dint-dev / cryptography Goto Github PK

final cipher = CipherWithAppendedMac(aesCtr, Hmac(sha256));
final secretKey = SecretKey.randomBytes(16);
final nonce = Nonce.randomBytes(12);

From version 2 I can't find a way to extract the bytes from the public and private keys generated with Keypair:

KeyPair keyPair = await X25519().newKeyPair();

In v1.4.1 I was using:

keyPair.privateKey.extractSync()
keyPair.publicKey.bytes

But now in v2:

• PublicKey has no longer the getter .bytes

• Private key is no longer extractable(?). There is the method extract() that returns KeyPairData, but the documentation is not clear on what is that class and how to retrieve the data.

I have a question; this package is exporting

https://github.com/terrier989/curve25519/blob/4ffc83fc27c52106a1cb8be650e16d3a8383d6cf/lib/src/key.dart#L37

but i guess there is no real need for exactly this name?

Using other packages, like https://pub.dev/packages/encrypt, where it makes much sense in user code, has a naming conflict, so we have to import as or hide Key.

As i didn't touch Key in the code itself, like in your example

import 'package:curve25519/curve25519.dart';

void main() async {
  // Let's generate two asymmetric keypair.
  final keypair1 = await X25519().generateKeyPair();
  final keypair2 = await X25519().generateKeyPair();

  // We can now calculate a shared secret using the (sender's) private key and
  // the (recipient's) public key.
  var sharedSecret = await X25519().calculateSharedSecret(
    keypair1.secretKey,
    keypair2.publicKey,
  );
  print("#1 -> #2: ${sharedSecret.toHex()}");

  sharedSecret = await X25519().calculateSharedSecret(
    keypair2.secretKey,
    keypair1.publicKey,
  );
  print("#2 -> #1: ${sharedSecret.toHex()}"); // Same as #1 --> #2
}

do you feel ok to rename it to avoid this conflict? Like X25519Key for example?

Again, thank you very much!

I'm currently using the null-unsafe version, CBC with a nonce length of 16. This is required due to an external implementation.

We're trying to update the codebase to sound null safety but the blocker is being able to set the nonce length here - I can't seem to see any way of doing so, and there doesn't appear to be a constructor arg to do it either?

As i know following paddings are applicable. Currently i am getting some padding data when i decrypt at server level. How do i pass zero or none padding ?

'PKCS7'
'ISO7816-4';
'None'

Hi,
I have third party code based to 1.4.1 and I want to move it to 2.0.1.
Can you help in the migration please.
Thanks!

I attach the file to migrate in the 1.4.1 version (is dart renamed to txt to allow upload).
security1.txt

`

`

Hi,

I use chacha20 with previous version. My flutter app juste decrypt data, data is encrypted by external cipher. When I migrated to new version I have this error SecretBox has wrong message authentication code (MAC).

When I change in my code this line of code

UIntList data = ...
final box = SecretBox.fromConcatenation(data, nonceLength: 12, macLength: 16);

By this one

  final box = SecretBox(
      data.sublist(12, data.length-16),
      nonce: data.sublist(0, 12),
      mac: Mac(data.sublist(data.length-16))
  );

It works great again.

I found this line in SecretBox.fromConcatenate source code:

It seem that ciphertext take also the nonce. Is it correct ? Or we should remove nonce from ciphertext, with data.offsetInBytes + nonceLength.

The crypto key cache here breaks silently when compiled with dart2js.

Not sure on what to do here... I've temporarily removed the cache for myself.

To reproduce try encrypting some data using AES twice using the same key in a script compiled with dart2js.

I got the next error when trying to use code from the example in chrome browser:
Cannot find native JavaScript type (crypto.CryptoKey) for type check
Error: Expected a value of type 'FutureOr<JSObject<crypto.CryptoKey>>?', but got one of type 'CryptoKey'

Code sample, platform web
`import 'dart:convert';

import 'package:cryptography/cryptography.dart';

Future main() async {
// Choose the cipher
final cipher = CipherWithAppendedMac(aesCtr, Hmac(sha256));

// Choose some 256-bit secret key
final secretKey = SecretKey.randomBytes(16);

// Choose some unique (non-secret) nonce (max 16 bytes).
// The same (secretKey, nonce) combination should not be used twice!
final nonce = Nonce.randomBytes(12);

// Our message
final message = utf8.encode('encrypted message');

// Encrypt
final encrypted = await cipher.encrypt(
message,
secretKey: secretKey,
nonce: nonce,
);

print('Encrypted: $encrypted');

