steel_crypt 1.5.2+4

A comprehensive library of high-level, cryptographic APIs. This library supports hashing, password hashing, symmetric/asymmetric two-way encryption, and key/IV generation.

Steel Crypt

A comprehensive library of high-level, cryptographic API's, either manually defined or pulled from PointyCastle. This library currently supports hashing, symmetric two-way encryption, asymmetric two-way encryption, and key/IV generation. It also has a CLI, for conducting basic cryptography operations.

---

It takes time, effort, and mental power to keep this package updated, useful, and improving. If you used or are using the package, I'd appreciate it if you could spare a few dollars to help me continue development.

---

Classes

AES Encryption (class AesCrypt)

• Constructor: AesCrypt ('32 length key', 'mode here', 'padding here')

• AES is a standardized, widely used cipher

• It can be used as either a block or stream cipher, depending on mode

• Operatable in 6 different modes:

  • Stream modes:
    • CTR ('ctr')
    • SIC ('sic')
  • Block modes:
    • CBC ('cbc')
    • ECB ('ecb') INSECURE
    • CFB-64 ('cfb-64')
    • OFB-64 ('ofb-64')
    • GCTR ('gctr')
    • GCM ('gcm') (Default/Recommended Mode)

• 5 paddings available for block modes:

  • PKCS7 Padding ('pkcs7') (Default)
  • ISO7816-4 Padding ('iso7816-4')
  • X9.23 Padding ('x9.23')
  • TBC Padding ('tbc')
  • ISO10126-2 Padding ('iso10126-2')

• Note: All block modes require padding, to ensure that input is the correct block size.

• Note: Paddings do not work with stream modes. You can still enter the parameter, but it won't be used.

• Note: ECB does not require an IV. You can still enter the parameter, but it won't be used.

• Note: All other modes require 16 bytes of IV (Initialization Vector, see CryptKey for generation).

Lightweight Stream Ciphers (class LightCrypt)

• Constructor: LightCrypt('32 length key', 'algorithm here')
• ChaCha20 stream cipher ('ChaCha20/__')
  • Derivative of Salsa20 with increased security/speed
  • Can be used in 3 variants:
    • 20 round ( __ ==> '20' ) (Default/Recommended Cipher)
    • 12 round ( __ ==> '12' )
    • 8 round ( __ ==> '8' )
  • Note: Requires 8 bytes of IV (Initialization Vector, see CryptKey for generation)
• Salsa20 stream cipher ('Salsa20/__')
  • Secure, speedy AES alternative
  • E-Crypt Stream Cipher final portfolio
  • Can be used in 3 variants:
    • 20 round ( __ ==> '20' )
    • 12 round ( __ ==> '12' )
    • 8 round ( __ ==> '8' )
  • Note: Requires 8 bytes of IV (Initialization Vector, see CryptKey for generation)
• HC-256 stream cipher ('HC-256')
  • Secure, software-efficient cipher
  • E-Crypt Stream Cipher final portfolio
  • Note: Requires 16 bytes of IV (Initialization Vector, see CryptKey for generation)
• Grain-128 stream cipher ('Grain-128')
  • Secure, hardware-efficient cipher
  • E-Crypt Stream Cipher final portfolio
  • Note: Requires 12 bytes of IV (Initialization Vector, see CryptKey for generation)
• ISAAC stream cipher ('ISAAC')
  • Extremely fast stream cipher
  • Secure, but with a low margin
  • Usage not recommended unless you have very high speed needs
  • Note: Requires no IV; you can enter an IV param, but it won't affect anything
• RC4 stream cipher ('RC4')
  • Somewhat fast stream cipher
  • Secure(ish), but with a dangerously low margin
  • Usage not recommended unless you have a legacy system; otherwise use ChaCha for the whole package or Grain/HC-256 for platform optimization
  • Note: Requires no IV; you can enter an IV param, but it won't affect anything

2-Way Asymmetric (class RsaCrypt)

• Constructor: RsaCrypt()
• RSA with OAEP padding
  • String encrypt(String text, RSAPublicKey pubKey)
  • String decrypt(String encrypted, RSAPrivateKey privateKey)
• Note: RsaCrypt auto generates secure RSA private and public keys. You can access them using .randPrivKey and .randPubKey getters, or use your own.
• Note: To get key from a PEM file, use RsaCrypt().parseKeyFromFile(String PemFilepathHere) and pass the PEM file as a string.
• Note: To get key from a PEM string, use RsaCrypt().parseKeyFromString(String PemStringHere) and pass the PEM string.
• Note: To convert key to PEM string, use RsaCrypt().encodeKeyToString(RsaAsymmetricKey KeyHere) and pass the key.

