How does one use AES-GCM? #25
Comments
|
It's probably terrible way of doing it, but I've copied the XChaCha20 wrappers, renamed them accordingly and it just started to work. It's just amazing. Very experimental and not tested. Example code: test('libsodium', () async {
final libsodium = DynamicLibrary.open('/usr/lib/x86_64-linux-gnu/libsodium.so'); // dpkg -L libsodium-dev | grep "\.so"
final sodium = await SodiumInit.init(libsodium);
// final SecureKey key = sodium.crypto.secretBox.keygen();
final base64MasterKey = "+Hv/rT8HPG+Qmk3zhV2NDA==";
final encryptedKey = "8IK5l6NGSudK/b57goLjZ6ePvfHj+w29D7rle8ShLCLdl0Yy5irmtw==";
final cipherText = "CEs+CRiGBN/P9fANcqmHx4lnRd6wyj5ps2DoDDus9G7Cv+3FHqIy";
final iv = "T4jMtxyX/+s60T3r";
final unwrappedKey = AesKwRfc3394.unwrap(encryptedKey, base64MasterKey);
final secureKey = SecureKey.fromList(sodium, Uint8List.fromList(unwrappedKey));
final decryptedOutputBinary = sodium.crypto.aeadAes256Gcm.decrypt(cipherText: base64Decode(cipherText), nonce: base64Decode(iv), key: secureKey);
final decryptedOutput = utf8.decode(decryptedOutputBinary);
final expectedOutput = "encrypted_test_contents";
assert(decryptedOutput == expectedOutput);
}); |
|
Generally speaking: Yes, use the FFI-API directly is the way to go. You also do not have to extend the library for that. You can directly instanciate a However, I have been planning on adding the AES APIs for quite a while now. So maybe, If you create a PR, I can check if the code is OK and add the missing JS implementation. |
|
I will be playing with Dart libsodium and AES-GCM over the next few days, so I will validate if things work OK. I will then create PR. |
|
I am trying to use stock: however when trying to run my unit test, I am getting pretty long list of errors, some of them related to == |
|
Right, so it's not that easy. It seems that: |
|
Oh okay, that is a problem. Maybe you should open an issue over there to see if they can enable it? I guess they leave it out by default for size optimizations. |
|
And regarding the freezed files: Yes, that is correct. The generated files are not checked in on purpose, thus the package is not usabled directly from git. Creating a seperate branch is fine. The other option would have been to check it out locally, generate the files and then add it as path dependency. |
|
I didn't have time to investigate the issue exactly however it seems that actually both: Not an issue report really, but just a comment if someone would like to rely on this. |
|
This might have to do with how the native binaries are compiled. Generally, libsodium only includes AES for compatibility reasons, but does not "actively" support it. So I guess you are probably better off using a different library for that usecase anyways... |
FYI: The 2.1.0 release of sodium_libs now does not depend on |
|
That's really great to hear. Is it possible by any chance that this change also resolves the: "A low-level libsodium operation has failed" for AES on a real Android device? |
|
No, I don't think so - the android build hasn't really changed. However, there problem there is not missing symbols, but some low level error. I already compile with all options enabled for android and use the official build scripts, so I don't think the issue is with the flutter bindings, but the C-library itself. You should open an issue at https://github.com/jedisct1/libsodium, maybe there you can find help with that problem. |
I've just realized that this package doesn't have API bindings to AES-GCM.
I've noticed relevant functions inside of:
bindings/libsodium.ffi.dart, e.g.crypto_aead_aes256gcm_encryptIs there any shortcut I could perhaps use with FFI directly to call relevant
libsodiumfunctions and get the AES-GCM decrypt/encrypt? I need to say that I didn't have chance to work with FFI directly, but it seems now it is the moment.Any hints are very much appreciated.
The text was updated successfully, but these errors were encountered: