flutter_security_provider

A comprehensive Flutter package for secure data handling, providing AES encryption (GCM and CBC modes), key generation, HMAC-based authentication, and cryptographic utilities.

Features

  • AES-GCM Encryption: Encrypt and decrypt JSON data using AES-GCM (Galois/Counter Mode) with authenticated encryption
  • AES-CBC Encryption: Encrypt and decrypt JSON data using AES-CBC (Cipher Block Chaining) mode
  • Key Generation: Generate secure encryption keys using SHA-256 hashing and substitution cipher techniques
  • Time-based HMAC: Create time-based HMAC signatures for API authentication and request validation
  • Login Security: Generate secure login tokens with time-slot based password mixing
  • Cryptographic Utilities: Generate secure random IVs and handle cryptographic operations

Installation

Add this to your package's pubspec.yaml file:

dependencies:
  flutter_security_provider: ^1.0.0

Then run:

flutter pub get

Usage

Import the package:

import 'package:flutter_security_provider/flutter_security_provider.dart';

Or import specific modules:

import 'package:flutter_security_provider/encriptar_modelo_gcm.dart';
import 'package:flutter_security_provider/encriptar_modelo_cbc.dart';
// etc...

AES-GCM Encryption

import 'package:flutter_security_provider/flutter_security_provider.dart';

// Create an encryptor with a 32-character key
final encryptor = JsonAesGcmEncryptor(
  stringKey: 'your-32-character-secret-key!!'
);

// Encrypt JSON data
final jsonData = {'username': 'john', 'password': 'secret123'};
final encrypted = encryptor.encryptJson(jsonData);
print('Encrypted: $encrypted');

// Decrypt data
final decrypted = encryptor.decryptJson(encrypted);
print('Decrypted: $decrypted');

// Use alternative key for specific operations
final encryptedAlt = encryptor.encryptJson(
  jsonData,
  'another-32-character-secret-!!'
);

AES-CBC Encryption

import 'package:flutter_security_provider/flutter_security_provider.dart';

// Create encryptor with 16, 24, or 32 byte key
final encryptor = JsonAesCbcEncryptor(
  stringKey: '16-byte-key-here'
);

// Encrypt and decrypt JSON
final encrypted = encryptor.encryptJson({'data': 'sensitive'});
final decrypted = encryptor.decryptJson(encrypted);

Key Generation

import 'package:flutter_security_provider/flutter_security_provider.dart';

// Generate obfuscated key using substitution cipher
final obfuscatedKey = GeneradorClave.cifrarConSustitucion('myPassword123');

// Generate 16-byte hash from string
final keyBytes = GeneradorClave.hashTo16Bytes('mySecretKey');

Time-based HMAC for API Security

import 'package:flutter_security_provider/flutter_security_provider.dart';

// Create time-based HMAC signature
final hmac = UtilFlutterSecurityProvider.createTimeBasedHMAC(
  body: {'userId': 123, 'action': 'update'},
  key: 'your-hmac-secret-key',
  timeToSync: '0',           // Time offset in milliseconds
  validityInSeconds: '3600'  // HMAC validity window (1 hour)
);

print('HMAC: $hmac');

Login Token Generation

import 'package:flutter_security_provider/flutter_security_provider.dart';

// Calculate current time slot
final timeSlot = DateTime.now().millisecondsSinceEpoch ~/ 1000;

// Mix password with time slot for added security
final mixedPassword = GeneradorLoginPost.mezclarPalabra(
  'userPassword',
  timeSlot
);

// Generate SHA-256 hash
final hashedToken = GeneradorLoginPost.calcularHashSha256(mixedPassword);

Generate Random IV

import 'package:flutter_security_provider/flutter_security_provider.dart';

// Generate 16-byte IV for AES encryption
final iv = UtilFlutterSecurityProvider.generateRandomIV(16);

Security Considerations

  • Key Length: Use appropriate key lengths:
    • AES-GCM: 32 bytes (256-bit)
    • AES-CBC: 16, 24, or 32 bytes (128, 192, or 256-bit)
  • Key Storage: Never hardcode keys in your app. Use secure storage solutions like flutter_secure_storage
  • IV Generation: IVs are automatically generated using secure random generation
  • HMAC Validation: Implement server-side HMAC validation with matching time windows
  • Time Synchronization: Ensure device time is synchronized for time-based operations

Dependencies

This package relies on:

  • pointycastle: ^4.0.0 - Dart implementation of cryptographic algorithms
  • crypto: ^3.0.6 - Cryptographic hashing functions
  • flutter_models_provider: ^1.0.2 - Model handling utilities

Example

See the example directory for a complete sample application demonstrating all features.

Additional Information

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

Issues

Found a bug or have a feature request? Please file an issue at: https://github.com/RobleSistemas/flutter_security_provider/issues

License

This project is licensed under the MIT License - see the LICENSE file for details.

Authors

Developed and maintained by RobleSistemas.

Libraries

encriptar_modelo_cbc
encriptar_modelo_gcm
flutter_security_provider
Flutter Security Provider
generador_clave
generador_login_post
util