kms 0.4.0 kms: ^0.4.0 copied to clipboard
Key Management Service (KMS) API for managing cryptographic keys securely.
Overview #
A vendor-agnostic API for storing and using cryptographic keys in Flutter / Dart.
The package can be used for accessing Key Management Service (KMS) APIs such as:
- Keystore in Android
- Keychain in iOS and Mac OS X
- We may add support for services by cloud vendors (AWS KMS, Azure Vault, Google Cloud KMS).
Links #
Available adapters #
- In this package:
- kms_flutter
- Uses operating system APIs for storing cryptographic keys. Supports Android Keystore and iOS Keychain.
Related packages #
- cryptography
- We use cryptography from this package.
- noise
- A Dart implementation of Noise protocol, which can be used for E2EE encryption.
Getting started #
1.Add dependency #
In pubspec.yaml:
dependencies:
kms: ^0.4.0
2.Use #
For digital signature #
import 'package:kms/kms.dart';
import 'package:kms_flutter/kms_flutter';
final kms = flutterKms();
Future<void> main() async {
final collection = kms.collection('examples');
// Create the key pair
final document = await collection.createKeyPair(
documentId: 'My key pair',
keyExchangeType: null, // We will not do key exchange.
signatureType: SignatureType.ed25519,
);
// Signed message
final message = <int>[1,2,3];
// Request a signature from the KMS
final signature = await document.sign(message);
print('Signature: ${signature.bytes}');
print('Public key: ${signature.publicKey}');
// Delete the key pair.
// In real applications, you would store keys for longer time.
await document.delete();
}
For key agreement #
import 'package:cryptography/cryptography.dart';
import 'package:kms/kms.dart';
import 'package:kms_flutter/kms_flutter';
final kms = flutterKms();
Future<void> main() async {
final collection = kms.collection('examples');
// Create a key pair
final kmsKey = await collection.createKeyPair(
documentId: 'My key pair',
keyExchangeType: KeyExchangeType.x25519,
signatureType: null, // We will not do signing.
);
// In this example, our counter-party has some random public key.
final remotePublicKey = x25519.newKeyPairSync().publicKey;
// Request a shared secret from the KMS.
final secretKey = await document.sharedSecret(
remotePublicKey: remotePublicKey,
);
print('Secret key: ${secretKey.extractSync()}');
// Delete the key pair
await document.delete(kmsKey);
}
For encryption #
import 'package:cryptography/cryptography.dart';
import 'package:kms/kms.dart';
import 'package:kms_flutter/kms_flutter';
final kms = flutterKms();
Future<void> main() async {
// Create a cryptographic key with ID 'my signing key'
final document = kms.collection('example').createSecretKey(
documentId: 'my signing key',
cipherType: CipherType.aesGcm,
);
// Choose some unique nonce (initialization vector, IV)
final nonce = aesGcm.newNonce();
// Encrypt
final encrypted = await document.encrypt(
'Encrypted data'.codePoints,
nonce: nonce,
);
// Decrypt
final decrypted = await document.decrypt(
encrypted,
nonce: nonce,
);
}
Supported algorithms #
Key agreement #
- X25519
- Supported by:
- Apple APIs
- Supported by:
- ECDH P256
- Supported by:
- Apple APIs (including the Secure Enclave).
- AWS KMS
- Azure Vault
- Google Cloud KMS
- Supported by:
Digital signature #
- ED25519
- Supported by:
- Apple APIs
- Hashcorp Vault
- Supported by:
- ECDSA P256 + SHA256
- Supported by:
- Apple APIs (including the Secure Enclave).
- AWS KMS
- Azure Vault
- Google Cloud KMS
- Hashcorp Vault
- Supported by:
Authenticated ciphers #
- AES-GCM
- Supported by:
- Apple APIs
- AWS KMS
- Azure Vault
- Google Cloud KMS
- Hashcorp Vault
- Supported by:
- CHACHA20 + POLY1305
- Supported by:
- Apple APIs
- Hashcorp Vault
- Supported by: