steel_crypt 1.5.1+1

  • Readme
  • Changelog
  • Example
  • Installing
  • 92

Steel Crypt #

A comprehensive library of high-level, cryptographic API's, either manually defined or pulled from PointyCastle. This library currently supports hashing, symmetric two-way encryption, asymmetric two-way encryption, and key/IV generation. It also has a CLI, for conducting basic cryptography operations.


It takes time, effort, and mental power to keep this package updated, useful, and improving. If you used or are using the package, I'd appreciate it if you could spare a few dollars to help me continue development.

PayPal


Classes #

AES Encryption (class AesCrypt) #

  • Constructor: AesCrypt ('32 length key', 'mode here', 'padding here')

  • AES is a standardized, widely used cipher

  • It can be used as either a block or stream cipher, depending on mode

  • Operatable in 6 different modes:

    • Stream modes:
      • CTR ('ctr')
      • SIC ('sic')
    • Block modes:
      • CBC ('cbc')
      • ECB ('ecb') INSECURE
      • CFB-64 ('cfb-64')
      • OFB-64 ('ofb-64')
      • GCTR ('gctr')
      • GCM ('gcm') (Default/Recommended Mode)
  • 5 paddings available for block modes:

    • PKCS7 Padding ('pkcs7') (Default)
    • ISO7816-4 Padding ('iso7816-4')
    • X9.23 Padding ('x9.23')
    • TBC Padding ('tbc')
    • ISO10126-2 Padding ('iso10126-2')
  • Note: All block modes require padding, to ensure that input is the correct block size.

  • Note: Paddings do not work with stream modes. You can still enter the parameter, but it won't be used.

  • Note: ECB does not require an IV. You can still enter the parameter, but it won't be used.

  • Note: All other modes require 16 bytes of IV (Initialization Vector, see CryptKey for generation).

Lightweight Stream Ciphers (class LightCrypt) #

  • Constructor: LightCrypt('32 length key', 'algorithm here')
  • ChaCha20 stream cipher ('ChaCha20/__')
    • Derivative of Salsa20 with increased security/speed
    • Can be used in 3 variants:
      • 20 round ( __ ==> '20' ) (Default/Recommended Cipher)
      • 12 round ( __ ==> '12' )
      • 8 round ( __ ==> '8' )
    • Note: Requires 8 bytes of IV (Initialization Vector, see CryptKey for generation)
  • Salsa20 stream cipher ('Salsa20/__')
    • Secure, speedy AES alternative
    • E-Crypt Stream Cipher final portfolio
    • Can be used in 3 variants:
      • 20 round ( __ ==> '20' )
      • 12 round ( __ ==> '12' )
      • 8 round ( __ ==> '8' )
    • Note: Requires 8 bytes of IV (Initialization Vector, see CryptKey for generation)
  • HC-256 stream cipher ('HC-256')
    • Secure, software-efficient cipher
    • E-Crypt Stream Cipher final portfolio
    • Note: Requires 16 bytes of IV (Initialization Vector, see CryptKey for generation)
  • Grain-128 stream cipher ('Grain-128')
    • Secure, hardware-efficient cipher
    • E-Crypt Stream Cipher final portfolio
    • Note: Requires 12 bytes of IV (Initialization Vector, see CryptKey for generation)
  • ISAAC stream cipher ('ISAAC')
    • Extremely fast stream cipher
    • Secure, but with a low margin
    • Usage not recommended unless you have very high speed needs
    • Note: Requires no IV; you can enter an IV param, but it won't affect anything
  • RC4 stream cipher ('RC4')
    • Somewhat fast stream cipher
    • Secure(ish), but with a dangerously low margin
    • Usage not recommended unless you have a legacy system; otherwise use ChaCha for the whole package or Grain/HC-256 for platform optimization
    • Note: Requires no IV; you can enter an IV param, but it won't affect anything

2-Way Asymmetric (class RsaCrypt) #

  • Constructor: RsaCrypt()
  • RSA with OAEP padding
    • String encrypt(String text, RSAPublicKey pubKey)
    • String decrypt(String encrypted, RSAPrivateKey privateKey)
  • Note: RsaCrypt auto generates secure RSA private and public keys. You can access them using .randPrivKey and .randPubKey getters, or use your own.
  • Note: To get key from a PEM file, translate the PEM key wanted into a string, and use RsaCrypt().parseKeyFromFile(PemFilepathHere)