// Decrypt
final decrypted = await cipher.decrypt(
encrypted,
secretKey: secretKey,
nonce: nonce,
);

print('Decrypted: $decrypted');
}`

flutter doctor
Doctor summary (to see all details, run flutter doctor -v):
[√] Flutter (Channel master, 1.21.0-6.0.pre.91, on Microsoft Windows [Version 10.0.17763.1282], locale uk-UA)

[√] Android toolchain - develop for Android devices (Android SDK version 29.0.3)
[√] Chrome - develop for the web
[√] Visual Studio - develop for Windows (Visual Studio Community 2019 16.6.2)
[√] Android Studio (version 3.6)
[√] Connected device (3 available)

• No issues found!

The sample code at: https://pub.dev/documentation/cryptography/latest/cryptography/blake2s-constant.html, looks incomplete as are the rest of the hash functions. Is there more code I can look at?

Or a simple example that takes an arbitrary string and returns the hash of the string? If you provide the example, I can contribute to the documentation. Many thanks for your time!

The documentation only describes creating a fresh keypair and extracting the public key.

Is the way to utilise a separate public key from another language?

SimplePublicKey pubkey = SimplePublicKey(pkbytes, type: KeyPairType.ed25519):

Should this be added to the examples/documentation?

I get this error when running the example

final localKeyPair = await x25519.newKeyPair();
final remoteKeyPair = await x5519.newKeyPair();

var sharedSecret = await x25519.sharedSecret(
localPrivateKey: localKeyPair.privateKey,
remotePublicKey: remoteKeyPair.publicKey,
);

Unhandled exception:
UnimplementedError
#0 _EcdhNist.newKeyPairSync (package:cryptography/src/cryptography/algorithms/ec_dh_impl.dart:168:5)
#1 KeyExchangeAlgorithm.newKeyPair1(package:cryptography/src/cryptography/key_exchange_algorithm.dart:59:57)

I'm trying to use X25519 generated keys in a system that encrypts data, this data will afterwards be decrypted on a web application.
I have an issue with a newline in the public key that is generated, if I remove it the decryption flow works as intended.
Sample generated key 87eed04189ee79daab010a1132002edd\n0280c2eab187d981dd693f269b69fe4d
Is this intended, accidental or am I missing something?

Ok, this is weird and I'm not sure why this happens but when I put --release to webserve which probably uses dart2js, I'm getting the following error when I use newKeyPair. The problem is that subtle object is not retrievable in the cryptography code.
There is not such error when I leave out --release.
I was able to get window.crypto and window.crypto.subtle and window.isSecureContext is true so the object definitely exists. Not sure whether it's a fluke on the JS side or not. At first I thought maybe because I'm not using certificates when in development that secure context is false but I was able to verify when running ddc, isSecureContext is still true regardless of whether running in --release or not.

stacktrace.dart:67 EXCEPTION: NoSuchMethodError: method not found: 'get$subtle' (J.getInterceptor$x(...).get$subtle is not a function)
STACKTRACE: 
TypeError: J.getInterceptor$x(...).get$subtle is not a function
    at Object.get$subtle$x (http://localhost:9000/main.dart.js:3729:43)
    at RsaPss.get$_webCryptoImplementation (http://localhost:9000/main.dart.js:33522:13)
    at RsaPss.newKeyPair$0 (http://localhost:9000/main.dart.js:33530:42)
    at http://localhost:9000/main.dart.js:37554:69
    at _wrapJsFunctionForAsync_closure.$protected (http://localhost:9000/main.dart.js:4035:15)
    at _wrapJsFunctionForAsync_closure.call$2 (http://localhost:9000/main.dart.js:16812:12)
    at Object._asyncStartSync (http://localhost:9000/main.dart.js:3999:20)
    at WebTrapdoor.genKeyPair$0 (http://localhost:9000/main.dart.js:37568:16)
    at http://localhost:9000/main.dart.js:37272:74
    at _wrapJsFunctionForAsync_closure.$protected (http://localhost:9000/main.dart.js:4035:15)

Hello, I just want to ask something important.
Can this package be used to encrypt and decrypt audio files from Firebase Storage?

pointycastle Moved into the Bouncy Castle project https://github.com/bcgit/pc-dart

I just see there is AES-GCM, cannot find AES-CCM.

In version 2.0.0-nullsafety.2 of cryptography, the Dart implementation of HKDF requires a non-empty nonce which differs from the web crypto implementation and past versions of the package.

