cedx
commented
5 years ago It would be also cool if we could use the Crypto.subtle APIs from dart:html. Currently the API exposed by Dart is unusable.
Closed jonasfj closed 3 years ago
cedx
commented
5 years ago It would be also cool if we could use the Crypto.subtle APIs from dart:html. Currently the API exposed by Dart is unusable.
knopp
commented
4 years ago This needs to get higher priority. There is no way any dart AES implementation is going to be on par with handwritten assembly from boringssl. Also it's very strange and potentially unsafe to have to duplicate basic crypto algorithm when dart already ships with boringssl. Please expose this, perhaps with API similar to Crypto.subtle, in that case you can have parity with dartjs.
Edit: Crypto.subtle might be too limiting, since it doesn't expose any streaming interface.
terrier989
commented
4 years ago A provisional solution could be exporting (prefixed) BoringSSL functions as undocumented C functions that may be removed in any future version. Cryptographic packages could then look up the symbols with dart:ffi:
DynamicLibrary.executable().lookup("unstable_boringssl_ED25519_sign");Whenever Dart/Flutter or BoringSSL decides to stop supporting something, a package could fall back to an implementation written in Dart.
Developers who want to use crypto.subtle in browsers may find package:cryptography useful.
edyu
commented
4 years ago I just want to say I agree with everything that was said and yes package:cryptography is very helpful but would be nice to have a real dart:crypto library.
jonasfj
commented
4 years ago I started drafting what I thought would be a good crypto library for Dart. But retaining all the BoringSSL symbols I would have needed in the Flutter SDK would have grown the SDK size by a few hundred KBs... Which is kind of a problem at the moment, hence, I don't think this is going to happen anytime soon.
My humble attempt at a crypto library became package:webcrypto, which is just a side-project, still under active development. It uses dart:ffi+BoringSSL or crypto.subtle and does not attempt to roll a Dart implementation of any primitives.
In any case, it's also nice to see pure-Dart implementations like package:cryptography, having portable cryptography is cool :D
knopp
commented
4 years ago Thank you for this! It looks really promising - it is exactly the approach I was thinking about. It was a bit disappointing to find out that DynamicLibrary.executable() doesn't work for AOT (the symbols seem to be stripped), and overall it seemed like quite a lot of work, I'm very happy to see someone actually willing to take a crack at this.
mit-mit
commented
3 years ago Closing this now that we have https://pub.dev/packages/webcrypto in a pretty complete state.
Dart should have a built-in package providing cryptographic algorithms. This could be modeled after the golang "crypto" package, node.js crypto module, Web Cryptography, or similar.
The reason for this is simple:
On the technical it's worth noting that:
By supporting TLS dart-sdk already comes with a lot of cryptography, we just need to expose more low-level algorithms.
note: I'm aware of package:crypto, but it is missing a lot of algorithms. For example googleapis_auth is rolling it's own RSA implementation.