Password Hashing (class PassCrypt) #

  • Constructor: PassCrypt([String algorithm = "scrypt"])
  • Scrypt ('scrypt') (Default/Recommended Algorithm)
  • PBKDF2 with:
    • SHA-256 HMAC ('SHA-256/HMAC/PBKDF2')
    • SHA-384 HMAC ('SHA-384/HMAC/PBKDF2')
    • SHA-512 HMAC ('SHA-512/HMAC/PBKDF2')
    • 256 bit SHA-3 HMAC ('SHA-3/256/HMAC/PBKDF2')
    • 512 bit SHA-3 HMAC ('SHA-3/512/HMAC/PBKDF2')
    • RipeMD 128 HMAC ('RIPEMD-128/HMAC/PBKDF2')
    • RipeMD 160 HMAC ('RIPEMD-160/HMAC/PBKDF2')
    • Blake2b HMAC ('Blake2b/HMAC/PBKDF2')
    • Tiger HMAC ('Tiger/HMAC/PBKDF2')
    • Whirlpool HMAC ('Whirlpool/HMAC/PBKDF2')
  • Compare plaintext to hashtext using .checkPassKey(salt, plain, hashed, length)

Hashing (class HashCrypt) #

  • Constructor: HashCrypt([String algorithm = "SHA-3/512"])
  • SHA-3 ('SHA-3/___') :
    • /224
    • /256 (Default/Recommended Hash)
    • /384
    • /512
  • SHA-2 ('SHA-___'):
    • -224
    • -256
    • -384
    • -512
  • SHA-1 ('SHA-1') INSECURE
  • Tiger ('Tiger')
  • Blake2b ('Blake2b')
  • RipeMD ('RIPEMD-___'):
    • -128
    • -160
    • -256
    • -320
  • MD5 ('MD5') INSECURE
  • MD4 ('MD4') INSECURE
  • MD2 ('MD2') INSECURE
  • Note: Compare plaintext to hashtext using .checkpass(plain, hashed)

MAC's (class MacCrypt) #

  • Constructor: MacCrypt ('32 length key', 'CMAC or HMAC', 'algorithm here')
  • HMAC and CMAC are available
    • For HMAC algorithm field, use any available hashing algorithm in HashCrypt for algorithm
    • For CMAC algorithm field, use any available AES block cipher algorithm in AESCrypt for algorithm

Key/IV Generation (class CryptKey) #

  • Constructor: CryptKey()
  • Method: .genFortuna ([int length = 32])
    • Generates cryptographic string using Fortuna algorithm
    • Slower but significantly more secure
    • Best for private keys
    • Used internally
  • Method: .genDart ([int length = 16])
    • Generates cryptographic string using Dart Random.secure()
    • Faster but less secure
    • Best for IV's or salt

Usage #

A simple usage example:

import 'package:steel_crypt/steel_crypt.dart';

main() {
  var FortunaKey = CryptKey().genFortuna(); //generate 32 byte key generated with Fortuna


  var aesEncrypter = AesCrypt(FortunaKey, 'cbc',
      'iso10126-2'); //generate AES block encrypter with key and ISO7816-4 padding

  var aesEncrypter2 = AesCrypt(FortunaKey, 'ofb-64',
      'pkcs7'); //generate AES OFB-64 block encrypter with key and PKCS7 padding

  var streamAES = AesCrypt(FortunaKey, 'ctr'); //generate AES CTR stream encrypter with key


  var encrypter2 = RsaCrypt(); //generate RSA encrypter


  var encrypter3 = LightCrypt(FortunaKey, "ChaCha20/12"); //generate ChaCha20/12 encrypter


  var hasher = HashCrypt("SHA-3/512"); //generate SHA-3/512 hasher

  var hasher3 = MacCrypt(FortunaKey, "CMAC", 'cfb-64'); //CMAC AES CFB-64 Hasher


  var passHash = PassCrypt('scrypt'); //generate scrypt password hasher


  var ivsalt = CryptKey().genDart(
      16); //generate iv for AES with Dart Random.secure()

  var iv2 = CryptKey().genDart(8); //generate iv for ChaCha20 with Dart Random.secure()

