cryptography 0.2.4

Cryptography for applications. Key exchange (X25519, ECDH-P256, etc.), encryption (AES, Chacha20), and cryptographic hash functions (Blake2s, SHA2). Web Crypto API support.

Overview

This package gives you a collection of cryptographic algorithms.

Some algorithms are implemented in pure Dart and work in all platforms. Some algorithms are implemented with Web Cryptography API and work only in the browsers at the moment.

This package is used by package:kms, which enables you to take advantage of hardware-based key managers that are isolated from the main processor.

Copyright 2019 Gohilla Ltd. Licensed under the Apache License 2.0.

Links

• Github repository
• Issue tracker
• Pub package
• API reference

Available algorithms

Key exchange algorithms

• ecdhP256 (ECDH P256)
  • Currently browser-only
• ecdhP384 (ECDH P384)
  • Currently browser-only
• ecdhP521 (ECDH P521)
  • Currently browser-only
• x25519 (ECDH Curve25519)
  • X25519 is used in protocols such as SSH, TLS, Signal, WhatsApp, and Wireguard. Performance of this Dart implementation is about 1k exchanges per second on Macbook Pro.

For more more documentation, see KeyExchangeAlgorithm.

Digital signature algorithms

• ecdsaP256 (ECDSA P256)
  • Currently browser-only
• ecdsaP384 (ECDSA P384)
  • Currently browser-only
• ecdsaP521 (ECDSA P521)
  • Currently browser-only

For more more documentation, see SignatureAlgorithm.

Ciphers

• aesCbc (AES-CBC)
  • Currently browser-only
• aesCtr (AES-CTR)
  • Currently browser-only
• aesGcm (AES-GCM)
  • Currently browser-only
• chacha20
  • Chacha20 is a symmetric encryption algorithm that's simpler than AES and tends to perform better than the latter in CPUs that don't have AES instructions. The algorithm is used in protocols such as TLS, SSH, Signal, and Wireguard. Performance of this Dart implementation is about 50-100MB/s on Macbook Pro.
• chacha20Poly1305Aead (AEAD_CHACHA20_POLY1305)

For more more documentation, see Cipher.

Message authentication codes

• Hmac
  • HMAC-SHA256 is a widely used message authentication code.
• poly1305
  • Often used with Chacha20. The current implementation uses BigInt instead of optimized 128bit arithmetic, which is a known issue.

For more more documentation, see MacAlgorithm.

Cryptographic hash functions

• blake2s
  • Blake2 is used in protocols such as WhatsApp and WireGuard.
• sha1
  • Implemented with package:crypto.
• sha224
  • Implemented with package:crypto.
• sha256
  • Implemented with package:crypto.
• sha384
  • Implemented with package:crypto.
• sha512
  • Implemented with package:crypto.

For more more documentation, see HashAlgorithm.

Getting started

1. Add dependency

dependencies:
  cryptography: ^0.2.4

2. Use

Encryption

In this example, we use chacha20.

import 'package:cryptography/cryptography.dart';

Future<void> main() async {
  // Generate a random 256-bit secret key
  final secretKey = await chacha20.newSecretKey();

  // Generate a random 96-bit nonce.
  final nonce = chacha20.newNonce();

  // Encrypt
  final result = await chacha20Poly1305Aead.encrypt(
    [1, 2, 3],
    secretKey: secretKey,
    nonce: nonce, // The same secretKey/nonce combination should not be used twice
    aad: const <int>[], // You can include additional non-encrypted data here
  );
  print('Ciphertext: ${result.cipherText}');
  print('MAC: ${result.mac}');
}

Key exchange

In this example, we use x25519.

import 'package:cryptography/cryptography.dart';

void main() async {
  // Let's generate two keypairs.
  final localKeyPair = await x25519.newKeyPair();
  final remoteKeyPair = await x5519.newKeyPair();

  // We can now calculate a shared secret
  var secretKey = await x25519.sharedSecret(
    localPrivateKey: localKeyPair.privateKey,
    remotePublicKey: remoteKeyPair.publicKey,
  );
}