flutter_sodium 0.0.2 flutter_sodium: ^0.0.2 copied to clipboard
Flutter bindings for libsodium, a modern, easy-to-use crypto library.
flutter_sodium #
With flutter_sodium you get access to the modern, easy-to-use libsodium crypto library in your Flutter apps. One set of crypto APIs supporting both Android and iOS.
API coverage #
At this point in time flutter_sodium implements the following high-level libsodium APIs:
- crypto_auth
- crypto_box
- crypto_generichash
- crypto_kdf
- crypto_kx
- crypto_onetimeauth
- crypto_pwhash
- crypto_scalarmult
- crypto_secretbox
- crypto_shorthash
- crypto_sign
- randombytes
- sodium_version
Roadmap #
- A core API that maps 1:1 to libsodium functions. Should cover the entire high-level API.
- Proper argument checks
- Fix missing API functions (such as crypto_pwhash_str_needs_rehash)
- A Dart-friendly, opinionated API wrapping the core API. Should work with types other than Uint8List such as strings, streams, etc.
Getting Started #
In your flutter project add the dependency:
dependencies:
...
flutter_sodium: any
Usage example #
import 'package:flutter_sodium/flutter_sodium.dart';
// Password hashing (using Argon)
const opslimit = crypto_pwhash_OPSLIMIT_INTERACTIVE;
const memlimit = crypto_pwhash_MEMLIMIT_INTERACTIVE;
final password = utf8.encode('my password');
final str = await Sodium.cryptoPwhashStr(password, opslimit, memlimit);
print('Password hash str: ${ascii.decode(str)}');
// verify hash str
final valid = await Sodium.cryptoPwhashStrVerify(str, password);
assert(valid);
Current issues #
- Some APIs are not available yet in Android
- Getting a Swift plugin to work nicely with Flutter on iOS is a painful operation. See als https://github.com/flutter/flutter/issues/16049
- Since Flutter does not support native binaries (see also https://github.com/flutter/flutter/issues/7053), a platform channel is established to enable native function invocation. One side effect of this approach is that the entire flutter_sodium API is asynchronous. This is great for potential long-running operations such as Argon password hashing, but does not make much sense for other short-running functions.