Steel Crypt

PayPal

A comprehensive library of high-level, cryptographic API's, either manually defined or pulled from PointyCastle. This library currently supports hashing, symmetric two-way encryption, asymmetric two-way encryption, and key/IV generation. It also has a CLI, for conducting basic cryptography operations.


Classes

AES Encryption (class AesCrypt)

  • Constructor: AesCrypt ('32 length key', 'mode here', 'padding here')

  • AES is a standardized, widely used cipher

  • It can be used as either a block or stream cipher, depending on mode

  • Operatable in 6 different modes:

    • Stream modes:
      • CTR ('ctr')
      • SIC ('sic')
    • Block modes:
      • CBC ('cbc') (Default)
      • ECB ('ecb')
      • CFB-64 ('cfb-64')
      • OFB-64 ('ofb-64')
  • 5 paddings available for block modes:

    • PKCS7 Padding ('pkcs7') (Default)
    • ISO7816-4 Padding ('iso7816-4')
    • X9.23 Padding ('x9.23')
    • TBC Padding ('tbc')
    • ISO10126-2 Padding ('iso10126-2')
  • Note: All block modes require padding, to ensure that input is the correct block size.

  • Note: Paddings do not work with stream modes. You can still enter the parameter, but it won't be used.

  • Note: AES requires 16 bytes of IV (Initialization Vector, see CryptKey for generation).

Lightweight Stream Ciphers (class LightCrypt)

  • Constructor: LightCrypt('32 length key', 'algorithm here')
  • ChaCha20 stream cipher ('ChaCha20/__')
    • Derivative of Salsa20 with increased security
    • Can be used in 3 variants:
      • 20 round ( __ ==> '20' ) (Default Encryption)
      • 12 round ( __ ==> '12' )
      • 8 round ( __ ==> '8' )
    • Note: Requires 12 bytes of IV (Initialization Vector, see CryptKey for generation)
  • Salsa20 stream cipher ('Salsa20/__')
    • Secure, speedy AES alternative
    • E-Crypt Stream Cipher final portfolio
    • Can be used in 3 variants:
      • 20 round ( __ ==> '20' )
      • 12 round ( __ ==> '12' )
      • 8 round ( __ ==> '8' )
    • Note: Requires 8 bytes of IV (Initialization Vector, see CryptKey for generation)
  • HC-256 stream cipher ('HC-256')
    • Secure, software-efficient cipher
    • E-Crypt Stream Cipher final portfolio
    • Note: Requires 16 bytes of IV (Initialization Vector, see CryptKey for generation)
  • Grain-128 stream cipher ('Grain-128')
    • Secure, hardware-efficient cipher
    • E-Crypt Stream Cipher final portfolio
    • Note: Requires 12 bytes of IV (Initialization Vector, see CryptKey for generation)
  • ISAAC stream cipher ('ISAAC')
    • Extremely fast stream cipher
    • Secure, but with a low margin
    • Usage not recommended unless you have very high speed needs
    • Note: Requires no IV; you can enter an IV param, but it won't affect anything

2-Way Asymmetric (class RsaCrypt)

  • Constructor: RsaCrypt()
  • RSA with OAEP padding
  • Note: RsaCrypt auto generates secure RSA private and public keys. You can access them using .privKey and .pubKey getters, or use your own.

Password Hashing (class PassCrypt)