  //Print key
  print ("Key:");

  print(FortunaKey);

  print("");


  //Print IV
  print ("IV (AES/Scrypt):");

  print(ivsalt);

  print("");

  //Print IV
  print ("IV (ChaCha20):");

  print(iv2);

  print("");
  
  //SHA-3 512 Hash
  print("SHA-3 512 Hash:");

  String hash = hasher.hash('example'); //perform hash

  print(hash);

  print(hasher.checkhash('example', hash)); //perform check

  print("");

  //CMAC AES CFB-64 Hash
  print("CMAC AES CFB-64 Hash:");

  var hash3 = hasher3.process('words'); //perform hash

  print(hash3);

  print(hasher3.check('words', hash3)); //perform check

  print("");

  //Password (scrypt)
  print("Password hash (scrypt):");

  var hash4 = passHash.hashPass(ivsalt, "words"); //perform hash

  print(hash4);

  print(passHash.checkPassKey(ivsalt, "words", hash4)); //perform check

  print("");


  //12-Round ChaCha20; Symmetric stream cipher
  print("ChaCha20 Symmetric:");

  String crypted3 = encrypter3.encrypt('broken', iv2); //encrypt

  print(crypted3);

  print(encrypter3.decrypt(crypted3, iv2)); //decrypt

  print("");


  //AES CBC with ISO7816-4 padding; Symmetric block cipher
  print("AES Symmetric CBC:");

  String crypted = aesEncrypter.encrypt('words', ivsalt); //encrypt

  print(crypted);

  print(aesEncrypter.decrypt(crypted, ivsalt)); //decrypt

  print("");


  //AES OFB-64 with PKCS7 padding; Symmetric block cipher
  print("AES Symmetric OFB-64:");

  String crypted2 = aesEncrypter2.encrypt('words', ivsalt); //encrypt

  print(crypted2);

  print(aesEncrypter2.decrypt(crypted2, ivsalt)); //decrypt

  print("");


  //AES CTR; Symmetric stream cipher
  print("AES Symmetric CTR:");

  String crypted5 = streamAES.encrypt('words', ivsalt); //Encrypt.

  print(crypted5);

  print(streamAES.decrypt(crypted5, ivsalt)); //Decrypt.

  print("");


  //RSA with OAEP padding; Asymmetric
  print("RSA Asymmetric:");

  var crypted4 = encrypter2.encrypt("word", encrypter2.randPubKey); //encrypt

  print(crypted4);

  print(encrypter2.decrypt(crypted4, encrypter2.randPrivKey)); //decrypt

  print("");
}

CLI #

This CLI allows you to perform basic functions from the main package on the terminal

Setup #

  • If you haven't already done so, add pub-cache to your PATH with $ export PATH="$PATH":"$HOME/.pub-cache/bin"
  • Globally activate the steel_crypt package with $ pub global activate steel_crypt

Commands #

  • encrypt: $ encrypt -t (text here) -k (key here) -i (iv here)
    • Uses AES with PKCS7 padding
    • All fields required
  • decrypt: $ decrypt -t (encrypted here) -k (key here) -i (iv here)
    • Uses AES with PKCS7 padding
    • All fields required
  • hash: $ hashtext -p (plain here)
    • Uses SHA-3/512
    • Field required
  • make keys: $ genkey -l (length here)

Notes #

  • This is fairly well-tested and documented, but use in production at your own risk.
  • This is practically complete; however, I'm always open to new ideas and feature requests, and will always maintain for bugs.
  • I need your input! What algorithms and features would you like to see here? That leads me to...
  • Please file feature requests, clarifications, and bugs at the issue tracker!

TODO's #

  • [x] Create Project + add "Starter Set" of algorithms
  • [x] Add more, different hashes
  • [x] Add more, different 2-way stream algorithms
  • [x] Try to add more packaging options
  • [x] Tackle adding an RSA solution
  • [x] Create a more complete password solution
  • [x] Add more detailed example
  • [x] Update further reading
  • [ ] Use Dart2Native for CLI (maybe)
  • [ ] Add more AES modes (GCM done, de-prioritized)
  • [ ] ??? (Leave feature requests in the issue tracker above, and they'll end up here!)

