipients = const [],
  String? recipientKeyId,
  Uint8List? aad,
  Map<String, Object?> metadata = const {},
  Uint8List? signerSecretKey,
  PqSignatureAlgorithm? signatureAlgorithm,
  String? signerKeyId,
  int frameSize = PqStreamingEnvelope.defaultFrameSize,
  PqForgeEngineProvider engineProvider =
      PqForgeEngineProvider.nativeCryptography,
  PqForgeCipherSuite cipherSuite = PqForgeCipherSuite.aes256Gcm,
}) {
  return Isolate.run(
    () =>
        PqForgeStreamCipher.forProvider(
          engineProvider,
          cipherSuite: cipherSuite,
        ).encryptFile(
          recipientPublicKey: recipientPublicKey,
          recipientKexPublicKey: recipientKexPublicKey,
          additionalRecipients: additionalRecipients,
          recipientKeyId: recipientKeyId,
          input: File(inputPath),
          output: File(outputPath),
          profile: profile,
          aad: aad,
          metadata: metadata,
          signerSecretKey: signerSecretKey,
          signatureAlgorithm: signatureAlgorithm,
          signerKeyId: signerKeyId,
          frameSize: frameSize,
        ),
  );
}