Overview #

Popular cryptographic algorithms for Dart / Flutter developers. The package is used in commercial production systems. We made the API comparatively easy to use correctly by non-experts.

Using the package? Please star our Github project. :)

Links #

Used by #

kms
- A Dart package for hardware-based or cloud-based key management solutions.
Add your project here?

Contributing? #

We recommend that you start by creating an issue in the issue tracker.

Some things to know #

SHA1 and SHA2 implementations use package:crypto, which is maintained by Google. It's very limited so we decided to write this package.
We wrote pure Dart implementations for X25519, ChaCha20 family, AES-CBC, AES-CTR, HKDF, HMAC, Poly1305, and BLAKE2S. We also added support for use of Web Cryptography API (NIST elliptic curves, AES) in browsers.
The APIs generally include both asynchronous and synchronous methods (for instance, sharedSecret(...) and sharedSecretSync(...)). We recommend that you use asynchronous methods because they are able to take advantage of asynchronous platform APIs such as Web Cryptography API.

Available algorithms #

Key exchange algorithms #

NIST elliptic curves (read about them)
- ecdhP256 (ECDH P256 / secp256r1)
- ecdhP384 (ECDH P384 / secp384r1)
- ecdhP521 (ECDH P521 / secp521r1)
- Currently NIST elliptic curves are only supported in browsers (Web Cryptography API).
x25519 (read about the algorithm)
- X25519 (curve25519 Diffie-Hellman) is our recommendation for new applications. It's used in technologies such as SSH, TLS, Signal, WhatsApp, and Wireguard. Performance of our Dart implementation is about 1k exchanges per second on a Macbook Pro.

For more more documentation, see KeyExchangeAlgorithm.

Digital signature algorithms #

NIST elliptic curves (read about them)
- ecdsaP256Sha256 (ECDSA P256 / secp256r1 with SHA256)
- ecdsaP384Sha256 (ECDSA P384 / secp384r1 with SHA256)
- ecdsaP521Sha256 (ECDSA P521 / secp521r1 with SHA256)
- Currently NIST elliptic curves are only supported in browsers (Web Cryptography API).
ed25519 (read about the algorithm)
- ED25519 (curve25519 EdDSA) is our recommendation for new applications. Performance of our Dart implementation is about 200 signatures or verifications per second.

For more more documentation, see SignatureAlgorithm.

Symmetric encryption #

NIST AES (read about the algorithm)
- aesCbc (AES-CBC)
- aesCtr (AES-CTR)
- aesGcm (AES-GCM, browsers-only at the moment)
Chacha20 family (read about the algorithm)
- chacha20
- chacha20Poly1305Aead (AEAD_CHACHA20_POLY1305)
- Chacha20 (AEAD) is our recommendation for new applications. It's used in technologies such as TLS, SSH, Signal, and Wireguard. Performance of our Dart implementation is about 50-100MB/s on a Macbook Pro.

For more more documentation, see Cipher.

Key derivation algorithms #

Hkdf

Message authentication codes #

For more more documentation, see MacAlgorithm.

Cryptographic hash functions #

blake2s (BLAKE2S)
sha1 (SHA1)
sha224 (SHA2-224)
sha256 (SHA2-256)
sha384 (SHA2-384)
sha512 (SHA2-512)

For more more documentation, see HashAlgorithm.

Adding dependency #

In pubspec.yaml:

dependencies:
  cryptography: ^0.3.4

Examples #

Key agreement with X25519 #

In this example, we use x25519.

import 'package:cryptography/cryptography.dart';

Future<void> main() async {
  // Let's generate two X25519 keypairs.
  final localKeyPair = await x25519.newKeyPair();
  final remoteKeyPair = await x5519.newKeyPair();

  // We can now calculate a shared secret
  final secretKey = await x25519.sharedSecret(
    localPrivateKey: localKeyPair.privateKey,
    remotePublicKey: remoteKeyPair.publicKey,
  );

  print('Shared secret: ${secretKey.bytes}');
}

Digital signature with ED25519 #

In this example, we use ed25519.

import 'package:cryptography/cryptography.dart';

Future<void> main() async {
  // The bytes that we will sign
  final message = [1,2,3];

  // Generate a random ED25519 keypair
  final keyPair = await ed25519.newKeyPair();

  // Sign
  final signature = await ed25519.sign(
    message,
    keyPair: keyPair,
  );

  print('Signature: ${signature.bytes}');
  print('Public key: ${signature.publicKey.bytes}');