Providing Uint8List(0) as a nonce like below throws an error.

  final keyByteLength = 256 ~/ 8;
  final kdf = Hkdf(hmac: Hmac(Sha256()), outputLength: keyByteLength);
  
  final derivedKey = await kdf.deriveKey(
    secretKey: secretKey,
    info: utf8.encode('some info'),
    nonce: Uint8List(0),
  );

My use case for this is to deterministically generate a key from a user-provided key without any additional inputs.

Really appreciate the efforts behind such an amazing package. It seems really fast in encrypting and decrypting large files. However, I think I'm missing something as I couldn't open the decrypted file, in my case it's a video.
This is my code:

void encryptFile(String keyString, String ivString, String fileName) async {
  final sourceDir =
      'xxx/xxxx/xxxx';
  final sourceFile = File('$sourceDir/source/xxxxx.mp4');
  final targetDir = File('$sourceDir/encrypted');
  await targetDir.delete(recursive: true);
  final encryptedFile = File('$sourceDir/encrypted/$fileName');

  final sourceFileExists = await sourceFile.exists();
  if (!sourceFileExists) {
    stderr.writeln('Could not find file at path: $sourceFile');
  }

  final encryptedFileExists = await encryptedFile.exists();
  if (!encryptedFileExists) {
    print('Creating new encrypted file');
    await encryptedFile.create(recursive: true);
    print('Created new encrypted file');
  }

  final start = DateTime.now();
  print('Started Encryption');

  final sourceFileContent = await sourceFile.readAsString(encoding: latin1);

  const cipher = CipherWithAppendedMac(aesCbc, Hmac(sha256));
  final secretKey = SecretKey(base64Decode(keyString));
  final iv = Nonce(base64Decode(ivString));

  final encrypted = await cipher.encrypt(
    utf8.encode(sourceFileContent),
    secretKey: secretKey,
    nonce: iv,
  );

  await encryptedFile.writeAsBytes(encrypted);

  final end = DateTime.now();
  final duration = end.difference(start);

  print('Completed Encryption');
  print('Duration: ${duration.inSeconds} sec');
}

void decryptFile(String keyString, String ivString, String fileName) async {
  final sourceDir =
      'xxx/xxx/xxxx';
  final targetDir = File('$sourceDir/decrypted');
  await targetDir.delete(recursive: true);

  final sourceFilePath = '$sourceDir/encrypted/$fileName';
  final encryptedFile = File(sourceFilePath);
  final encryptedFileExists = await encryptedFile.exists();
  if (!encryptedFileExists) {
    stderr.writeln('Could not find file at path: $sourceFilePath');
  }

  final decryptedFile = File('$sourceDir/decrypted/video.mp4');
  final decryptedFileExists = await decryptedFile.exists();
  if (!decryptedFileExists) {
    print('Creating new decrypted file');
    await decryptedFile.create(recursive: true);
    print('Created new decrypted file');
  }

  final start = DateTime.now();
  print('Started Decryption');

  final encryptedContent = await encryptedFile.readAsBytes();
  const cipher = CipherWithAppendedMac(aesCbc, Hmac(sha256));
  final secretKey = SecretKey(base64Decode(keyString));
  final iv = Nonce(base64Decode(ivString));
  final decrypted =
      await cipher.decrypt(encryptedContent, secretKey: secretKey, nonce: iv);

  await decryptedFile.writeAsBytes(decrypted);

  final end = DateTime.now();
  final duration = end.difference(start);

  print('Completed Decryption');
  print('Duration: ${duration.inSeconds} sec');
}

This creates both an encrypted and decrypted file, but something has went wrong and the decrypted file is not correct.

Please let me know what I'm missing here.

Thanks,

Thank you very much for this.

I am figuring out a way to build flutter apps and safe messaging in all kinds of communication. So, i am looking for DH Key exchange.

Can i start to use this package to handle the key exchange?

First of all, thank for this library. I have been struggling with PointyCastle and anything based on it, as it seems to have an issue with AES encryption/decryption of bigger files, performance was appalling. This library has been really fast in my tests, and I verified the data against samples fro other library (a C++ based oldie) and it is correct. Kudos to you.

I currently need to support both AES and RSA, and it means I would need to integrate this library and another one for RSA. Are you guys planning on adding RSA support at some point?

I wanna convert the Convert the Curve25519 public key into an Ed25519 public key, hope export more function for FeFromBytes FeOne..

	publicKey[31] &= 0x7F

	/* Convert the Curve25519 public key into an Ed25519 public key.  In
	particular, convert Curve25519's "montgomery" x-coordinate into an
	Ed25519 "edwards" y-coordinate:

	ed_y = (mont_x - 1) / (mont_x + 1)

	NOTE: mont_x=-1 is converted to ed_y=0 since fe_invert is mod-exp

	Then move the sign bit into the pubkey from the signature.
	*/

	var edY, one, montX, montXMinusOne, montXPlusOne edwards25519.FieldElement
	edwards25519.FeFromBytes(&montX, &publicKey)
	edwards25519.FeOne(&one)
	edwards25519.FeSub(&montXMinusOne, &montX, &one)
	edwards25519.FeAdd(&montXPlusOne, &montX, &one)
	edwards25519.FeInvert(&montXPlusOne, &montXPlusOne)
	edwards25519.FeMul(&edY, &montXMinusOne, &montXPlusOne)

	var A_ed [32]byte
	edwards25519.FeToBytes(&A_ed, &edY)

	A_ed[31] |= signature[63] & 0x80
	signature[63] &= 0x7F

	return ed25519.Verify(&A_ed, message, signature)

I would like to complain about this migration. It is a mess!

No documentation and all the code built on this library needs to be recoded since the deprecation of many methods!

But we are forced to migrate since the incompatibility with many other libraries that the 1.4.1 depends on.

https://libsodium.gitbook.io/doc/advanced/ed25519-curve25519

final pbkdf2 = Pbkdf2(
  macAlgorithm: Hmac(sha256),
  iterations: 100000,
  bits: 128,
);

final nonce = Nonce(base64Decode('EQsBDQcMBQEWBAsaFBkUEQ=='));
print(nonce);
final hashBytes = await pbkdf2.deriveBits(
  utf8.encode('Lorem ipsum dolor sit amet, consetetur...'),
  nonce: nonce,
);
print('Hash: $hashBytes');

String result = utf8.decode(hashBytes); <----- **HOW DO I CONVERT THIS TO STRING? NEED A STRING FORMAT.**
print(result);

i got an error when i tried to use utf8.decode to decode the hashBytes.
any other way to convert to string? or this a bug? please help. thanks

Results:

flutter: Nonce(['17, 11, 1, 13, 7, 12, 5, 1, 22, 4, 11, 26, 20, 25, 20, 17'])
flutter: Hash: [35, 222, 169, 18, 135, 61, 210, 235, 7, 169, 94, 202, 113, 77, 103, 77]
[VERBOSE-2:ui_dart_state.cc(166)] Unhandled Exception: FormatException: Unexpected extension byte (at offset 4)

Like DartX25519 support newKeyPair synchronously.

Hello,
I am using ECDHP521 https://pub.dev/documentation/cryptography/latest/cryptography/ecdhP521-constant.html

When trying
final localKeyPair = ecdhP521.newKeyPairSync(); or final localKeyPair = await ecdhP521.newKeyPair();

I got the error

ERROR:flutter/lib/ui/ui_dart_state.cc(171)] Unhandled Exception: UnimplementedError

Can you help?
Thanks

I just spent two hours pulling my hair out trying to understand why my aes gcm decryption wasn't working and it was due to the docs for decrypt which call the encrypt function
https://pub.dev/documentation/cryptography/latest/cryptography/aesGcm-constant.html

Hello, it seems like you've got 2 issues in the docs for x25519.
1.) in the line
final remoteKeyPair = await x5519.newKeyPair();
you put x5519 instead of x25519.
2.) in the line
print('Shared secret: ${secretKey.bytes}');
there's no such thing as bytes.

Am I doing something wrong or are the docs work in progress?

I'm upgrading our app from 1.4.1 to 2.0.0-nullsafety.2. Before the update, I didn't need a MAC for aes gcm decrypt. However, after the update, it seems as if one is required.

The docs simply encrypt and decrypt the same data so you can use the secret box you get after the encryption step which will use the internal mac algorithm.

I can't use the encrypt function to get the secret box because we only get the nonce and cipher text over the wire.

I can't use the SecretBox constructor because it requires a mac, which I don't have.

I can't use SecretBox.fromConcatenation because it requires a mac length, which I don't have and 0 fails this check.

Is this a bug in 2.0 or am I doing something wrong here?

First of all. Big thank you for creating this library. I went from a 3 minute keygen that uses pointycastle to under a minute so that's a huge improvement. I was in the middle of implementing my own wrapper when I saw this library so thank you!
Is there any reason to not use the subtle.generateKey for AES? If there is no reason I can do a pull request but just wondering whether I'm missing something.

