kms 0.4.1

Dart native js
Flutter Android iOS web

Key Management Service (KMS) API for managing cryptographic keys securely.

Pub Package Github Actions CI

Overview #

A vendor-agnostic API for storing and using cryptographic keys in Flutter / Dart.

The package can be used for accessing Key Management Service (KMS) APIs such as:

  • Keystore in Android
  • Keychain in iOS and Mac OS X
  • We may add support for services by cloud vendors (AWS KMS, Azure Vault, Google Cloud KMS).

The package uses algorithm implementations from package:cryptography.

Available adapters #

  • In this package:
  • kms_flutter
    • Uses operating system APIs for storing cryptographic keys. Supports Android Keystore and iOS Keychain.

Getting started #

1.Add dependency #

In pubspec.yaml:

dependencies:
  kms: ^0.4.0

2.Use #

For digital signature #

import 'package:kms/kms.dart';
import 'package:kms_flutter/kms_flutter';

final kms = flutterKms();

Future<void> main() async {
  final collection = kms.collection('examples');

  // Create the key pair
  final document = await collection.createKeyPair(
    documentId: 'My key pair',
    keyExchangeType: null, // We will not do key exchange.
    signatureType: SignatureType.ed25519,
  );

  // Signed message
  final message = <int>[1,2,3];

  // Request a signature from the KMS
  final signature = await document.sign(message);
  print('Signature: ${signature.bytes}');
  print('Public key: ${signature.publicKey}');

  // Delete the key pair.
  // In real applications, you would store keys for longer time.
  await document.delete();
}

For key agreement #

import 'package:cryptography/cryptography.dart';
import 'package:kms/kms.dart';
import 'package:kms_flutter/kms_flutter';

final kms = flutterKms();

Future<void> main() async {
  final collection = kms.collection('examples');

  // Create a key pair
  final kmsKey = await collection.createKeyPair(
    documentId: 'My key pair',
    keyExchangeType: KeyExchangeType.x25519,
    signatureType: null, // We will not do signing.
  );

  // In this example, our counter-party has some random public key.
  final remotePublicKey = x25519.newKeyPairSync().publicKey;

  // Request a shared secret from the KMS.
  final secretKey = await document.sharedSecret(
    remotePublicKey: remotePublicKey,
  );

  print('Secret key: ${secretKey.extractSync()}');

  // Delete the key pair
  await document.delete(kmsKey);
}

For encryption #

import 'package:cryptography/cryptography.dart';
import 'package:kms/kms.dart';
import 'package:kms_flutter/kms_flutter';

final kms = flutterKms();

Future<void> main() async {
  // Create a cryptographic key with ID 'my signing key'
  final document = kms.collection('example').createSecretKey(
    documentId: 'my signing key',
    cipherType: CipherType.aesGcm,
  );

  // Choose some unique nonce (initialization vector, IV)
  final nonce = aesGcm.newNonce();

  // Encrypt
  final encrypted = await document.encrypt(
    'Encrypted data'.codePoints,
    nonce: nonce,
  );

  // Decrypt
  final decrypted = await document.decrypt(
    encrypted,
    nonce: nonce,
  );
}

Supported algorithms #

Key agreement #

  • X25519
    • Supported by:
      • Apple APIs
  • ECDH P256
    • Supported by:

Digital signature #

  • ED25519
    • Supported by:
      • Apple APIs
      • Hashcorp Vault
  • ECDSA P256 + SHA256
    • Supported by:
      • Apple APIs (including the Secure Enclave).
      • AWS KMS
      • Azure Vault
      • Google Cloud KMS
      • Hashcorp Vault

Authenticated ciphers #

  • AES-GCM
    • Supported by:
      • Apple APIs
      • AWS KMS
      • Azure Vault
      • Google Cloud KMS
      • Hashcorp Vault
  • CHACHA20 + POLY1305
    • Supported by:
      • Apple APIs
      • Hashcorp Vault
5
likes
110
pub points
50%
popularity

Publisher

dint.dev

Key Management Service (KMS) API for managing cryptographic keys securely.

Repository (GitHub)
View/report issues

Documentation

API reference

License

Apache 2.0 (LICENSE)

Dependencies

collection, cryptography, meta

More

Packages that depend on kms