kms 0.4.1

  • Readme
  • Changelog
  • Example
  • Installing
  • 73

Pub Package Github Actions CI

Overview #

A vendor-agnostic API for storing and using cryptographic keys in Flutter / Dart.

The package can be used for accessing Key Management Service (KMS) APIs such as:

  • Keystore in Android
  • Keychain in iOS and Mac OS X
  • We may add support for services by cloud vendors (AWS KMS, Azure Vault, Google Cloud KMS).

The package uses algorithm implementations from package:cryptography.

Available adapters #

  • In this package:
  • kms_flutter
    • Uses operating system APIs for storing cryptographic keys. Supports Android Keystore and iOS Keychain.

Getting started #

1.Add dependency #

In pubspec.yaml:

dependencies:
  kms: ^0.4.0

2.Use #

For digital signature #

import 'package:kms/kms.dart';
import 'package:kms_flutter/kms_flutter';

final kms = flutterKms();

Future<void> main() async {
  final collection = kms.collection('examples');

  // Create the key pair
  final document = await collection.createKeyPair(
    documentId: 'My key pair',
    keyExchangeType: null, // We will not do key exchange.
    signatureType: SignatureType.ed25519,
  );

  // Signed message
  final message = <int>[1,2,3];

  // Request a signature from the KMS
  final signature = await document.sign(message);
  print('Signature: ${signature.bytes}');
  print('Public key: ${signature.publicKey}');

  // Delete the key pair.
  // In real applications, you would store keys for longer time.
  await document.delete();
}

For key agreement #

import 'package:cryptography/cryptography.dart';
import 'package:kms/kms.dart';
import 'package:kms_flutter/kms_flutter';

final kms = flutterKms();

Future<void> main() async {
  final collection = kms.collection('examples');

  // Create a key pair
  final kmsKey = await collection.createKeyPair(
    documentId: 'My key pair',
    keyExchangeType: KeyExchangeType.x25519,
    signatureType: null, // We will not do signing.
  );

  // In this example, our counter-party has some random public key.
  final remotePublicKey = x25519.newKeyPairSync().publicKey;

  // Request a shared secret from the KMS.
  final secretKey = await document.sharedSecret(
    remotePublicKey: remotePublicKey,
  );

  print('Secret key: ${secretKey.extractSync()}');

  // Delete the key pair
  await document.delete(kmsKey);
}

For encryption #

import 'package:cryptography/cryptography.dart';
import 'package:kms/kms.dart';
import 'package:kms_flutter/kms_flutter';

final kms = flutterKms();

Future<void> main() async {
  // Create a cryptographic key with ID 'my signing key'
  final document = kms.collection('example').createSecretKey(
    documentId: 'my signing key',
    cipherType: CipherType.aesGcm,
  );

  // Choose some unique nonce (initialization vector, IV)
  final nonce = aesGcm.newNonce();

  // Encrypt
  final encrypted = await document.encrypt(
    'Encrypted data'.codePoints,
    nonce: nonce,
  );

  // Decrypt
  final decrypted = await document.decrypt(
    encrypted,
    nonce: nonce,
  );
}

Supported algorithms #

Key agreement #

  • X25519
    • Supported by:
      • Apple APIs
  • ECDH P256
    • Supported by:

Digital signature #

  • ED25519
    • Supported by:
      • Apple APIs
      • Hashcorp Vault
  • ECDSA P256 + SHA256
    • Supported by:
      • Apple APIs (including the Secure Enclave).
      • AWS KMS
      • Azure Vault
      • Google Cloud KMS
      • Hashcorp Vault

Authenticated ciphers #

  • AES-GCM
    • Supported by:
      • Apple APIs
      • AWS KMS
      • Azure Vault
      • Google Cloud KMS
      • Hashcorp Vault
  • CHACHA20 + POLY1305
    • Supported by:
      • Apple APIs
      • Hashcorp Vault

0.4.1 #

  • Fixes version constraints.

0.4.0 #

  • A better API.

0.3.1 #

  • Improves documentation.

0.3.0 #

  • Changes algorithm identifiers. Changes default algorithms of MemoryKms.
  • Improves documentation.
  • Updates dependencies.

0.2.0 #

  • Fixes various issues.

0.1.0 #

  • Initial version

example/lib/example.dart

import 'package:kms/kms.dart';

Future<void> main() async {
  // Choose some KMS
  final kms = MemoryKms();

  // Create a digital signature key
  final key = await kms.collection('default').createKeyPair(
        keyExchangeType: null,
        signatureType: SignatureType.ed25519,
      );

  // Sign
  final signature = await key.sign([1, 2, 3]);

  print('Signature: ${signature.bytes}');
  print('Public key: ${signature.publicKey}');
}

Use this package as a library

1. Depend on it

Add this to your package's pubspec.yaml file:


dependencies:
  kms: ^0.4.1

2. Install it

You can install packages from the command line:

with pub:


$ pub get

with Flutter:


$ flutter pub get

Alternatively, your editor might support pub get or flutter pub get. Check the docs for your editor to learn more.

3. Import it

Now in your Dart code, you can use:


import 'package:kms/kms.dart';
  
Popularity:
Describes how popular the package is relative to other packages. [more]
46
Health:
Code health derived from static analysis. [more]
100
Maintenance:
Reflects how tidy and up-to-date the package is. [more]
100
Overall:
Weighted score of the above. [more]
73
Learn more about scoring.

We analyzed this package on Jul 9, 2020, and provided a score, details, and suggestions below. Analysis was completed with status completed using:

  • Dart: 2.8.4
  • pana: 0.13.14

Dependencies

Package Constraint Resolved Available
Direct dependencies
Dart SDK >=2.5.0 <3.0.0
collection ^1.10.0 1.14.13 1.15.0-nnbd
cryptography ^1.0.0 1.4.1
meta ^1.1.0 1.2.1
Transitive dependencies
charcode 1.1.3
convert 2.1.1
crypto 2.1.5
fixnum 0.10.11
js 0.6.2
typed_data 1.2.0 1.3.0-nnbd
Dev dependencies
pedantic ^1.9.0
test ^1.6.0