Flutter bindings for libsodium
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.

README.md

flutter_sodium

With flutter_sodium you get access to the modern, easy-to-use libsodium crypto library in your Flutter apps. One set of crypto APIs supporting both Android and iOS.

Pub

Getting Started

In your flutter project add the dependency:

dependencies:
  ...
  flutter_sodium: any

Important: For iOS you'll need to manually update the Podfile in your ios project.

Usage example

import 'package:flutter_sodium/flutter_sodium.dart';

// Password hashing (using Argon)
final password = 'my password';
final str = await PasswordHash.hashStorage(password);

print(str);

// verify hash str
final valid = await PasswordHash.verifyStorage(str, password);

assert(valid);

This project includes an extensive example app with runnable code samples. Be sure to check it out!

API coverage

The flutter_sodium plugin implements the following libsodium APIs *):

  • crypto_aead
  • crypto_auth
  • crypto_box
  • crypto_generichash
  • crypto_kdf
  • crypto_kx
  • crypto_onetimeauth
  • crypto_pwhash
  • crypto_scalarmult
  • crypto_secretbox
  • crypto_shorthash
  • crypto_sign
  • randombytes
  • sodium_version

*) Some APIs are not available on Android. See this issue for details.

Dart APIs

The plugin includes a core API that maps native libsodium functions 1:1 to Dart equivalents. The core API is available in the class Sodium. Dart naming conventions are used for core API function names. A native libsodium function such as crypto_pwhash_str, is available in flutter as Sodium.cryptoPwhashStr.

Also included in flutter_sodium is a high-level, opinionated API providing access to libsodium in a Dart friendly manner. The various functions are available in separate Dart classes. Password hashing for example is available in the PasswordHash class. The high-level API depends on the core API to get things done.

Threading

The flutter_sodium APIs can be executed on the UI thread, or on a background thread. Most crypto tasks can safely run on the UI thread, some tasks take considerable time to execute (most notable crypto_pwhash_* ), and will run on a background thread by default. All methods of the core API includes an optional useBackgroundThread argument to switch from UI to background thread or vice versa. Background execution is implemented using AsyncTask in Android, and DispatchQueue in iOS.

Please note that the entire API is asynchronous. Even when a crypto task is executed on the UI thread, the method returns an async Future which needs to be awaited.

Current issues

  • Some APIs are not available on Android. An issue has been created with the complete list.
  • Using flutter_sodium in iOS doesn't work right out of the box. Manual installation steps are required.
  • Since Flutter does not support native binaries, a platform channel is established to enable native function invocation. One side effect of this approach is that the entire flutter_sodium API is asynchronous. This is great for potential long-running operations such as Argon password hashing, but does not make much sense for other short-running functions.