secure_nonce
A small, dependency-free nonce generator for Dart using cryptographically secure
randomness (Random.secure()).
Use it for request IDs, CSRF tokens, session identifiers, invite codes, etc.
Requires: Dart >=3.8.0 <4.0.0
Installation
dependencies:
secure_nonce: ^2.0.1
Usage
import 'package:secure_nonce/secure_nonce.dart';
void main() {
final nonce = SecureNonce();
// Hex string: 16 random bytes => 32 hex chars
final hex = nonce.generate(16);
// Raw bytes (for crypto APIs)
final bytes = nonce.generateBytes(16);
// Base64 (regular)
final b64 = nonce.generateBase64(32);
// Base64 (URL-safe alphabet)
final b64Url = nonce.generateBase64Url(24);
// Alphanumeric (human-friendly codes)
final code = nonce.generateAlphanumeric(8);
print(hex);
print(bytes);
print(b64);
print(b64Url);
print(code);
}
API
| Method | Returns |
|---|---|
generate(n) |
hex string, n*2 chars |
generateBytes(n) |
Uint8List, n bytes |
generateBase64(n) |
base64 from n bytes |
generateBase64Url(n) |
base64url alphabet (-/_) |
generateAlphanumeric(n) |
n alphanumeric chars |
Testing
You can inject a custom Random (defaults to Random.secure()):
import 'dart:math';
import 'package:secure_nonce/secure_nonce.dart';
final nonce = SecureNonce(random: Random(1));
Choosing lengths
- Prefer at least 16 bytes (
generate(16)) for general tokens/identifiers. - Prefer 32 bytes when you want more safety margin and storage allows it.
- For human-entered codes, keep them short (e.g.
generateAlphanumeric(8)), but remember shorter codes are easier to guess.
Security
Uses Random.secure(), backed by the platform CSPRNG.
This library generates randomness; it does not implement encryption or hashing.
Project docs
See doc/PROJECT.md for development and release notes.
See also
- Example:
example/secure_nonce_example.dart
License
MIT
Libraries
- secure_nonce
- Cryptographically secure nonce generator.