rsa_oaep_dart 0.1.6

Pure Dart implementation of RSAES-OAEP (PKCS#1 v2.2)

RSA OAEP Dart Library

Pure Dart implementation of RSAES-OAEP (PKCS#1 v2.2) with SHA-256 support.
Ideal for projects that need secure asymmetric encryption without native dependencies.

Works on Flutter, web, and backend — anywhere Dart runs.

Compatibility

This library supports Dart SDK 3.0.0 or newer and Flutter 3.10+.

• Dart: >=3.0.0 <4.0.0
• Flutter: >=3.10.0

Features

• RSAES-OAEP with MGF1 as specified in RFC 8017
• SHA-256 hash (recommended default)
• Full interoperability with OpenSSL and other toolchains
• Secure RSA key generation (2048, 3072, 4096 bits)
• PEM key parsing for import/export
• Simple API for strings and binary data
• Pure Dart code — great for Flutter, web, and server
• Extensive tests and practical examples

Getting started

Install

Add to your pubspec.yaml:

dependencies:
  rsa_oaep_dart: ^0.1.6

copied to clipboard

Then run:

dart pub get

copied to clipboard

Import

import 'package:rsa_oaep_dart/rsa_oaep_dart.dart';

copied to clipboard

Docs

Read the full API docs on pub.dev.

Examples

Basic usage

import 'package:rsa_oaep_dart/rsa_oaep_dart.dart';

// Generate a key pair
final keyPair = RSAKeyUtils.generateKeyPair(bitLength: 2048);

// Create OAEP instance with SHA-256
final oaep = RSAOAEP(hash: SHA256Digest());

// Encrypt message
final message = 'Hello, world!';
final encrypted = oaep.encryptString(message, keyPair.publicKey);

// Decrypt message
final decrypted = oaep.decryptString(encrypted, keyPair.privateKey);
print(decrypted); // Output: Hello, world!

copied to clipboard

Run the full example suite

cd example
make

copied to clipboard

The interactive menu includes:

• RSA key generation
• Encrypt with Dart and OpenSSL
• Decrypt with Dart and OpenSSL
• Interoperability workflows

Testing

dart test

copied to clipboard

Compliance

• RFC 8017 — PKCS#1 v2.2
• MGF1 with SHA-256
• Compatible with openssl pkeyutl

Security notes

This library follows best practices for cryptographic operations:

• Secure key generation
• Correct OAEP + MGF1 usage
• Proper invalid-message handling

Interoperability and best practices

Message conversion

To interoperate with external systems (AWS KMS, OpenSSL, Java, Python, etc.):

// Always convert strings to UTF-8 bytes before encrypting
final messageBytes = Uint8List.fromList(utf8.encode('Your message'));
final encrypted = oaep.encrypt(messageBytes, publicKey);

copied to clipboard

// Decrypt returns bytes — convert to String if needed
final decryptedBytes = oaep.decrypt(ciphertext, privateKey);
final message = utf8.decode(decryptedBytes);

copied to clipboard

Transport and storage

Use Base64 for transport or storage:

final ciphertextBase64 = base64.encode(ciphertext);
final ciphertext = base64.decode(ciphertextBase64);

copied to clipboard

Convenience methods

// Encrypt a String (returns Base64)
final encryptedBase64 = oaep.encryptString('Message', publicKey);

// Decrypt Base64 (returns String)
final decrypted = oaep.decryptString(encryptedBase64, privateKey);

copied to clipboard

Message size limits

RSA-OAEP has maximum input sizes:

• 2048-bit key + SHA-256: 190 bytes
• 3072-bit key + SHA-256: 318 bytes
• 4096-bit key + SHA-256: 446 bytes

For larger payloads, use hybrid crypto (RSA + AES).

Roadmap

• ❌ SHA-1 and SHA-512 support
• ❌ Custom OAEP labels
• ❌ Performance benchmarks
• ❌ Flutter UI example app
• ❌ Security audit

Contributing

Contributions are welcome! See CONTRIBUTING.md.

How to contribute

1. Fork the repo
2. Create a branch: git checkout -b feature/your-change
3. Commit: git commit -m 'feat: add your change'
4. Push: git push origin feature/your-change
5. Open a Pull Request

License

MIT — see LICENSE.