dart-lang / crypto Goto Github PK
View Code? Open in Web Editor NEWA set of cryptographic functions implemented in pure Dart.
Home Page: https://pub.dev/packages/crypto
License: BSD 3-Clause "New" or "Revised" License
A set of cryptographic functions implemented in pure Dart.
Home Page: https://pub.dev/packages/crypto
License: BSD 3-Clause "New" or "Revised" License
I have dart code that converts string to sha256 hash. remarry party using csharp and same string they get different result.
So where should I have to look? What should I tell them?
Why Dart sha256 and Csharp sha256 has different result?
String a = "2424242401224672";
var bytes = utf8.encode(a);
var digest = sha256.convert(bytes);
print("digest: $digest");
Base64 current handles percent-encoded padding characters, but only if the percent encoding is uppercase. It should handle lowercase encoding as well.
Tracking issue.
If we don't plan to do this relatively soon, let's close. But I hear we have this code. :)
Originally opened as dart-lang/sdk#4611
This issue was originally filed by [email protected]
Test code:
new File('recordroyale.ogg').readAsBytes().then((buf) {
var md5 = new MD5();
md5.update(buf);
print(md5.digest());
});
where 'recordroyale.ogg' is about six megabytes. This takes 22 seconds on my machine. Shelling out to md5sum(1) takes under 0.02 seconds. I understand that Dart won't ever be as fast as C, but with this disparity, the hash algorithms should be implemented in C[++] rather than Dart.
I had a vague suspicion that this was slow due to unnecessary allocations, but the allocations are mostly small and consumed quickly. Refactoring to eliminate unnecessary allocations resulted in no change.
My use case involved checksumming a byte array that existed only in memory at the relevant location; it is far less convenient to write data to a temporary file, shell out to md5sum(1), then delete that file.
Please add HMAC-SHA512 feature.
thank you.
Customer request.
Originally opened as dart-lang/sdk#2875
This issue was originally filed by [email protected]
In its current shape, the hash and HMAC functions in the crypto library return List<int> as a message digest. This has several deficiencies:
Therefore, I propose to use a rich object called Digest instead. It would look like this:
interface Digest {
final List<int> bytes;
// TODO operator equals, when implemented
bool operator ==(Digest other);
String toString();
}
I'm attaching a patch with complete implementation (necessary modifications to tests included). Note that if you accept this, it supersedes issue #2839.
Please note that I DON'T really understand crypto, so if you decide to accept this API change, proper crypto review is a good idea :-)
Attachment:
0001-represent-message-digest-as-a-rich-object-with-bette.patch (9.72 KB)
Our major product uses this library, and recently the 0.9.2 version was released. This version does not work with dart2js.
Unsupported operation: Uint64 accessor not supported by dart2js.
Error message when run pub get:
Because every version of flutter_test from sdk depends on crypto 2.1.3 and driver depends on crypto ^2.1.4, flutter_test from sdk is forbidden.
So, because driver depends on flutter_test any from sdk, version solving failed.
pub get failed (1; So, because driver depends on flutter_test any from sdk, version solving failed.).
My environment
sdk: ">=2.2.2 <3.0.0"
[✓] Flutter (Channel stable, v1.12.13+hotfix.5, on Mac OS X 10.14.6 18G103, locale en-VN)
• Flutter version 1.12.13+hotfix.5 at /Users/thanhphung/code/flutter
• Framework revision 27321ebbad (4 weeks ago), 2019-12-10 18:15:01 -0800
• Engine revision 2994f7e1e6
• Dart version 2.7.0
[✓] Android toolchain - develop for Android devices (Android SDK version 29.0.2)
• Android SDK at /Users/thanhphung/Library/Android/sdk
• Android NDK location not configured (optional; useful for native profiling support)
• Platform android-29, build-tools 29.0.2
• Java binary at: /Applications/Android Studio.app/Contents/jre/jdk/Contents/Home/bin/java
• Java version OpenJDK Runtime Environment (build 1.8.0_202-release-1483-b49-5587405)
• All Android licenses accepted.
[✓] Xcode - develop for iOS and macOS (Xcode 11.2.1)
• Xcode at /Applications/Xcode.app/Contents/Developer
• Xcode 11.2.1, Build version 11B53
• CocoaPods version 1.6.0
[✓] Android Studio (version 3.5)
• Android Studio at /Applications/Android Studio.app/Contents
• Flutter plugin version 42.1.1
• Dart plugin version 191.8593
• Java version OpenJDK Runtime Environment (build 1.8.0_202-release-1483-b49-5587405)
[✓] VS Code (version 1.41.1)
• VS Code at /Applications/Visual Studio Code.app/Contents
• Flutter extension version 3.7.1
[✓] Connected device (1 available)
• iPhone 8 • 30A0D063-FD79-4F62-9C5F-EDDA9B736F10 • ios • com.apple.CoreSimulator.SimRuntime.iOS-13-2 (simulator)
It's common to link to where the latest CI system's output is. For example, if this were using Travis, we could link to the latest Travis results.