  // Verify signature
  final isVerified = await ed25519.verify(
    message,
    signature: signature,
  );

  print('Correct signature: $isVerified');
}

Authenticated encryption with Chacha20 + Poly1305 #

In this example, we use chacha20Poly1305Aead, a standard that uses ChaCha20 and Poly1305.

import 'package:cryptography/cryptography.dart';

Future<void> main() async {
  // Choose the cipher
  final cipher = chacha20Poly1305Aead;

  // Choose some 256-bit secret key
  final secretKey = SecretKey.randomBytes(32);

  // Choose some unique (non-secret) 96-bit nonce.
  // The same (secretKey, nonce) combination should not be used twice!
  final nonce = Nonce.randomBytes(12);

  // Our message
  final message = <int>[1, 2, 3];

  // Encrypt
  final encrypted = await cipher.encrypt(
    message,
    secretKey: secretKey,
    nonce: nonce,
  );

  print('Encrypted: $encrypted');

  // Decrypt
  final decrypted = await cipher.decrypt(
    encrypted,
    secretKey: secretKey,
    nonce: nonce,
  );

  print('Decrypted: $decrypted');
}

Authenticated encryption with AES-CTR + HMAC-SHA256 #

In this example, we encrypt with aesCtr and use Hmac message authentication code.

import 'package:cryptography/cryptography.dart';

Future<void> main() async {
  // Choose the cipher
  final cipher = CipherWithAppendedMac(aesCtr, Hmac(sha256));

  // Choose some 256-bit secret key
  final secretKey = SecretKey.randomBytes(16);

  // Choose some unique (non-secret) nonce (max 16 bytes).
  // The same (secretKey, nonce) combination should not be used twice!
  final nonce = Nonce.randomBytes(12);

  // Our message
  final message = <int>[1, 2, 3];

  // Encrypt
  final encrypted = await cipher.encrypt(
    message,
    secretKey: secretKey,
    nonce: nonce,
  );

  print('Encrypted: $encrypted');

  // Decrypt
  final decrypted = await cipher.decrypt(
    encrypted,
    secretKey: secretKey,
    nonce: nonce,
  );

  print('Decrypted: $decrypted');
}

Message authentication with HMAC-BLAKE2S #

In this example, we use Hmac and blake2s.

import 'package:cryptography/cryptography.dart';
import 'dart:convert';

Future<void> main() {
  // Choose a secret key
  final secretKey = SecretKey(utf8.encode('qwerty'));

  // Create a HMAC-BLAKE2S sink
  final macAlgorithm = const Hmac(blake2s);
  final sink = macAlgorithm.newSink(secretKey: secretKey);

  // Add all parts of the authenticated message
  sink.add([1,2]);
  sink.add([3]);

  // Calculate MAC
  sink.close();
  final macBytes = sink.mac.bytes;

  print('Message authentication code: $macBytes');
}

cryptography 0.3.4
cryptography: ^0.3.4 copied to clipboard

Metadata

Overview #

Links #

Used by #

Contributing? #

Some things to know #

Available algorithms #

Key exchange algorithms #

Digital signature algorithms #

Symmetric encryption #

Key derivation algorithms #

Message authentication codes #

Cryptographic hash functions #

Adding dependency #

Examples #

Key agreement with X25519 #

Digital signature with ED25519 #

Authenticated encryption with Chacha20 + Poly1305 #

Authenticated encryption with AES-CTR + HMAC-SHA256 #

Message authentication with HMAC-BLAKE2S #

← Metadata

Publisher

Metadata

License

Dependencies

More

cryptography 0.3.4 cryptography: ^0.3.4 copied to clipboard

Metadata

Overview #

Links #

Used by #

Contributing? #

Some things to know #

Available algorithms #

Key exchange algorithms #

Digital signature algorithms #

Symmetric encryption #

Key derivation algorithms #

Message authentication codes #

Cryptographic hash functions #

Adding dependency #

Examples #

Key agreement with X25519 #

Digital signature with ED25519 #

Authenticated encryption with Chacha20 + Poly1305 #

Authenticated encryption with AES-CTR + HMAC-SHA256 #

Message authentication with HMAC-BLAKE2S #

← Metadata

Publisher

Metadata

License

Dependencies

More

cryptography 0.3.4
cryptography: ^0.3.4 copied to clipboard