infusion_ffi 1.6.0 copy "infusion_ffi: ^1.6.0" to clipboard
infusion_ffi: ^1.6.0 copied to clipboard

Flutter plugin for the Infusion crypto vault — AEAD encryption, Ed25519 signing, BLAKE3 CIDs, BIP-39 wallets, and capability tokens. Prebuilt binaries for all platforms.

Changelog #

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Unreleased #

1.6.0 - 2026-06-16 #

Added #

  • Multi-recipient sealing: sealMulti / openMulti — seal one frame to N wallets (CEK + per-recipient key wrap, AEAD-bound in the signed frame meta) and open it as any listed recipient. Exposed on the FFI (infusion_seal_multi / infusion_open_multi) and the wasm web backend (infusion_wasm_seal_multi / infusion_wasm_open_multi). A non-recipient cannot open; tampering with the recipient list breaks both the author signature and the AEAD tag.

1.5.1 - 2026-06-07 #

Fixed #

  • iOS: ship populated InfusionFFI.xcframework (iOS device + simulator slices) so pub.dev consumers can build for iOS. The 1.5.0 podspec declared vendored_frameworks = 'InfusionFFI.xcframework' but the published package shipped empty slice directories (no libinfusion_ffi.a), causing the build error Build input file cannot be found: .../libinfusion_ffi.a. Both slices now contain a real static lib (ios-arm64: arm64; ios-arm64_x86_64-simulator: arm64 + x86_64) plus the C Headers/infusion.h.
  • iOS: correct the stale ios/infusion_ffi.podspec version (1.4.0-dev.11.5.1) and source tag (v1.4.0-dev.1v1.5.1).

1.5.0 - 2026-06-04 #

Added #

  • Web: declare web in the plugin platform manifest (registrant InfusionFfiWeb) so pub.dev recognizes web support — the WebAssembly backend was already bundled but the platform was undeclared.

Security #

  • Capability expiry is now enforced on every open against a trusted clock (native: SystemTime; web: new host import infusion_wasm_host_now_unix). Previously exp_ts was never validated at the FFI/WASM boundary.
  • Reject malformed key fields in the vault config instead of silently using an all-zero key; secret key material is zeroized on dispose.
  • Bundled infusion_wasm.wasm rebuilt to include the expiry-enforcement change.

1.5.0-dev.1 - 2025-05-17 #

Changed #

  • Align pubspec.yaml version with published release tags; lock version.dart constant.
  • Add repository, topics, and improved description to pubspec.yaml for pub.dev discoverability.
  • Rewrite README.md with full API reference, platform table, and security section (English).
  • Add README-pt.md (Português) and README-es.md (Español) translations.

1.4.4 2025-04-XX #

Added #

  • Web: bundle infusion_wasm.wasm as a Flutter asset — zero-config Wasm support in all browsers.
  • Web: conditional loader/native backends — infusion_loader_web.dart and infusion_native_web.dart.
  • Web: InfusionWasmRuntime handles all Wasm memory and interop for seal, open, sign, and derive operations.
  • Stub: infusion_loader_stub.dart and infusion_native_stub.dart for unsupported platforms (throw UnsupportedError).

Performance #

  • Pre-allocate Vec in aad_bytes() and serialize()serialize (64 B–16 KB) is 62–67% faster.
  • Introduce seal_inner() — eliminates double aad_bytes() call and double serialization per seal.
  • Direct match dispatch in seal()/open() — removes Box<dyn AeadImpl> vtable allocation per call.
  • Replace generic serde_json::Value with typed FramePolicy struct in open_bytes.
  • Add open_bytes_with_token() — avoids bincode round-trip in the FFI path.
  • Pre-compute SigningKey in VaultContext::new — eliminates per-seal Ed25519 derivation.
  • Eliminate triple CBOR→bincode→bincode conversion in infusion_open / infusion_open_with_requester.
  • Merge two thread_rng() calls into a single instance per infusion_seal.

Changed #

  • Updated 26 Rust packages via cargo update (blake3 1.8.5, rand 0.8.6, serde_json 1.0.149, and more).
  • flutter_lints updated from 3.0 to 6.0 across plugin, example, and test apps.

