how secure is Salsa20 for my Flutter app and server communication? about encrypt HOT 14 CLOSED

I need to send encrypted value to server using https. How do I do that with salsa?

from encrypt.

Sorry, I'm not a security expert to ensure you how secure your app will be, this lib is just a wrapper around PointyCastle.
Also, using https already makes the connection between your Flutter app and your server secure. You don't need an extra layer.

from encrypt.

Thanks for the info.

This is "1viEPvZsG2vlfwoBIZPEu5EOFJBlPsgUq+hkBuMFgJVYirS/X6KLPt3WCuuQ+qVMdU6fXb/z7w==" encrypted string. Now I need to send to server (aqueduct) using https. My problem how to decrypt the string to get original "Lorem ipsum dolor sit amet, consectetur adipiscing elit" string.

I couldn't find in source or documentation. So, is it possible to send me some info how to make it to work? Thanks

from encrypt.

In one of my old c# I use to make a block chipper on "des" to decode using chipper.decodeBase64. But I am not sure how to implement in here.

from encrypt.

You can:

final text = encrypter.decrypt64('1viEPvZsG2vlfwoBIZPEu5EOFJBlPsgUq+hkBuMFgJVYirS/X6KLPt3WCuuQ+qVMdU6fXb/z7w==');

Remember that you encrypter should be instantiated with proper key and IV.

https://github.com/leocavalcante/encrypt/blob/master/test/encrypt_test.dart#L48

from encrypt.

Thank you very much Leo.

Bear with me. What do you mean by saying " proper key and IV."? In your example you use Key.fromLength(32) and IV.fromLength(8).

Can you give me an example. Thanks

from encrypt.

Key.fromLength(32) and IV.fromLength(8) are just for examples and testing purposes. For production environments you should use cryptography strong values generated by a CSPRNG. And they should be the same on the side of the encryption and on the side of the decryption.

I'll reopen your issue as a remainder for me to work on something cool for that, PointyCastle does implemente Fortuna algorithm, we can have a CLI to generate keys/ivs :)

from encrypt.

Got it. Thanks again, :) I will looking forward.

from encrypt.

when I use string for key.fromUtf8("......") and iv it looks okay on dart console app. Then when I implement to my Flutter app and aqueduct on server I got error as shown below. End of the encrypted string has a = sign and find error on that part as invalid encoding.

Kks9SRyL5qRy/J6sgk3GglHVKbaqiI= 18ms 500 {user-agent : Dart/2.1 (dart:io)\nconnection : close\naccept : application/json\naccept-encoding : gzip\ncontent-length : 0\nhost : 127.0.0.1:3000\n} FormatException: Invalid encoding before padding (at character 31)
Kks9SRyL5qRy/J6sgk3GglHVKbaqiI=
^
#0 _Base64Decoder.decodeChunk (dart:convert/base64.dart:718:13)
#1 _Base64Decoder.decode (dart:convert/base64.dart:654:14)
#2 Base64Decoder.convert (dart:convert/base64.dart:516:32)
#3 Base64Codec.decode (dart:convert/base64.dart:91:47)

from encrypt.

Can you share your code? It seams that de decrypt function is receiving more than just the token...

from encrypt.

Sorry for late response, it was my side of the bad effect. iv is 10 bit. Adjust 8 bit and working very fast both in flutter app, dart server ans aqueduct. :)

from encrypt.

Ok, great 😃

from encrypt.

There we go!
You can create crypto secure random numbers for keys and ivs in your project!

Like:

Leo~ secure-random
Gg8bARwOEBYBEwAWERAfESEgHAsgByERGA0XGBwYCyE=
Leo~ secure-random -l 8
GgsgFxIJFwk=
Leo~ secure-random -l 16 -b 16
150b1d00161d111905211d0a0c1b2114

-l is for length and -b is for base (64 and 16 only):

https://github.com/leocavalcante/encrypt#secure-random

from encrypt.

I didnt know how to create crypto secure random numbers for keys and ivs. Thanks again Leo.

from encrypt.