Note: Prior Knowledge #

It is my personal recommendation to always know what each algorithm that you are using in a given application, and how it works. However, this package exists to help you with that transition. This package is not a guide on cryptography, and cannot substitute for prior knowledge of some level of cryptography. If you need help understanding concepts of cryptography, ask someone; user data is always the priority, and I'll help anyone willing to listen. I'd much rather answer an issue regarding basic encryption than hear that my packagewas used improperly and thus compromised. If you ever need to reach me, post in the issue tracker above; I'll be on it as quickly as possible.


Pub License Commits

©2019 Aditya Kishore #
Licensed under the Mozilla Public License 2.0 #
This project is built on a custom implementation of Steven Roose's PointyCastle. #

1.5.1 AND 1.5.1+1 #

  • Made MacCrypt more consistent with standards
  • Improved CMAC to function better
  • Added GCM and GCTR to AES
  • Improved README with note on prior knowledge

1.4.1+1 #

  • No functional update
  • Changed example to be more efficient

1.4.1 BREAKING #

  • Revamped ChaCha20 algorithm to:
    • Be compliant with the original definition
    • Work with the UTF-8 charset
  • Bettered documentation
  • Cleaned up code

1.3.2-1.3.2+1 #

  • Fixed bug in ECB mode for AES
  • Cleaned up code
  • Updated README for AES bugfix

1.3.1+1 #

  • Changed defaults for a couple classes
  • Cleaned up code a little bit
  • Got rid of those pesky new keywords
  • Reformatted src directory
  • No functional change unless you're using defaults

1.3.1 #

  • Intro new algorithm: RC4
  • Better documentation
  • Better, more consistent README

1.3.0 BREAKING #

  • Introduced RSA key parsing from PEM
  • .pubKey and .privKey getters are now .randPubKey and .randPrivKey

1.2.0+2 #

  • More major README edits
  • Still no functional change

1.2.0+1 #

  • Fixed major README issue
  • No functional change

1.2.0 #

  • Total revamp of PassCrypt()
  • Scrypt password hashing now available (and default)
  • PBKDF2 base algorithm now changeable
  • Lowered PBKDF2 rounds to 10000 to increase speed

1.1.2 #

  • New padding option: ISO10126-2
  • Security fix to X9.23 padding

1.1.1+1 & 1.1.1+2

  • README edits
  • No functional change

1.1.1 #

  • Various bug fixes regarding static variables
  • README edits for clarity

1.1.0 #

  • Added Grain-128 algorithm
  • Added ISAAC algorithm
  • README updates

1.0.1+1 to 1.0.1+3 #

  • Minor Readme update
  • No functional change

1.0.1 #

  • Fixed breaking bug in CMAC
  • Added HC-256 algorithm

1.0.0 - Breaking! #

  • Release version! This package is now stable and tested.
  • Old .hashHMAC class now obsolete
  • Added new MacCrypt() class with CMAC and HMAC
  • Added two new padding options for AES

0.8.2+1 #

  • Minor updates to pubspec
  • No functional change

0.8.2 #

  • New reduced-round variants of Salsa20
  • Better documentation
  • Minor bug fixes to hashing classes

0.8.1+1 to 0.8.1+5 #

  • Bettered code health for pub
  • No functional improvement

0.8.1 #

  • Revamped AES with new padding and better explanation in README
  • Made HashCrypt and PassCrypt less buggy to use
  • Changed pointycastle dependency to github in order to get new padding
  • Phased out encrypt package
  • Added two new variants of ChaCha20

0.7.1+2 #

  • Minor Readme update
  • No functional change

0.7.1+1 #

  • Minor Readme update
  • No functional change

0.7.1 - Breaking! #

  • Revamped KeyCrypt() to have two methods
  • One generating with Fortuna
  • Other generating with Random.secure()
  • Old key generation method no longer works

0.6.2 #

  • Made it so HashCrypt() and PassCrypt() work with all strings
  • Updated AES documentation in README to reflect different modes