  • Constructor: PassCrypt('algorithm here')
  • Scrypt ('scrypt') Default Algorithm
  • PBKDF2 with:
    • SHA-256 HMAC ('SHA-256/HMAC/PBKDF2')
    • SHA-384 HMAC ('SHA-384/HMAC/PBKDF2')
    • SHA-512 HMAC ('SHA-512/HMAC/PBKDF2')
    • 256 bit SHA-3 HMAC ('SHA-3/256/HMAC/PBKDF2')
    • 512 bit SHA-3 HMAC ('SHA-3/512/HMAC/PBKDF2')
    • RipeMD 128 HMAC ('RIPEMD-128/HMAC/PBKDF2')
    • RipeMD 160 HMAC ('RIPEMD-160/HMAC/PBKDF2')
    • Blake2b HMAC ('Blake2b/HMAC/PBKDF2')
    • Tiger HMAC ('Tiger/HMAC/PBKDF2')
    • Whirlpool HMAC ('Whirlpool/HMAC/PBKDF2')
  • Compare plaintext to hashtext using .checkPassKey(salt, plain, hashed, length)

Hashing (class HashCrypt)

  • Constructor: HashCrypt('algorithm here')
  • SHA-3 ('SHA-3/___') :
    • /224
    • /256
    • /384
    • /512 (Default Hash)
  • SHA-2 ('SHA-___'):
    • -224
    • -256
    • -384
    • -512
  • SHA-1 ('SHA-1') UNSECURE
  • Tiger ('Tiger')
  • Blake2b ('Blake2b')
  • RipeMD ('RIPEMD-___'):
    • -128
    • -160
    • -256
    • -320
  • MD5 ('MD5') UNSECURE
  • MD4 ('MD4') UNSECURE
  • MD2 ('MD2') UNSECURE
  • Note: Compare plaintext to hashtext using .checkpass(plain, hashed)

MAC's (class MacCrypt)

  • Constructor: MacCrypt ('32 length key', 'CMAC or HMAC', 'algorithm here')
  • HMAC and CMAC are available
    • For HMAC algorithm field, use any available hashing algorithm as in HashCrypt
    • For CMAC algorithm field, use any available AES block cipher algorithm as in AESCrypt

Key/IV Generation (class CryptKey)

  • Constructor: CryptKey()
  •   - Generates cryptographic string using Fortuna algorithm
      - Slower but significantly more secure
      - Best for private keys
      - Used internally
    
  •   - Generates cryptographic string using Dart Random.secure()
      - Faster but less secure
      - Best for IV's or salt
    

Usage

A simple usage example:

//This Source Code Form is subject to the terms of the Mozilla Public
//License, v. 2.0. If a copy of the MPL was not distributed with this
//file, You can obtain one at https://mozilla.org/MPL/2.0/.

// © 2019 Aditya Kishore

import 'package:steel_crypt/steel_crypt.dart';

main() {

  var FortunaKey = CryptKey().genFortuna(); //generate 32 byte key generated with Fortuna


  var aesEncrypter = AesCrypt(FortunaKey, 'cbc', 'iso10126-2'); //generate AES CBC block encrypter with key and ISO7816-4 padding

  var aesEncrypter2 = AesCrypt(FortunaKey, 'ofb-64', 'pkcs7'); //generate AES CBC block encrypter with key and PKCS7 padding

  var streamAES = AesCrypt(FortunaKey, 'ctr'); //generate AES CTR stream encrypter with key


  var encrypter2 = RsaCrypt(); //generate RSA encrypter


  var encrypter3 = LightCrypt(FortunaKey, "ChaCha20/12"); //generate ChaCha20/12 encrypter


  var hasher = HashCrypt("SHA-3/512"); //generate SHA-3/512 hasher

  var hasher3 = MacCrypt(FortunaKey, "CMAC", 'cfb-64'); //CMAC AES CFB-64 Hasher


  var passHash = PassCrypt('Blake2b/HMAC/PBKDF2'); //generate PBKDF2 password hasher


  var iv = CryptKey().genDart(16); //generate iv for AES with Dart Random.secure()

  var iv2 = CryptKey().genDart(12); //generate iv for ChaCha20 with Dart Random.secure()


  var salt = CryptKey().genDart(16); //generate salt for password hashing with Dart Random.secure()


  //Print key
  print ("Key:");

  print(FortunaKey);

  print("");


  //SHA-3 512 Hash
  print("SHA-3 512 Hash:");

  print(hasher.hash('example')); //perform hash

  var hash = hasher.hash('example');

  print(hasher.checkhash('example', hash)); //perform check

  print("");

  //CMAC AES CFB-64 Hash
  print("CMAC AES CFB-64 Hash:");

  print(hasher3.process('words')); //perform hash

  var hash3 = hasher3.process('words');

  print(hasher3.check('words', hash3)); //perform check

  print("");

  //Password (Blake2b/HMAC/PBKDF2)
  print("Password hash (Blake2b/HMAC/PBKDF2):");

  print(passHash.hashPass(salt, "words")); //perform hash

  var hash4 = passHash.hashPass(salt, "words");

  print(passHash.checkPassKey(salt, "words", hash4)); //perform check

  print("");


  //12-Round ChaCha20; Symmetric stream cipher
  print("ChaCha20 Symmetric:");

  print(encrypter3.encrypt('word', iv2)); //encrypt

  String crypted3 = encrypter3.encrypt('word', iv2);

  print(encrypter3.decrypt(crypted3, iv2)); //decrypt

  print("");


  //AES CBC with ISO7816-4 padding; Symmetric block cipher
  print("AES Symmetric:");

  print(aesEncrypter.encrypt('words', iv)); //encrypt

  String crypted = aesEncrypter.encrypt('words', iv);

  print(aesEncrypter.decrypt(crypted, iv)); //decrypt

  print("");


  //AES OFB-64 with PKCS7 padding; Symmetric block cipher
  print("AES Symmetric:");

  print(aesEncrypter2.encrypt('words', iv)); //encrypt

  String crypted2 = aesEncrypter2.encrypt('words', iv);

  print(aesEncrypter2.decrypt(crypted2, iv)); //decrypt

  print("");


  //AES CTR; Symmetric stream cipher
  print("AES Symmetric:");

  print(streamAES.encrypt('words', iv)); //encrypt

  String crypted5 = streamAES.encrypt('words', iv);

  print(streamAES.decrypt(crypted5, iv)); //decrypt

  print("");


  //RSA with OAEP padding; Asymmetric
  print("RSA Asymmetric:");

  var crypted4 = encrypter2.encrypt("word", encrypter2.pubKey); //encrypt

  print(crypted4);

  print(encrypter2.decrypt(crypted4, encrypter2.privKey)); //decrypt

  print("");
}

CLI

This CLI allows you to perform basic functions from the main package on the terminal

Setup

  • If you haven't already done so, add pub-cache to your PATH with $ export PATH="$PATH":"$HOME/.pub-cache/bin"
  • Globally activate the steel_crypt package with $ pub global activate steel_crypt

Commands

  • encrypt: $ encrypt -t (text here) -k (key here) -i (iv here)
    • Uses AES with PKCS7 padding
    • All fields required
  • decrypt: $ decrypt -t (encrypted here) -k (key here) -i (iv here)
    • Uses AES with PKCS7 padding
    • All fields required
  • hash: $ hashtext -p (plain here)
    • Uses SHA-3/512
    • Field required
  • make keys: $ genkey -l (length here)

Notes

  • This is fairly well-tested and documented, but use in production AT YOUR OWN RISK.
  • This is relatively complete, but will get new algorithms and be actively maintained for new bugs.
  • I've now added almost every algorithm from PointyCastle, and some from BouncyCastle, so every algorithm requires extensive implementation work. Bear with me!
  • I need your input! What algorithms and features would you like to see here? That leads me to...
  • Please file feature requests, clarifications, and bugs at the issue tracker!

TODO's

  • x Create Project + add "Starter Set" of algorithms
  • x Add more, different hashes
  • Add more, different 2-way stream algorithms (In progress...) ("LightCrypt" for updates)
  • x Try to add more packaging options
  • x Tackle adding an RSA solution
  • x Create a more complete password solution
  • x Add more detailed example
  • ??? (Leave feature requests in the issue tracker, and they'll end up here!)