1.3.20 2024-XX-XX #

Added #

  • Android: load libinfusion.so when present, falling back to libinfusion_ffi.so, to support new bundle layout.

Security #

  • Redact encKeyHex/signSeedHex in debug log output; limit logging to debug builds.

1.3.19 2024-XX-XX #

Fixed #

  • iOS: align podspec version and tag with the published package release.

1.3.18 2024-XX-XX #

Fixed #

  • iOS: ensure XCFramework static library names are consistent between device and simulator slices for CocoaPods.

1.3.17 2024-XX-XX #

Changed #

  • Breaking: InfusionLoader no longer accepts local overrides; desktop always downloads from GitHub Releases.

Removed #

  • INFUSION_LIB_PATH environment variable support.

1.3.16 2024-XX-XX #

Security #

  • Desktop: validate cached binaries against SHA-256 checksums before loading; re-download on mismatch.

1.3.15 2024-XX-XX #

Added #

  • Android: explicitly loads the native library for zero-config FFI (no manual System.loadLibrary needed).

Security #

  • Desktop: verify downloaded binaries with per-release SHA-256 checksums.

1.3.14 2024-XX-XX #

Changed #

  • Desktop: select Linux/Windows binary by architecture (Abi.current()); per-arch release assets required.

1.3.13 2024-XX-XX #

Fixed #

  • iOS: expose public plugin header; declare Flutter dependency so CocoaPods generates the module correctly.

1.3.12 2024-XX-XX #

Added #

  • Desktop: distribute binaries via public GitHub Releases; CI uploads Linux/Windows artifacts.

1.3.11 2024-XX-XX #

Fixed #

  • Load native library from bundled Flutter assets for true zero-config usage on all platforms.

1.3.4 2024-XX-XX #

Added #

  • seal/open, capability tokens, and key derivation documented in README under "Advanced Security".

Fixed #

  • Confirmed inclusion of libinfusion_ffi.dylib in Flutter assets for desktop support.
  • InfusionLoader resolves the dylib via package: URI correctly.

1.3.1 2024-XX-XX #

Fixed #

  • Expose verifyCap in the Dart FFI wrapper — resolves InvalidFrame("alg") error during capability verification.

1.2.9 2024-XX-XX #

Fixed #

  • issueCap no longer generates invalid tokens when owner_pub is inferred from context.

1.2.5 2024-XX-XX #

Added #

  • Swift Package Manager (SPM) support for iOS and macOS.

Changed #

  • MIT license applied to the Dart/Flutter wrapper.

Fixed #

  • Analysis issues and lint warnings resolved; pub.dev score 50/50.

1.2.0 2024-XX-XX #

Added #

  • BIP-39 mnemonic generation (mnemonicGenerate) and restoration (mnemonicRestore).
  • InfusionFFI.create() factory — instance-based vault context with explicit dispose().
  • infusion_derive_key FFI function for deterministic sub-key derivation from master seed.

Changed #

  • Breaking: moved from global singleton to instance-based VaultContext handles.
    • infusion_initinfusion_new (returns context pointer; all functions now accept it).
    • Dart: InfusionFFI is now instance-based; use InfusionFFI.create() and dispose().

1.0.0 2024-XX-XX #

Added #

  • Initial release.
  • Android (AAR) and iOS (XCFramework) bundled native libraries.
  • Desktop binary download from GitHub Releases.
  • Core API: seal, open, verify, issueCap, verifyCap, cid, signWithSeed, verifySignature.
0
likes
130
points
470
downloads

Documentation

API reference

Publisher

unverified uploader

Weekly Downloads

Flutter plugin for the Infusion crypto vault — AEAD encryption, Ed25519 signing, BLAKE3 CIDs, BIP-39 wallets, and capability tokens. Prebuilt binaries for all platforms.

Topics

#cryptography #encryption #security #ffi

License

MIT (license)

Dependencies

crypto, ffi, flutter, flutter_web_plugins, path, web

More

Packages that depend on infusion_ffi

Packages that implement infusion_ffi