leocavalcante
commented
6 years ago Well, actually, you will "never" (should) find a SHA-256 decryption library, the purpose of this hashing algorithm is one-way only, you don't have the original text back. For password hashing this is the desired behavior, you save a hashed version of the password into the database then re-hashes the input and see if they match. You are highly encouraged to do such hashing using proper algorithms and salts, one salt for each user so you database can be prevented from rainbow-tables: I've abstracted this fuzz at https://github.com/leocavalcante/password-dart
For encrypted communication between app (client) and api (server), that is another thing and you don't need to implement it by yourself, you can rely on TLS over HTTP, the famous HTTPS, it will handle encryption and decryption of the data begin transferred, you can add a TLS termination proxy like Nginx over Aqueduct and use something like Let’s Encrypt.
P.S.: do this password hashing thing on the server, not on the client (Flutter). so you can added more iterations over PBKDF and make the password more secure. I'm mean: scale the security by your server hardware.
NTMS2017
I am using flutter to send data to my aqueduct web api in encrypted mode. In aqueduct I need to use decryption to get the data, sort out request info from data base, encrypted data and send to flutter app. I couldn't find any HMAC-SHA256 Decryption so I can use the plugin in my flutter app and aqueduct web api. Any help please?
import 'dart:convert'; import 'package:crypto/crypto.dart'; import 'package:crypto/src/digest_sink.dart';
void main() { var key = utf8.encode('p@ssw0rd'); var bytes = utf8.encode("foobar");
var hmacSha256 = new Hmac(sha256, key); // HMAC-SHA256 var digest = hmacSha256.convert(bytes);
print("HMAC digest as bytes: ${digest.bytes}"); print("HMAC digest as hex string: $digest"); }