Password Hashing (class PassCrypt)

• Constructor: PassCrypt([String algorithm = "scrypt"])
• Scrypt ('scrypt') (Default/Recommended Algorithm)
• PBKDF2 with:
  • SHA-256 HMAC ('SHA-256/HMAC/PBKDF2')
  • SHA-384 HMAC ('SHA-384/HMAC/PBKDF2')
  • SHA-512 HMAC ('SHA-512/HMAC/PBKDF2')
  • 256 bit SHA-3 HMAC ('SHA-3/256/HMAC/PBKDF2')
  • 512 bit SHA-3 HMAC ('SHA-3/512/HMAC/PBKDF2')
  • RipeMD 128 HMAC ('RIPEMD-128/HMAC/PBKDF2')
  • RipeMD 160 HMAC ('RIPEMD-160/HMAC/PBKDF2')
  • Blake2b HMAC ('Blake2b/HMAC/PBKDF2')
  • Tiger HMAC ('Tiger/HMAC/PBKDF2')
  • Whirlpool HMAC ('Whirlpool/HMAC/PBKDF2')
• Compare plaintext to hashtext using .checkPassKey(salt, plain, hashed, length)

Hashing (class HashCrypt)

• Constructor: HashCrypt([String algorithm = "SHA-3/512"])
• SHA-3 ('SHA-3/___') :
  • /224
  • /256 (Default/Recommended Hash)
  • /384
  • /512
• SHA-2 ('SHA-___'):
  • -224
  • -256
  • -384
  • -512
• SHA-1 ('SHA-1') INSECURE
• Tiger ('Tiger')
• Blake2b ('Blake2b')
• RipeMD ('RIPEMD-___'):
  • -128
  • -160
  • -256
  • -320
• MD5 ('MD5') INSECURE
• MD4 ('MD4') INSECURE
• MD2 ('MD2') INSECURE
• Note: Compare plaintext to hashtext using .checkpass(plain, hashed)

MAC's (class MacCrypt)

• Constructor: MacCrypt ('32 length key', 'CMAC or HMAC', 'algorithm here')
• HMAC and CMAC are available
  • For HMAC algorithm field, use any available hashing algorithm in HashCrypt for algorithm
  • For CMAC algorithm field, use any available AES block cipher algorithm in AESCrypt for algorithm

Key/IV Generation (class CryptKey)

• Constructor: CryptKey()
• Method: .genFortuna ([int length = 32])
  • Generates cryptographic string using Fortuna algorithm
  • Slower but significantly more secure
  • Best for private keys
  • Used internally
• Method: .genDart ([int length = 16])
  • Generates cryptographic string using Dart Random.secure()
  • Faster but less secure
  • Best for IV's or salt

---

Usage

A simple usage example:

import 'package:steel_crypt/steel_crypt.dart';

main() {
  var FortunaKey = CryptKey().genFortuna(); //generate 32 byte key generated with Fortuna


  var aesEncrypter = AesCrypt(FortunaKey, 'cbc',
      'iso10126-2'); //generate AES block encrypter with key and ISO7816-4 padding

  var aesEncrypter2 = AesCrypt(FortunaKey, 'ofb-64',
      'pkcs7'); //generate AES OFB-64 block encrypter with key and PKCS7 padding

  var streamAES = AesCrypt(FortunaKey, 'ctr'); //generate AES CTR stream encrypter with key


  var encrypter2 = RsaCrypt(); //generate RSA encrypter


  var encrypter3 = LightCrypt(FortunaKey, "ChaCha20/12"); //generate ChaCha20/12 encrypter


  var hasher = HashCrypt("SHA-3/512"); //generate SHA-3/512 hasher

  var hasher3 = MacCrypt(FortunaKey, "CMAC", 'cfb-64'); //CMAC AES CFB-64 Hasher


  var passHash = PassCrypt('scrypt'); //generate scrypt password hasher


  var ivsalt = CryptKey().genDart(
      16); //generate iv for AES with Dart Random.secure()

  var iv2 = CryptKey().genDart(8); //generate iv for ChaCha20 with Dart Random.secure()

  //Print key
  print ("Key:");

  print(FortunaKey);

  print("");


  //Print IV
  print ("IV (AES/Scrypt):");

  print(ivsalt);

  print("");

  //Print IV
  print ("IV (ChaCha20):");

  print(iv2);

  print("");
  
