Skip to content
/ seckit Public

Secure cryptographic utilities for Dart JWT authentication, field encryption, password hashing, and deterministic hashing.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bakhbk/seckit

BranchesTags

Repository files navigation

Seckit

Secure cryptographic utilities for Dart: JWT authentication, field encryption with HMAC authentication, bcrypt password hashing, and deterministic hashing for searchable fields.

pub package License: MIT

Features

  • 🔐 JWT Handler - HS256 tokens with expiration validation
  • 🔒 Field Encryptor - AES-256-CBC + HMAC authentication (searchable)
  • 🛡️ Password Hasher - bcrypt for authentication
  • 🔍 Deterministic Hasher - HMAC-SHA256 for database lookups
  • 📧 Email Utils - Masking and validation

Security Highlights

✅ Constant-time comparisons (timing attack prevention)
✅ HMAC authentication (tampering detection)
✅ Input validation (DoS prevention)
✅ No information leakage in errors
✅ Audited & production-ready

Quick Start

1. JWT Authentication

import 'package:seckit/seckit.dart';

final jwt = JwtHandler(
  secretKey: 'your-secret-key-32-characters-long!',
  devAuthToken: 'dev-token',
  isProd: true,
  userIdKey: 'user_id',
);

// Generate token
final token = jwt.generateToken(claims: {'user_id': 123, 'role': 'admin'});

// Validate
final result = jwt.validateToken(token);
if (result.isValue) print('Valid!');

2. Password Hashing (bcrypt - for authentication)

const hasher = PasswordHasher();

// Registration
final hash = hasher.hash('user-password').asValue!.value;
// Save to DB

// Login
final valid = hasher.verify('user-password', hash).asValue!.value;

3. Field Encryption (AES + HMAC - searchable & reversible)

final encryptor = FieldEncryptor(
  dbSecretKey: 'base64-encoded-32-byte-key',
  salt: 'unique-salt-16ch',
);

// Encrypt
final encrypted = encryptor.encrypt('user@example.com').asValue!.value;

// Decrypt
final decrypted = encryptor.decrypt(encrypted).asValue!.value;

4. Deterministic Hashing (HMAC - for DB lookups)

final hasher = DeterministicHasher(
  secretKey: 'secret-key-32-characters-long!',
  salt: 'email-salt-16ch',
);

// Hash for privacy + searchability
final emailHash = hasher.hash('user@example.com').asValue!.value;
// Store emailHash in DB index - same input = same hash

5. Email Masking

final masked = EmailUtils.mask('john.doe@example.com');
// Returns: "jo***@example.com"

When to Use What?

Use Case Tool Why
User login/passwords PasswordHasher Non-deterministic (secure)
Search by email/phone DeterministicHasher Same input = same hash
Encrypt SSN/credit card FieldEncryptor Reversible + searchable
API authentication JwtHandler Stateless tokens

Security Requirements

⚠️ Required in production:

  1. Key Lengths: secretKey ≥32 chars, salt ≥16 chars
  2. Environment Variables: Never hardcode secrets
final config = Config(
  secretKey: Platform.environment['JWT_SECRET']!,
  dbSecretKey: Platform.environment['DB_SECRET']!,
  devAuthToken: Platform.environment['DEV_TOKEN'] ?? '',
  isProd: Platform.environment['ENV'] == 'production',
);
  1. Rate Limiting: Implement at app level (5 password attempts/min, 100 JWT validations/min)

Documentation

dart run example/main.dart

License

MIT License - see LICENSE for details.

About

Secure cryptographic utilities for Dart JWT authentication, field encryption, password hashing, and deterministic hashing.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages