webcrypto 0.1.1

Cross-platform implementation of Web Cryptography APIs

Cross-Platform Web Cryptography Implemenation

This package provides a cross-platform implementation of the Web Cryptograph API.

Disclaimer: This is not an officially supported Google product.

This packages provides an implementation of the Web Cryptograph API across multiple platforms. Outside the browser, this package features a native implementation embedding BoringSSL using dart:ffi. When used inside a web browser this package wraps the window.crypto APIs and providing the same Dart API as the native implementation.

This way, package:webcrypto provides the same crypto API on multiple platforms. Initially targeting Flutter for Android and Web, with iOS and other platforms following as soon as the build system allows.

Example

import 'dart:convert' show base64, utf8;
import 'package:webcrypto/webcrypto.dart';

Future<void> main() async {
  final digest = await Hash.sha256.digestBytes(utf8.encode('Hello World'));
  print(base.encode(digest));
}

Features:

• Get random bytes
• Digest (sha-1/sha-256/sha-384/sha-512)
• HMAC (sign/verify)
• RSASSA-PKCS1-v1_5 (sign/verify)
• RSA-PSS (sign/verify)
• ECDSA (sign/verify)
• RSA-OAEP (encrypt/decrypt)
• AES-CTR, AES-CBC, AES-GCM (encrypt/decrypt)
• ECDH (deriveBits)
• HKDF (deriveBits)
• PBKDF2 (deriveBits)
• BoringSSL, Chrome and Firefox implementations pass the same test cases.

Missing:

• Exceptions and errors thrown for invalid input is not tested yet.
• Finalizers not implemented yet, hence, memory leaks of keys is a known issues in the native implementation.
• The native implementation executes on the main-thread, however, all expensive APIs are asynchronous, so they can be offloaded in the future.

For a discussion of the API design of this package, see doc/design-rationale-md.

Limitations

This package has a few limitations compared to the Web Cryptograph API. For a discussion of parity with Web Cryptography APIs see doc/webcrypto-parity.md.

• deriveKey is not supported, however, keys can always be created from derivedBits which is supported.
• wrapKey is not supported, however, keys can be exported an encrypted.
• unwrapKey is not supported, however, keys can be decrypted and imported.
• AES-KW is not supported because it does not support encrypt/decrypt.

Compatibility notes

This package has many tests cases to asses compatibility across the native implementation using BoringSSL and various browser implementations of the Web Cryptography APIs.

At the moment compatibility testing is limited to native implementation, Chrome and Firefox.

Known Issues:

• Chrome and BoringSSL does not support valid ECDH spki-formatted keys exported by Firefox prior to version 72.
• Firefox does not support PKCS8 import/export for ECDSA and ECDH keys.
• Firefox does not handle counter wrap around for AES-CTR.
• The browser implementation of streaming methods for encryption, decryption, signing and verification buffers the entire input, because window.crypto does not expose a streaming API. However, the native implementation using BoringSSL does support streaming.

References

• Web Cryptograpy Specification.
• MDN Web Crypto API.
• Chromium Web Crypto Source.
• BoringSSL Source.
• BoringSSL Documentation.