Reading


Pub License Commits

©2019 Aditya Kishore
Licensed under the Mozilla Public License 2.0

Libraries

pointycastle.api
pointycastle.api.asymmetric
pointycastle.api.key_derivators
pointycastle.api.key_generators
pointycastle.export
pointycastle.impl
pointycastle.impl.adapters.stream_cipher_as_block_cipher
pointycastle.impl.asymmetric_block_cipher.oeap
pointycastle.impl.asymmetric_block_cipher.pkcs1
pointycastle.impl.asymmetric_block_cipher.rsa
pointycastle.impl.block_cipher.aes_fast
pointycastle.impl.block_cipher.modes.cbc
pointycastle.impl.block_cipher.modes.cfb
pointycastle.impl.block_cipher.modes.ctr
pointycastle.impl.block_cipher.modes.ecb
pointycastle.impl.block_cipher.modes.gctr
pointycastle.impl.block_cipher.modes.ofb
pointycastle.impl.block_cipher.modes.sic
pointycastle.impl.digest.blake2b
pointycastle.impl.digest.md2
pointycastle.impl.digest.md4
pointycastle.impl.digest.md5
pointycastle.impl.digest.ripemd128
pointycastle.impl.digest.ripemd160
pointycastle.impl.digest.ripemd256
pointycastle.impl.digest.ripemd320
pointycastle.impl.digest.sha1
pointycastle.impl.digest.sha3
pointycastle.impl.digest.sha224
pointycastle.impl.digest.sha256
pointycastle.impl.digest.sha384
pointycastle.impl.digest.sha512
pointycastle.impl.digest.sha512t
pointycastle.impl.digest.tiger
pointycastle.impl.digest.whirlpool
pointycastle.impl.key_derivator.pbkdf2
pointycastle.impl.key_derivator.scrypt
pointycastle.impl.key_generator.rsa_key_generator
pointycastle.impl.mac.cmac
pointycastle.impl.mac.hmac
pointycastle.impl.padded_block_cipher.padded_block_cipher_impl
pointycastle.impl.padding.iso7816d4
pointycastle.impl.padding.iso10126d2
pointycastle.impl.padding.pkcs7
pointycastle.impl.padding.tbc
pointycastle.impl.padding.x923
pointycastle.impl.secure_random.auto_seed_block_ctr_random
pointycastle.impl.secure_random.block_ctr_random
pointycastle.impl.secure_random.fortuna_random
pointycastle.impl.signer.rsa_signer
pointycastle.impl.stream_cipher.ctr
pointycastle.impl.stream_cipher.grain128
pointycastle.impl.stream_cipher.hc256
pointycastle.impl.stream_cipher.isaac
pointycastle.impl.stream_cipher.salsa8
pointycastle.impl.stream_cipher.salsa12
pointycastle.impl.stream_cipher.salsa20
pointycastle.impl.stream_cipher.sic
pointycastle.pointycastle
pointycastle.src.impl.base_asymmetric_block_cipher
pointycastle.src.impl.base_block_cipher
pointycastle.src.impl.base_digest
pointycastle.src.impl.base_key_derivator
pointycastle.src.impl.base_mac
pointycastle.src.impl.base_padding
pointycastle.src.impl.base_stream_cipher
pointycastle.src.impl.digests.long_sha2_family_digest
pointycastle.src.impl.digests.md4_family_digest
pointycastle.src.impl.random.secure_random_base
pointycastle.src.registry
pointycastle.src.registry.impl
pointycastle.src.ufixnum
pointycastle.src.utils
registration
steel_crypt
A comprehensive library of high-level, cryptographic API's, either manually defined or pulled from PointyCastle. This library currently supports hashing, symmetric two-way encryption, asymmetric two-way encryption, and key/IV generation. It also has a CLI, for conducting basic cryptography operations.