0.6.1+1 #

  • Hotfix for breaking bug regarding meta package
  • Fixes ChaCha20

0.6.1 - Breaking! #

  • Reorganization of files
  • Implemented ChaCha20
  • Changed SymCrypt() to AesCrypt()
  • Moved Salsa20 and ChaCha20 to new LightCrypt() class
  • Ditched Threefish due to lack of demand

0.5.5+1 #

  • Enforce IV uniqueness in SymCrypt class
  • Minor updates to README
  • Work begins in threefish.dart

0.5.5 #

  • Changed IV + Key generation to Fortuna for increased speed + entropy
  • Increases security, but no front-end changes
  • Improved runtime efficiency by declaring top-end variables and helper functions static
  • Decreased PassCrypt rounds from 20000 to 15000 to decrease runtime

0.5.4+1 #

  • Added Mozilla License notice + copyright to every code file
  • Included copyright at bottom of README
  • Updated README Notes + TODO's
  • No functional improvement

0.5.4 #

  • Fixing hash funct. of CLI

0.5.3+4 #

  • Disregard, README isn't processing properly
  • No functional improvement

0.5.3+3 #

  • More README fixes
  • Still no functional improvement

0.5.3+2 #

  • README looks terrible on pub, patched
  • No functional improvement

0.5.3+1 #

  • Edited README to illustrate best usage of CLI
  • No functional improvement

0.5.3 #

  • Added new CLI to increase ease of use

0.5.2+1 #

  • Improved documentation to adhere to dartdoc standard
  • Increased key generation security to overkill

0.5.2 #

  • Added better, more complete password hashing
  • Updated example and README

0.5.1 #

  • Traded to more traditional RSA solution
  • Got rid of crypto_tools as dependency
  • Changes to README and pubspec reflect this
  • Cleaned up example

0.4.1+1 #

  • Added to 'Reading' sect. of readme
  • No functional improvement

0.4.1 #

  • Exposed base PointyCastle api to get a bunch of new hashes
  • Got rid of crypto dependency
  • Updated pubspec and README to reflect changes

0.3.2+1 #

  • Lowered Dart SDK requirement

0.3.2 #

  • Fixed RSA encryption
  • Updated example

0.3.1 #

  • Added RSA encryption
  • Added plaintext-hashtext checks
  • Updated example to correspond with prior two
  • Added Reading section to README

0.2.1+1 #

  • Updated README

0.2.1 #

  • Fixed major, breaking bugs
  • Moved away from PointyCastle to reduce package size

0.1.2 #

  • Github repository added to pubspec

0.1.1 #

  • Project created with:
    • Two-way encryption (AES and Salsa20)
    • Hashing (Most major hashes)

example/example.dart

//This Source Code Form is subject to the terms of the Mozilla Public
//License, v. 2.0. If a copy of the MPL was not distributed with this
//file, You can obtain one at https://mozilla.org/MPL/2.0/.

// © 2019 Aditya Kishore

import 'package:steel_crypt/steel_crypt.dart';

main() {
  var FortunaKey =
      CryptKey().genFortuna(); //generate 32 byte key generated with Fortuna

  var aesEncrypter = AesCrypt(FortunaKey, 'cbc',
      'iso10126-2'); //generate AES block encrypter with key and ISO7816-4 padding

  var aesEncrypter2 = AesCrypt(FortunaKey, 'ofb-64',
      'pkcs7'); //generate AES OFB-64 block encrypter with key and PKCS7 padding

  var streamAES =
      AesCrypt(FortunaKey, 'ctr'); //generate AES CTR stream encrypter with key

  var encrypter2 = RsaCrypt(); //generate RSA encrypter

  var encrypter3 =
      LightCrypt(FortunaKey, "ChaCha20/12"); //generate ChaCha20/12 encrypter

  var hasher = HashCrypt("SHA-3/512"); //generate SHA-3/512 hasher

  var hasher3 = MacCrypt(FortunaKey, "CMAC", 'cfb-64'); //CMAC AES CFB-64 Hasher

  var passHash = PassCrypt('scrypt'); //generate scrypt password hasher

  var ivsalt =
      CryptKey().genDart(16); //generate iv for AES with Dart Random.secure()

  var iv2 = CryptKey()
      .genDart(8); //generate iv for ChaCha20 with Dart Random.secure()

