seckit 1.0.5 copy "seckit: ^1.0.5" to clipboard
seckit: ^1.0.5 copied to clipboard

Published 3 months ago
SDKDartFlutter
PlatformAndroidiOSLinuxmacOSwebWindows
β†’

Metadata

Secure cryptographic utilities for Dart JWT authentication, field encryption, password hashing, and deterministic hashing.

More...

example/main.dart

// ignore_for_file: avoid_print
import 'dart:convert';

import 'package:seckit/seckit.dart';

/// Complete example demonstrating all seckit features with security best practices.
void main() {
  print('=== Seckit Package Demo ===\n');

  // πŸ”‘ Configuration (use environment variables in production!)
  final config = _createConfig();

  // 1️⃣ JWT Authentication
  _demonstrateJWT(config);

  // 2️⃣ Field Encryption (searchable, HMAC-authenticated)
  _demonstrateFieldEncryption(config);

  // 3️⃣ Password Hashing (bcrypt)
  _demonstratePasswordHashing();

  // 4️⃣ Deterministic Hashing (for database lookups)
  _demonstrateDeterministicHashing(config);

  // 5️⃣ Email Utilities
  _demonstrateEmailUtils();
}

Config _createConfig() {
  // ⚠️ PRODUCTION: Load from environment variables!
  // final secretKey = Platform.environment['JWT_SECRET']!;
  // final dbSecretKey = Platform.environment['DB_SECRET']!;

  final dbKey = base64.encode(List<int>.generate(32, (i) => i % 256));
  return Config(
    secretKey: 'my-super-secret-jwt-key-32chars!',
    dbSecretKey: dbKey,
    devAuthToken: 'dev-token-for-testing-only-123',
    isProd: false, // Set true in production!
  );
}

void _demonstrateJWT(Config config) {
  print('πŸ“ JWT Token Generation & Validation');

  final jwtHandler = JwtHandler(
    secretKey: config.secretKey,
    devAuthToken: config.devAuthToken,
    isProd: config.isProd,
    userIdKey: 'user_id',
  );

  // Generate token with custom claims
  final token = jwtHandler.generateToken(
    claims: {'user_id': 123, 'role': 'admin'},
    maxAge: Duration(hours: 1),
  );
  print('βœ“ Token: ${token.substring(0, 50)}...');

  // Validate token
  final result = jwtHandler.validateToken(token);
  print('βœ“ Valid: ${result.isValue}');

  // Extract user ID
  final userIdResult = jwtHandler.getUserIdFromToken(token);
  if (userIdResult.isValue) {
    print('βœ“ User ID: ${userIdResult.asValue!.value}\n');
  }
}

void _demonstrateFieldEncryption(Config config) {
  print('πŸ”’ Field Encryption (AES-256-CBC + HMAC)');

  final encryptor = FieldEncryptor(
    dbSecretKey: config.dbSecretKey,
    salt: 'prod-salt-16chars',
  );

  // Encrypt sensitive data
  const email = 'user@example.com';
  final encrypted = encryptor.encrypt(email).asValue!.value;
  print('βœ“ Original: $email');
  print('βœ“ Encrypted: ${encrypted.substring(0, 40)}...');

  // Decrypt
  final decrypted = encryptor.decrypt(encrypted).asValue!.value;
  print('βœ“ Decrypted: $decrypted');
  print('βœ“ Match: ${email == decrypted}');
  print('βœ“ HMAC: Authenticated (tampering protected)\n');
}

void _demonstratePasswordHashing() {
  print('πŸ” Password Hashing (bcrypt)');

  const hasher = PasswordHasher();
  const password = 'MySecurePass123!';

  // Hash password
  final hash = hasher.hash(password).asValue!.value;
  print('βœ“ Password: $password');
  print('βœ“ Hash: ${hash.substring(0, 30)}...');

  // Verify correct password
  final valid = hasher.verify(password, hash).asValue!.value;
  print('βœ“ Correct password: $valid');

  // Verify wrong password
  final invalid = hasher.verify('WrongPass', hash).asValue!.value;
  print('βœ“ Wrong password: $invalid\n');
}

void _demonstrateDeterministicHashing(Config config) {
  print('πŸ” Deterministic Hashing (HMAC-SHA256)');

  final hasher = DeterministicHasher(
    secretKey: config.secretKey,
    salt: 'search-salt-16ch',
  );

  // Hash for database search
  const email = 'john.doe@company.com';
  final hash1 = hasher.hash(email).asValue!.value;
  final hash2 = hasher.hash(email).asValue!.value;

  print('βœ“ Email: $email');
  print('βœ“ Hash 1: ${hash1.substring(0, 30)}...');
  print('βœ“ Hash 2: ${hash2.substring(0, 30)}...');
  print('βœ“ Deterministic: ${hash1 == hash2}');

  // Verify hash
  final match = hasher.verify(email, hash1).asValue!.value;
  print('βœ“ Verification: $match\n');
}

void _demonstrateEmailUtils() {
  print('πŸ“§ Email Masking');

  final examples = [
    'john@example.com',
    'a@test.com',
    'long.email.address@company.co.uk',
  ];

  for (final email in examples) {
    final masked = EmailUtils.mask(email);
    print('βœ“ $email β†’ $masked');
  }

  print('\n=== Demo Complete! ===');
  print('πŸ“š See SECURITY.md for best practices');
  print('πŸ”’ All operations use constant-time comparisons');
  print('✨ HMAC authentication prevents tampering');
}

← Metadata

1
likes
160
points
8
downloads

Publisher

unverified uploader

Weekly Downloads

Metadata

Secure cryptographic utilities for Dart JWT authentication, field encryption, password hashing, and deterministic hashing.

Repository (GitHub)
View/report issues

Documentation

API reference

License

MIT (license)

Dependencies

async_lite, bcrypt, crypto, encrypt, jaguar_jwt, path

More

Packages that depend on seckit

Back