Thank you

dart code

final cipher = xchacha20Poly1305Aead;
final encrypted = cipher.encryptSync(
  bytes,
  secretKey: SecretKey.randomBytes(cipher.secretKeyLength),
  nonce: Nonce.randomBytes(cipher.nonceLength),
);

Exception

[ERROR:flutter/lib/ui/ui_dart_state.cc(166)] Unhandled Exception: Invalid argument(s):
 Nonce length is invalid: 24
#0      checkCipherParameters (package:cryptography/src/utils/parameters.dart:37:7)
#1      ChaCha.encryptSync (package:cryptography/src/algorithms/chacha20_impl.dart:297:5)
#2      poly1305SecretKeyFromChacha20 (package:cryptography/src/algorithms/poly1305.dart:31:31)
#3      Chacha20Poly1305Aead.calculateMacSync (package:cryptography/src/algorithms/chacha20_poly1305_aead.dart:125:34)
#4      Chacha20Poly1305Aead.encryptSync (package:cryptography/src/algorithms/chacha20_poly1305_aead.dart:303:17)
#5      _EncryptCodec.encode (package:app/states/base.dart:86:16)
#6      getCodecEncodedSignature (package:sembast/src/sembast_codec_impl.dart:40:25)
#7      SembastDatabase.open.<anonymous closure>._openDone (package:sembast/src/database_impl.dart:644:31)
#8      SembastDatabase.open.<anonymous closure> (package:sembast/src/database_impl.dart:822:27)

Whats the problem?

In my current project we need to store the Nonce and the SecretKey of AES-GCM permanently.
We use a Secure Key Vault for this.
The problem it only can handle Strings. So I extracted the Key in an Uint8List, and then casted the List to an Hex String and stored it.
But I can't do it in the other direction.
I'm unable to cast the Uint8List back into the SecretKey or the Nonce.
Pls add an Method for this

on doc is a 2 missing. like so:
final remoteKeyPair = await x25519.newKeyPair();

I just copy pasted the example and I got the error when trying to call "sign":
Unhandled Exception: NoSuchMethodError: The getter 'name' was called on null.
Object.noSuchMethod (dart:core-patch/object_patch.dart:53:5)
_PluginKeyDocument.sign. (package:kms_flutter/src/plugin_kms.dart:205:31)
Iterable.singleWhere (dart:core/iterable.dart:618:15)
_PluginKeyDocument.sign (package:kms_flutter/src/plugin_kms.dart:205:10)

From my understanding in "defaultSignatureImplementations" there's a null. I tried to print the content and there's an instance of
'_Ed25519' and a 'null'. You can see this even in the sources that it's a map with two value. The last is null. So the sign method just throw exception while accessing the null.
Sure, at "plugin_kms.dart:205" the "singleWhere" should just find the algorithm Ed25519 and stop before analysing the null ... I don't know why (and this is another issue) but still having that null in "defaultSignatureImplementations" is bad (or at least it should be managed).
Any idea? Why is it not working?
(tried on emulator and real Android device with Oreo)

It takes around 4 min to decrypt a video file of ~70MB on an android device. Not sure if I'm doing it wrong, any help is much appreciated.
This is my code:

const cipher = chacha20Poly1305Aead;
final secretKey = SecretKey(base64Decode(decryptKey));
final iv = Nonce(base64Decode(decryptIV));
final decrypted = await cipher.decrypt(encryptedContent, secretKey: secretKey, nonce: iv);
await decryptedFile.writeAsBytes(decrypted);

Hi,

its not clear for me if this is only the encryption ChaCha20 or it has the authentication with poly1305 included as given in https://tools.ietf.org/html/rfc7539.

Thank you for your answer.

Edit: Since the test generates 3 bytes from 3 bytes I assume that poly1305 is not part of this algorithm? Any chance you will implement the ChaCha20-poly1305 ? :)

I implemented the Pbkdf2 key derivation function in my code, but its execution is taking way too long. I followed the documentation and came up with:

final pbkdf2 = Pbkdf2(
    macAlgorithm: Hmac.sha256(),
    iterations: 100000,
    bits: 128,
);

final newSecretKey = await pbkdf2.deriveKey(
    secretKey: secretKey,
    nonce: nonce,
);

final newSecretKeyBytes = await newSecretKey.extractBytes();

I tested it with a 32 bit nonce on the android emulator and it took about 2 seconds to derive a 5 lettered String. Did the same thing in Python with exactly the same Algorithm, iterations etc. and this took only 0.2 seconds, which is actually average for the calculation of Pbkdf2. I also tested Hkdf on the emulator which was quite fast, but i have no information on how it works and how it compares to Pbkdf2, so i cant judge about that result.