  //Print key
  print("Key:");

  print(FortunaKey);

  print("");

  //Print IV
  print("IV (for AES/Scrypt):");

  print(ivsalt);

  print("");

  //Print IV
  print("IV (for ChaCha20):");

  print(iv2);

  print("");

  //SHA-3 512 Hash
  print("SHA-3 512 Hash:");

  String hash = hasher.hash('example'); //perform hash

  print(hash);

  print(hasher.checkhash('example', hash)); //perform check

  print("");

  //CMAC AES CFB-64 Hash
  print("CMAC AES CFB-64 Hash:");

  var hash3 = hasher3.process('words'); //perform hash

  print(hash3);

  print(hasher3.check('words', hash3)); //perform check

  print("");

  //Password (scrypt)
  print("Password hash (scrypt):");

  var hash4 = passHash.hashPass(ivsalt, "words"); //perform hash

  print(hash4);

  print(passHash.checkPassKey(ivsalt, "words", hash4)); //perform check

  print("");

  //12-Round ChaCha20; Symmetric stream cipher
  print("ChaCha20 Symmetric:");

  String crypted3 = encrypter3.encrypt('broken', iv2); //encrypt

  print(crypted3);

  print(encrypter3.decrypt(crypted3, iv2)); //decrypt

  print("");

  //AES CBC with ISO7816-4 padding; Symmetric block cipher
  print("AES Symmetric CBC:");

  String crypted = aesEncrypter.encrypt('words', ivsalt); //encrypt

  print(crypted);

  print(aesEncrypter.decrypt(crypted, ivsalt)); //decrypt

  print("");

  //AES OFB-64 with PKCS7 padding; Symmetric block cipher
  print("AES Symmetric OFB-64:");

  String crypted2 = aesEncrypter2.encrypt('words', ivsalt); //encrypt

  print(crypted2);

  print(aesEncrypter2.decrypt(crypted2, ivsalt)); //decrypt

  print("");

  //AES CTR; Symmetric stream cipher
  print("AES Symmetric CTR:");

  String crypted5 = streamAES.encrypt('words', ivsalt); //Encrypt.

  print(crypted5);

  print(streamAES.decrypt(crypted5, ivsalt)); //Decrypt.

  print("");

  //RSA with OAEP padding; Asymmetric
  print("RSA Asymmetric:");

  var crypted4 = encrypter2.encrypt("word", encrypter2.randPubKey); //encrypt

  print(crypted4);

  print(encrypter2.decrypt(crypted4, encrypter2.randPrivKey)); //decrypt

  print("");
}

Use this package as an executable

1. Install it

You can install the package from the command line:


$ pub global activate steel_crypt

2. Use it

The package has the following executables:


$ decrypt
$ encrypt
$ genkey
$ hashtext

Use this package as a library

1. Depend on it

Add this to your package's pubspec.yaml file:


dependencies:
  steel_crypt: ^1.5.1+1

2. Install it

You can install packages from the command line:

with pub:


$ pub get

with Flutter:


$ flutter pub get

Alternatively, your editor might support pub get or flutter pub get. Check the docs for your editor to learn more.

3. Import it

Now in your Dart code, you can use:


import 'package:steel_crypt/steel_crypt.dart';
  
Popularity:
Describes how popular the package is relative to other packages. [more]
83
Health:
Code health derived from static analysis. [more]
100
Maintenance:
Reflects how tidy and up-to-date the package is. [more]
100
Overall:
Weighted score of the above. [more]
92
Learn more about scoring.

We analyzed this package on Dec 9, 2019, and provided a score, details, and suggestions below. Analysis was completed with status completed using:

  • Dart: 2.6.1
  • pana: 0.13.1+4

Dependencies

Package Constraint Resolved Available
Direct dependencies
Dart SDK >=2.1.0 <3.0.0
args ^1.5.2 1.5.2
asn1lib ^0.5.8 0.5.14
Dev dependencies
meta any
pedantic ^1.7.0
test ^1.6.0