How to encypt username and password in flutter

encryption flutter public-key-encryption password-encryption flutter-dependencies

6,065

The encrypt package isn't well maintained, so use the pointy castle package. (Use pointycastle: ^1.0.0-rc3.)

Your question isn't clear about how you are going to:

derive the key material from the strings provided
convert the plaintext to bytes
convert the cipher text back to something you can include in json

They could be encoded in hex or base64 perhaps. Your server team should be able to specify what they want.

Here's example code to encrypt in AES/CBC/PKCS7.

import 'dart:convert';
import 'dart:typed_data';

import 'package:pointycastle/api.dart';
import 'package:pointycastle/padded_block_cipher/padded_block_cipher_impl.dart';
import 'package:pointycastle/paddings/pkcs7.dart';
import 'package:pointycastle/block/aes_fast.dart';
import 'package:pointycastle/block/modes/cbc.dart';

main() {
  //final key = 'dxxxxxxxxxxeX';
  //final iv = '_Vxxxxxxxxxx1';

  // TODO - convert the key and IV to bytes
  // dummy key and IV values
  Uint8List key = Uint8List.fromList(
    [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15],
  );
  Uint8List iv = Uint8List.fromList(
    [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16],
  );

  // TODO - convert the plaintext to bytes
  // example - just utf8 encode it
  Uint8List plainText = Uint8List.fromList(utf8.encode('some plain text'));

  PaddedBlockCipher cipher = PaddedBlockCipherImpl(
    PKCS7Padding(),
    CBCBlockCipher(AESFastEngine()),
  );

  cipher.init(
    true,
    PaddedBlockCipherParameters<CipherParameters, CipherParameters>(
      ParametersWithIV<KeyParameter>(KeyParameter(key), iv),
      null,
    ),
  );
  Uint8List cipherText = cipher.process(plainText);
  // TODO - convert the cipher text to a String to include as the 'Request' param
}

PS Don't forget that it's insecure to reuse the same IV more than once.

6,065

Author by

denis

Updated on December 07, 2022

Comments

denis over 1 year

am trying to implement phone_number and password encryption in flutter. after have tried to encrypt the jsonbody "( var rBody = jsonEncode({ 'Request': encryptor.encrypt(requestBody.toString())});" and then run the app am still unable to transmit the request to my remote server(which requires all requests to be encrypted with AES). Can someone with experience on this show me the best way to do this. such that the password and phone are encrypted effectively.

import 'dart:async';
import 'dart:convert';
import 'package:encrypt/encrypt.dart';
import 'package:http/http.dart' as http;



  Future<http.Response> post() async {
var url = 'http:xxxxxxxpostRequest';
String password = "xxxxxxx";//url password
String username = "xxxxx";//access username

var bytes = utf8.encode("$username:$password");


var credentials = base64.encode(bytes);
var headers = {
  "Content-Type": "application/json",
  "Authorization": "Basic $credentials"
};

var requestBody = jsonEncode({ 'phone': _phone, 'pin': _pass});

final key = "";// encryption key
final iv= "";

final encryptor=new Encrypter(new Salsa20(key, iv));


var rBody = jsonEncode({ 'Request': encryptor.encrypt(requestBody.toString())});


http.Response response = await http.post(
    url, body: rBody, headers: headers);
var responseJson = json.decode(response.body);
print(Utf8Codec().decode(response.bodyBytes));

print("Body: " + responseJson);

}

//This is my console response

E/flutter (24909): [ERROR:topaz/lib/tonic/logging/dart_error.cc(16)] Unhandled exception: E/flutter (24909): type 'ParametersWithIV' is not a subtype of type 'ParametersWithIV' E/