I get this error when I try to encode a file.

TypeError: Failed to execute 'encrypt' on 'SubtleCrypto': The provided value is not of type '(ArrayBuffer or ArrayBufferView)' at aes_gcm.BrowserAesGcm.new.encrypt (http://localhost:52535/packages/cryptography/src/cryptography/simple_public_key.dart.lib.js:3733:106) at encrypt.next (<anonymous>) at http://localhost:52535/dart_sdk.js:38007:33 at _RootZone.runUnary (http://localhost:52535/dart_sdk.js:37861:58) at _FutureListener.thenAwait.handleValue (http://localhost:52535/dart_sdk.js:32822:29) at handleValueCallback (http://localhost:52535/dart_sdk.js:33370:49) at Function._propagateToListeners (http://localhost:52535/dart_sdk.js:33408:17) at _Future.new.[_completeWithValue] (http://localhost:52535/dart_sdk.js:33250:23) at async._AsyncCallbackEntry.new.callback (http://localhost:52535/dart_sdk.js:33273:35) at Object._microtaskLoop (http://localhost:52535/dart_sdk.js:38122:13) at _startMicrotaskLoop (http://localhost:52535/dart_sdk.js:38128:13) at http://localhost:52535/dart_sdk.js:33625:9

SecretBox is created with the incorrect value of cipherText, when it is created from concatenated list. Issue is present in line 153 of secret_box.dart, where the cipherText offset is set to 0, insted of 0 + noonceLenght. Thus created SecretBox has wrong cipherText value and as such is unusable.

There is a typo in the pub.dev documentation.
https://pub.dev/documentation/cryptography/latest/cryptography/Chacha20-class.html

It says the following:

// Decrypt
  final clearText = await algorithm.encrypt(
    secretBox,
    secretKey: secretKey,
  );

Shouldn't it be algorithm.decrypt?
I guess it's not possible to decrypt by encrypting again. :)

Is there a repo for the documentation? I couldn't find it, otherwise i would have made a pull request to fix it.

toString returns "SecretKey(...)" instead of a String representation of its bytes. But I need a string representation in order to save this to secure storage using https://pub.dev/packages/flutter_secure_storage

Why doesn't toString handle this conversion for me? Can you recommend a workaround?

Hi, I don't know crypto very well but I have a client using dart.io.SecureSocket failing to connect to a server using a ED22519 cert. Can this library help with that? Is it possible to plug this library into that API or is there another approach or example of using this to do TLS (I'm wary of coding the TLS handshake myself with RawSocket)?

I'm running AES-GCM across two different platform and libraries. Specifically Arduino/Mbedtls and Dart/cryptography, however implementation of the authentication is different. Mbedtls write the authentication tag to a separate output input for the tag is also separate from the encryption. I think there should be an option for separating the tag in this library as well so that it can be used across multiple platforms.

on [doc]https://pub.dev/documentation/cryptography/latest/cryptography/ecdhP521-constant.html) is the remoteKey not used.
'
final sharedSecretKey = await algorithm.secretKey(
localPrivateKey: localKeyPair.privateKey,
remotePublicKey: localKeyPair.publicKey,
);
'
should be:
'
var sharedSecret = await x25519.sharedSecret(
localPrivateKey: localKeyPair.privateKey,
remotePublicKey: remoteKeyPair.publicKey,
);
'

In kms_flutter 0.1.0:

Because every version of kms_flutter depends on cryptography ^0.3.5 and kms 0.4.1 depends on cryptography ^1.0.0, kms_flutter is incompatible with kms 0.4.1.

And because no versions of kms match >0.4.1 <0.5.0, kms_flutter is incompatible with kms ^0.4.1.

So, because bottlepay depends on both kms ^0.4.1 and kms_flutter ^0.1.0, version solving failed.
pub get failed (1; So, because bottlepay depends on both kms ^0.4.1 and kms_flutter ^0.1.0, version solving failed.)

Bumping to kms_flutter 0.1.1 to match the pubspec here on git doesn't work because it's not uploaded to pub:

Because bottlepay depends on kms_flutter ^0.1.1 which doesn't match any versions, version solving failed.
pub get failed (1; Because bottlepay depends on kms_flutter ^0.1.1 which doesn't match any versions, version solving failed.)