AES-256-GCM about steel_crypt HOT 3 CLOSED

It does, yeah. The AES offered by steel_crypt is AES-256.

You can use the AesCrypt class: https://pub.dev/documentation/steel_crypt/latest/steel_crypt/AesCrypt-class.html
Or the AesCryptRaw class: https://pub.dev/documentation/steel_crypt/latest/steel_crypt/AesCryptRaw-class.html

They both have a property gcm which can be used to access a GCM encryptor based on the key you provided.

from steel_crypt.

How do i pass my own password?
For example:
String password = "password123";
String encryptedString = aes.gcm.encrypt(inp: 'words', password: password);

from steel_crypt.

you'll need to hash the password (look into PassCrypt: https://pub.dev/documentation/steel_crypt/latest/steel_crypt/PassCrypt-class.html). The resultant 32 byte key is secure and usable for AES.

The outline of the code looks like this:

hash password -> get key
make aes encryptor using key + padding
then:
aes.gcm.encrypt(inp: 'words', iv: 'base64ivhere');
store(encrypted + iv); //where + is append

To decrypt, it's a similar process: hash the password to get the key, separate the iv from the encrypted text, and pass in the text and iv to the decrypt method.

You will have to find a way to salt the password; usually that's some device specific identifier that remains constant.

If you don't understand any of this process, go read up on cryptographic algorithms. Specifically: read up on password hashing and AES-GCM, and effective usage of them in production. You NEED IVs that are unique, and you NEED salts which are consistent and unique to a given user.

from steel_crypt.