This package might be tested on the package bots? If so, can we link to there?
Thanks!
Either both or neither, right @nex3 ?
Currently, the Base64 implementation accepts A===
. It's invalid and should be rejected.
Customer request.
Customer request.
This is probably user error, but for tracking:
~/Code/crypto[example*] $ dart example/md5.dart large.txt
398b8e562429a971168e91ecf7117144
~/Code/crypto[example*] $ md5 large.txt
MD5 (large.txt) = b5c667a723a10a3485a33263c4c2b978
Example code:
// Copyright (c) 2015, the Dart project authors. Please see the AUTHORS file
// for details. All rights reserved. Use of this source code is governed by a
// BSD-style license that can be found in the LICENSE file.
import 'dart:io' show exit, File;
import 'package:crypto/crypto.dart' show MD5, CryptoUtils;
main(List<String> args) async {
if (args == null || args.length != 1) {
print('Usage: dart md5.dart <input_filename>');
exit(1);
}
var input = new File(args[0]);
if (!input.existsSync()) {
print('File "${args[0]}" does not exist.');
exit(1);
}
var md5 = new MD5();
await for (var bytes in input.openRead()) {
md5.add(bytes);
}
var hex = CryptoUtils.bytesToHex(md5.close());
print(hex);
}
Running with
~/Code/crypto[example*] $ dart --version
Dart VM version: 1.13.0-dev.2.0 (Tue Sep 8 05:13:39 2015) on "macos_x64"
The size of the output of HMAC should be the same as that of the underlying hash function. However, that's not the case. For example, the following code fails:
final hash = sha256;
final converted = Hmac(hash, utf8.encode('some key'))
.convert(utf8.encode('some data'))
.bytes;
assert(hash.blockSize == converted.length);
customer request.
<img src="https://avatars.githubusercontent.com/u/1924313?v=3" align="left" width="96" height="96"hspace="10"> Issue by jtmcdole
Originally opened as dart-lang/sdk#19255
crypto's bytesToBase64 is great, but I'd really like to specify the alphabet; specifically base64url in which the last two characters are -_
See: http://tools.ietf.org/html/rfc4648#section-5
See: http://en.wikipedia.org/wiki/Base64
Originally opened as dart-lang/sdk#19292
This issue was originally filed by [email protected]
The crypto library fails with an assertion error:
lengthInBits < pow(2, 32)
when trying to take an md5 hash of a file larger than 512MB. This limitation effectively means dart is unsafe for transferring large files between a client and server.
I converted the dart_jwt
package to the latest crypto
(pre 1.0) version and followed the deprecation advice to use the convert
package for base64.
Unfortunately all my tests started failing as they encoding was not the same as you get with the url safe version of the old base64.
I need the equivalent of
const Base64Codec(urlSafe: true).decode(...);
to exist in the convert package but can't find it. What am I missing?
Do you have plans to support blake2b ? Thanks a lot.
There seems to be a bug in (at least) the sha256 hash function. The conversion with gives me for some inputs a wrong result.
Below is an example where I converted the same input once with this package and once with java. The results are different and I was expecting the result which I got in the java version.
I am using the latest version of this package (2.1.2
).
Here is an example where its not working as expected:
Dart Code:
// [49, 53, 54, 54, 51, 51, 50, 54, 55, 49, 49, 49, 56, 48, 48, 48]
List<int> bytes = utf8.encode("1566332671118000");
// [133, 249, 41, 195, 160, 66, 219, 55, 26, 124, 141, 228, 53, 42, 184, 177, 140, 149, 252, 151, 104, 226, 242, 51, 157, 236, 122, 90, 60, 32, 207, 91]
sha256.convert(bytes);
Java Code:
// [49, 53, 54, 54, 51, 51, 50, 54, 55, 49, 49, 49, 56, 48, 48, 48]
byte[] bytes = "1566332671118000".getBytes (Charset.forName (UTF8);
MessageDigest md = MessageDigest.getInstance (SHA256);
// [-123, -7, 41, -61, -96, 66, -37, 55, 26, 124, -115, -28, 53, 42, -72, -79, -116, -107, -4, -105, 104, -30, -14, 51, -99, -20, 122, 90, 60, 32, -49, 91]
md.digest (bytes);
<img src="https://avatars.githubusercontent.com/u/480590?v=3" align="left" width="96" height="96"hspace="10"> Issue by Ladicek
Originally opened as dart-lang/sdk#2875
Attachment:
0001-represent-message-digest-as-a-rich-object-with-bette.patch (9.72 KB)
Currently, the Base64 decoder crashes when passed a string containing a character with a codepoint above 256. It shouldn't accept this, but it should throw a more useful error.
<img src="https://avatars.githubusercontent.com/u/209047?v=3" align="left" width="96" height="96"hspace="10"> Issue by dasmoth
Originally opened as dart-lang/sdk#10217
Any reason why these can't be top-level functions in the dart:crypto package? Didn't Dart add support for top-level functions to avoid this kind of Java-ism?
Customer request.
There is a startChunkedConversion
api on the Hash
class here, but you can't use it easily without an import to lib/src/
because the DigestSink
class is not exposed (as far as I can tell at least).
Description
https://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange
Example of implementation
https://nodejs.org/api/crypto.html#crypto_class_diffiehellman
<img src="https://avatars.githubusercontent.com/u/1046115?v=3" align="left" width="96" height="96"hspace="10"> Issue by jwendel
Originally opened as dart-lang/sdk#9822
What steps will reproduce the problem?
The current crypto library only supports SHA-1 and a limited subset of SHA-2 (SHA-256). While this may be enough for client-side, it would be nice to have full SHA-2 support for server-side development. This would mean support for all SHA-2 algorithms: (SHA-224, SHA-256, SHA-384, SHA-512).
What is the expected output? What do you see instead?
What version of the product are you using? On what operating system?
Dart SDK version 0.4.5.1_r21094
Please provide any additional information below.
I was looking to write a server-side program that talked to a RESTful service, but it required that all requests had a SHA-512 signature, which is not currently supported by the included Dart crypto library. I could also see this being needed for anyone doing a server-side Dart app that wants to store SHA-512 versions of users passwords.
I am using flutter to send data to my aqueduct web api in encrypted mode. In aqueduct I need to use decryption to get the data, sort out request info from data base, encrypted data and send to flutter app. I couldn't find any HMAC-SHA256 Decryption so I can use the plugin in my flutter app and aqueduct web api. Any help please?
import 'dart:convert';
import 'package:crypto/crypto.dart';
import 'package:crypto/src/digest_sink.dart';
void main() {
var key = utf8.encode('p@ssw0rd');
var bytes = utf8.encode("foobar");
var hmacSha256 = new Hmac(sha256, key); // HMAC-SHA256
var digest = hmacSha256.convert(bytes);
print("HMAC digest as bytes: ${digest.bytes}");
print("HMAC digest as hex string: $digest");
}
I am building a Flutter package and need to perform RSA encryption but not sure this package currently supports it. Open to ideas as to options i can explore.
The pub site can show example code for a package.
https://www.dartlang.org/tools/pub/package-layout#examples
Let me know if you want me to try working on this.
related issue : dart-lang/site-www#413
A customer asked for "anything to help me check a payload against an RSA public key signature? (I think I want to use the sha256WithRSAEncryption algo)." and "I only need the functionality of Chrome's SignatureVerifier class[1], which uses openssl's EVP_PKEY_* and EVP_DigestVerify* and friends."
Hi,
Other packages have tags for released versions which makes referencing specific versions in Git easier than the complete commit hash.
It seems that HashSink does not close the underlying sync when its close
method is called.
This means users have to call close twice when doing a chunked conversion, for instance.
Customer request.
It makes sense to accept the CRLF sequence to allow base64 to be broken across lines, but these characters shouldn't be allowed on their own.
<img src="https://avatars.githubusercontent.com/u/5479?v=3" align="left" width="96" height="96"hspace="10"> Issue by sethladd
Originally opened as dart-lang/sdk#3396
Suggesting adding an optional List<int> param to Hash.digest() for the more simple one-liner cases.
Instead of:
var digest = sha256.update("message".charCodes()).digest();
It would be nicer to have:
var digest = sha256.digest("message".charCodes());
Thanks!
ecause every version of flutter_driver from sdk depends on crypto 2.0.6 and example depends on crypto ^2.1.2, flutter_driver from sdk is forbidden.
So, because example depends on flutter_driver any from sdk, version solving failed.
pub get failed (1)
Currently, if there are a multiple of four =
or %3D
sequences in a Base64 string, the parser will treat them as zero bytes. This is clearly wrong; it should reject those strings like it does for strings with other numbers of =
.
Couldn't find a simple way to hash a simple string.
The example within the example folder uses stream.
<img src="https://avatars.githubusercontent.com/u/148256?v=3" align="left" width="96" height="96"hspace="10"> Issue by kaisellgren
Originally opened as dart-lang/sdk#4367
Support for bcrypt and/or scrypt is needed for secure password hashing purposes.
Here's a reference for scrypt: http://www.tarsnap.com/scrypt.html
<img src="https://avatars.githubusercontent.com/u/1269969?v=3" align="left" width="96" height="96"hspace="10"> Issue by devoncarew
Originally opened as dart-lang/sdk#17317
The SHA implementation seems slower then it should be. I created some benchmarks here:
https://github.com/devoncarew/sha_benchmark.dart
the benchmark numbers are here:
https://github.com/devoncarew/sha_benchmark.dart/blob/master/lib/sha_bench.dart#L8
I added benchmarks for a pure-dart implementation of inflate and deflate, to have something to compare SHA to. The SHA implementation seems about an order magnitude slower. Spark's git implementation is fairly slow, and we seem to be spending a lot of our time generating SHAs. It would be great to have this sped up a bit; not sure if there's some low-hanging fruit in the implementation.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.