AES-256-GCM
ravitejaavv opened this issue · comments
Does steel_crypt has support for AES-256-GCM encryption/decryption?
It does, yeah. The AES offered by steel_crypt is AES-256.
You can use the AesCrypt class: https://pub.dev/documentation/steel_crypt/latest/steel_crypt/AesCrypt-class.html
Or the AesCryptRaw class: https://pub.dev/documentation/steel_crypt/latest/steel_crypt/AesCryptRaw-class.html
They both have a property gcm which can be used to access a GCM encryptor based on the key you provided.
How do i pass my own password?
For example:
String password = "password123";
String encryptedString = aes.gcm.encrypt(inp: 'words', password: password);
you'll need to hash the password (look into PassCrypt: https://pub.dev/documentation/steel_crypt/latest/steel_crypt/PassCrypt-class.html). The resultant 32 byte key is secure and usable for AES.
The outline of the code looks like this:
hash password -> get key
make aes encryptor using key + padding
then:
aes.gcm.encrypt(inp: 'words', iv: 'base64ivhere');
store(encrypted + iv); //where + is append
To decrypt, it's a similar process: hash the password to get the key, separate the iv from the encrypted text, and pass in the text and iv to the decrypt method.
You will have to find a way to salt the password; usually that's some device specific identifier that remains constant.
If you don't understand any of this process, go read up on cryptographic algorithms. Specifically: read up on password hashing and AES-GCM, and effective usage of them in production. You NEED IVs that are unique, and you NEED salts which are consistent and unique to a given user.