flutter_sodium 0.0.6

Flutter bindings for libsodium, a modern, easy-to-use crypto library.

flutter_sodium

With flutter_sodium you get access to the modern, easy-to-use libsodium crypto library in your Flutter apps. One set of crypto APIs supporting both Android and iOS.

API coverage

At this point in time flutter_sodium implements the following high-level libsodium APIs:

• crypto_aead
• crypto_auth
• crypto_box
• crypto_generichash
• crypto_kdf
• crypto_kx
• crypto_onetimeauth
• crypto_pwhash
• crypto_scalarmult
• crypto_secretbox
• crypto_shorthash
• crypto_sign
• randombytes
• sodium_version

Dart APIs

The plugin includes a core API that maps native libsodium functions 1:1 to Dart equivalents. The core API is available in the class Sodium. Dart naming conventions are used for core API function names. A native libsodium function such as crypto_pwhash_str, is available in flutter as Sodium.cryptoPwhashStr.

Also included in flutter_sodium is a high-level, opinionated API providing access to libsodium in a Dart friendly manner. The various functions are available in separate Dart classes. Password hashing for example is available in the PasswordHash class.

The high-level API depends on the core API to get things done.

Getting Started

In your flutter project add the dependency:

dependencies:
  ...
  flutter_sodium: any

Important: For iOS you'll need to manually update the Podfile in your ios project.

Usage example

import 'package:flutter_sodium/flutter_sodium.dart';

// Password hashing (using Argon)
final password = 'my password';
final str = await PasswordHash.hashStorage(password);

print(str);

// verify hash str
final valid = await PasswordHash.verifyStorage(str, password);

assert(valid);

Example app

This project includes an extensive example app with runnable code samples. Be sure to check it out!

Current issues

• The following APIs are not available on Android:
  • detached mode of both original and ietf variants of crypto_aead_chacha20poly1305
  • crypto_aead_xchacha20poly1305
  • crypto_kdf
  • crypto_pwhash_str_needs_rehash
  • crypto_sign streaming APIs
  • randombytes_buf_deterministic
• Using flutter_sodium in iOS doesn't work right out of the box. Manual installation steps are required.
• Since Flutter does not support native binaries, a platform channel is established to enable native function invocation. One side effect of this approach is that the entire flutter_sodium API is asynchronous. This is great for potential long-running operations such as Argon password hashing, but does not make much sense for other short-running functions.