  //SHA-3 512 Hash
  print("SHA-3 512 Hash:");

  String hash = hasher.hash('example'); //perform hash

  print(hash);

  print(hasher.checkhash('example', hash)); //perform check

  print("");

  //CMAC AES CFB-64 Hash
  print("CMAC AES CFB-64 Hash:");

  var hash3 = hasher3.process('words'); //perform hash

  print(hash3);

  print(hasher3.check('words', hash3)); //perform check

  print("");

  //Password (scrypt)
  print("Password hash (scrypt):");

  var hash4 = passHash.hashPass(ivsalt, "words"); //perform hash

  print(hash4);

  print(passHash.checkPassKey(ivsalt, "words", hash4)); //perform check

  print("");


  //12-Round ChaCha20; Symmetric stream cipher
  print("ChaCha20 Symmetric:");

  String crypted3 = encrypter3.encrypt('broken', iv2); //encrypt

  print(crypted3);

  print(encrypter3.decrypt(crypted3, iv2)); //decrypt

  print("");


  //AES CBC with ISO7816-4 padding; Symmetric block cipher
  print("AES Symmetric CBC:");

  String crypted = aesEncrypter.encrypt('words', ivsalt); //encrypt

  print(crypted);

  print(aesEncrypter.decrypt(crypted, ivsalt)); //decrypt

  print("");


  //AES OFB-64 with PKCS7 padding; Symmetric block cipher
  print("AES Symmetric OFB-64:");

  String crypted2 = aesEncrypter2.encrypt('words', ivsalt); //encrypt

  print(crypted2);

  print(aesEncrypter2.decrypt(crypted2, ivsalt)); //decrypt

  print("");


  //AES CTR; Symmetric stream cipher
  print("AES Symmetric CTR:");

  String crypted5 = streamAES.encrypt('words', ivsalt); //Encrypt.

  print(crypted5);

  print(streamAES.decrypt(crypted5, ivsalt)); //Decrypt.

  print("");


  //RSA with OAEP padding; Asymmetric
  print("RSA Asymmetric:");

  var crypted4 = encrypter2.encrypt("word", encrypter2.randPubKey); //encrypt

  print(crypted4);

  print(encrypter2.decrypt(crypted4, encrypter2.randPrivKey)); //decrypt

  print("");
}

---

CLI

This CLI allows you to perform basic functions from the main package on the terminal

Setup

• If you haven't already done so, add pub-cache to your PATH with $ export PATH="$PATH":"$HOME/.pub-cache/bin"
• Globally activate the steel_crypt package with $ pub global activate steel_crypt

Commands

• encrypt: $ encrypt -t (text here) -k (key here) -i (iv here)
  • Uses AES with PKCS7 padding
  • All fields required
• decrypt: $ decrypt -t (encrypted here) -k (key here) -i (iv here)
  • Uses AES with PKCS7 padding
  • All fields required
• hash: $ hashtext -p (plain here)
  • Uses SHA-3/512
  • Field required
• make keys: $ genkey -l (length here)

---

Notes

• This is fairly well-tested and documented, but use in production at your own risk.
• This is practically complete; however, I'm always open to new ideas and feature requests, and will always maintain for bugs.
• I need your input! What algorithms and features would you like to see here? That leads me to...
• Please file feature requests, clarifications, and bugs at the issue tracker!

---

TODO's

• ✅ Create Project + add "Starter Set" of algorithms
• ✅ Add more, different hashes
• ✅ Add more, different 2-way stream algorithms
• ✅ Try to add more packaging options
• ✅ Tackle adding an RSA solution
• ✅ Create a more complete password solution
• ✅ Add more detailed example
• ✅ Update further reading
• ❌ Use Dart2Native for CLI (maybe)
• ❌ Add more AES modes (GCM done, de-prioritized)
• ❌ ??? (Leave feature requests in the issue tracker above, and they'll end up here!)

---

Note: Prior Knowledge

It is my personal recommendation to always know what each algorithm that you are using in a given application, and how it works. However, this package exists to help you with that transition. This package is not a guide on cryptography, and cannot substitute for prior knowledge of some level of cryptography. If you need help understanding concepts of cryptography, ask someone; user data is always the priority, and I'll help anyone willing to listen. I'd much rather answer an issue regarding basic encryption than hear that my packagewas used improperly and thus compromised. If you ever need to reach me, post in the issue tracker above; I'll be on it as quickly as possible.

---

©2019 Aditya Kishore

Licensed under the Mozilla Public License 2.0

This project is built on a custom implementation of Steven Roose's PointyCastle.