Reputation: 225
How to encypt username and password in flutter
am trying to implement phone_number and password encryption in flutter. after have tried to encrypt the jsonbody "( var rBody = jsonEncode({ 'Request': encryptor.encrypt(requestBody.toString())});" and then run the app am still unable to transmit the request to my remote server(which requires all requests to be encrypted with AES). Can someone with experience on this show me the best way to do this. such that the password and phone are encrypted effectively.
import 'dart:async';
import 'dart:convert';
import 'package:encrypt/encrypt.dart';
import 'package:http/http.dart' as http;
Future<http.Response> post() async {
var url = 'http:xxxxxxxpostRequest';
String password = "xxxxxxx";//url password
String username = "xxxxx";//access username
var bytes = utf8.encode("$username:$password");
var credentials = base64.encode(bytes);
var headers = {
"Content-Type": "application/json",
"Authorization": "Basic $credentials"
};
var requestBody = jsonEncode({ 'phone': _phone, 'pin': _pass});
final key = "";// encryption key
final iv= "";
final encryptor=new Encrypter(new Salsa20(key, iv));
var rBody = jsonEncode({ 'Request': encryptor.encrypt(requestBody.toString())});
http.Response response = await http.post(
url, body: rBody, headers: headers);
var responseJson = json.decode(response.body);
print(Utf8Codec().decode(response.bodyBytes));
print("Body: " + responseJson);
}
//This is my console response
E/flutter (24909): [ERROR:topaz/lib/tonic/logging/dart_error.cc(16)] Unhandled exception: E/flutter (24909): type 'ParametersWithIV' is not a subtype of type 'ParametersWithIV' E/
Upvotes: 4
Views: 10388
Answers (1)
Reputation: 51741
The encrypt package isn't well maintained, so use the pointy castle package. (Use pointycastle: ^1.0.0-rc3.)
Your question isn't clear about how you are going to:
- derive the key material from the strings provided
- convert the plaintext to bytes
- convert the cipher text back to something you can include in json
They could be encoded in hex or base64 perhaps. Your server team should be able to specify what they want.
Here's example code to encrypt in AES/CBC/PKCS7.
import 'dart:convert';
import 'dart:typed_data';
import 'package:pointycastle/api.dart';
import 'package:pointycastle/padded_block_cipher/padded_block_cipher_impl.dart';
import 'package:pointycastle/paddings/pkcs7.dart';
import 'package:pointycastle/block/aes_fast.dart';
import 'package:pointycastle/block/modes/cbc.dart';
main() {
//final key = 'dxxxxxxxxxxeX';
//final iv = '_Vxxxxxxxxxx1';
// TODO - convert the key and IV to bytes
// dummy key and IV values
Uint8List key = Uint8List.fromList(
[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15],
);
Uint8List iv = Uint8List.fromList(
[1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16],
);
// TODO - convert the plaintext to bytes
// example - just utf8 encode it
Uint8List plainText = Uint8List.fromList(utf8.encode('some plain text'));
PaddedBlockCipher cipher = PaddedBlockCipherImpl(
PKCS7Padding(),
CBCBlockCipher(AESFastEngine()),
);
cipher.init(
true,
PaddedBlockCipherParameters<CipherParameters, CipherParameters>(
ParametersWithIV<KeyParameter>(KeyParameter(key), iv),
null,
),
);
Uint8List cipherText = cipher.process(plainText);
// TODO - convert the cipher text to a String to include as the 'Request' param
}
PS Don't forget that it's insecure to reuse the same IV more than once.
Upvotes: 2
Related Questions
- Encrypt in php and decrypt in Dart(flutter)
- Encryption/Decryption in flutter by adapting java code
- how to implement decrypt in flutter like java?
- Encryption and Descyption issue in Flutter and C#
- how about to use secure storage to store the user username and password in flutter
- Custom username and password login using Flutter firebase
- Flutter Use the RSA encrypt package
- Flutter - client side encryption of user data
- AES Encryption in flutter
- Storing user data securely in Flutter and Dart