flutter_string_encryption 0.2.0

  • README.md
  • CHANGELOG.md
  • Example
  • Installing
  • Versions
  • 93

flutter_string_encryption

Cross-platform string encryption using common best-practices (AES/CBC/PKCS5/Random IVs/HMAC-SHA256 Integrity Check).

It uses the format described in this article.

It currently uses Native Platform implementations, which are (we all hope) constantly vetted and updated by Apple and Google, with some really tiny library wrappers to ease some of the tedious work.

For the Android side, I used the following library (coming from the same authors of the article above): https://github.com/tozny/java-aes-crypto

For the iOS side, I implemented the format described in the article directly inside the native plugin, and used the following library to help me with Apple's CommonCrypto functions which are not really easy to interact with otherwise: https://github.com/sgl0v/SCrypto

Support

In order to work on iOS, you need to bump the iOS support version up to 9.0. This can be done inside your ios project Podfile by uncommenting the very first line of the file:

# Uncomment this line to define a global platform for your project
platform :ios, '9.0'

Usage

final cryptor = new PlatformStringCryptor();

Generate A Secret Key

Randomly

Generate it and store it in a safe place - e.g. the Keychain/KeyStore

final String key = await cryptor.generateRandomKey();

Password-Based

Generate and (safely) store the salt, and then generate the key with a user-provided password before encrypting/decrypting your strings.

final password = "user_provided_password";
final String salt = await cryptor.generateSalt();
final String key = await crypto.generateKeyFromPassword(password, salt);

Encrypt A String

final String encrypted = await cryptor.encrypt("A string to encrypt.", key);

Decrypt A String

try {
  final String decrypted = await cryptor.decrypt(encrypted, key);
  print(decrypted); // - A string to encrypt.
} on MacMismatchException {
  // unable to decrypt (wrong key or forged data)
}

License

MIT (both this plugin and the used helper libraries).

[0.2.0] - iOS - Cocoapods: Enable compilation as static framework

[0.1.0] - Make PlatformStringCryptor inheritable, fix minor Android compilation issues.

[0.0.2] - Fix Dart 2 issues

[0.0.1] - Initial Release

example/lib/main.dart

import 'package:flutter/material.dart';
import 'package:flutter_string_encryption/flutter_string_encryption.dart';

void main() => runApp(new MyApp());

class MyApp extends StatefulWidget {
  @override
  _MyAppState createState() => new _MyAppState();
}

class _MyAppState extends State<MyApp> {
  String _randomKey = 'Unknown';
  String _string = "Unknown";
  String _encrypted = "Unknown";

  @override
  initState() {
    super.initState();
    initPlatformState();
  }

  // Platform messages are asynchronous, so we initialize in an async method.
  initPlatformState() async {
    final cryptor = new PlatformStringCryptor();

    final key = await cryptor.generateRandomKey();
    print("randomKey: $key");

    final string = "here is the string, here is the string.";
    final encrypted = await cryptor.encrypt(string, key);
    final decrypted = await cryptor.decrypt(encrypted, key);

    assert(decrypted == string);

    final wrongKey =
        "jIkj0VOLhFpOJSpI7SibjA==:RZ03+kGZ/9Di3PT0a3xUDibD6gmb2RIhTVF+mQfZqy0=";

    try {
      await cryptor.decrypt(encrypted, wrongKey);
    } on MacMismatchException {
      print("wrongly decrypted");
    }

    final salt = "Ee/aHwc6EfEactQ00sm/0A=="; // await cryptor.generateSalt();
    final password = "a_strong_password%./😋";
    final generatedKey = await cryptor.generateKeyFromPassword(password, salt);
    print("salt: $salt, key: $generatedKey");

    assert(generatedKey == wrongKey);

    setState(() {
      _randomKey = key;
      _string = string;
      _encrypted = encrypted;
    });
  }

  @override
  Widget build(BuildContext context) {
    return new MaterialApp(
      home: new Scaffold(
        appBar: new AppBar(
          title: new Text('Plugin example app'),
        ),
        body: new Center(
          child: new Text(
              'Random key: $_randomKey\n\nString: $_string\n\nEncrypted: $_encrypted'),
        ),
      ),
    );
  }
}

Use this package as a library

1. Depend on it

Add this to your package's pubspec.yaml file:


dependencies:
  flutter_string_encryption: ^0.2.0

2. Install it

You can install packages from the command line:

with Flutter:


$ flutter packages get

Alternatively, your editor might support flutter packages get. Check the docs for your editor to learn more.

3. Import it

Now in your Dart code, you can use:


import 'package:flutter_string_encryption/flutter_string_encryption.dart';
  
Version Uploaded Documentation Archive
0.2.0 Oct 10, 2018 Go to the documentation of flutter_string_encryption 0.2.0 Download flutter_string_encryption 0.2.0 archive
0.1.0 Aug 4, 2018 Go to the documentation of flutter_string_encryption 0.1.0 Download flutter_string_encryption 0.1.0 archive
0.0.2 Apr 19, 2018 Go to the documentation of flutter_string_encryption 0.0.2 Download flutter_string_encryption 0.0.2 archive
0.0.1 Jan 8, 2018 Go to the documentation of flutter_string_encryption 0.0.1 Download flutter_string_encryption 0.0.1 archive
Popularity:
Describes how popular the package is relative to other packages. [more]
86
Health:
Code health derived from static analysis. [more]
100
Maintenance:
Reflects how tidy and up-to-date the package is. [more]
100
Overall:
Weighted score of the above. [more]
93
Learn more about scoring.

We analyzed this package on Dec 5, 2018, and provided a score, details, and suggestions below. Analysis was completed with status completed using:

  • Dart: 2.1.0
  • pana: 0.12.7
  • Flutter: 1.0.0

Platforms

Detected platforms: Flutter

References Flutter, and has no conflicting libraries.

Dependencies

Package Constraint Resolved Available
Direct dependencies
Dart SDK >=1.24.0 <3.0.0
flutter 0.0.0
Transitive dependencies
collection 1.14.11
meta 1.1.6
sky_engine 0.0.99
typed_data 1.1.6
vector_math 2.0.8