flutter_sodium
With flutter_sodium you get access to the modern, easy-to-use libsodium crypto library in your Flutter apps. One set of crypto APIs supporting both Android and iOS.
Getting Started
In your flutter project add the dependency:
dependencies: ... flutter_sodium: any
Important: For iOS you’ll need to manually update the Podfile in your ios project.
Usage example
import 'package:flutter_sodium/flutter_sodium.dart'; // Password hashing (using Argon) final password = 'my password'; final str = await PasswordHash.hashStorage(password); print(str); // verify hash str final valid = await PasswordHash.verifyStorage(str, password); assert(valid);
This project includes an extensive example app with runnable code samples. Be sure to check it out!
API coverage
The flutter_sodium plugin implements the following libsodium APIs *):
- crypto_aead
- crypto_auth
- crypto_box
- crypto_generichash
- crypto_kdf
- crypto_kx
- crypto_onetimeauth
- crypto_pwhash
- crypto_scalarmult
- crypto_secretbox
- crypto_shorthash
- crypto_sign
- randombytes
- sodium_version
*) Some APIs are not available on Android. See this issue for details.
Dart APIs
The plugin includes a core API that maps native libsodium functions 1:1 to Dart equivalents. The core API is available in the class Sodium
. Dart naming conventions are used for core API function names. A native libsodium function such as crypto_pwhash_str
, is available in flutter as Sodium.cryptoPwhashStr
.
Also included in flutter_sodium is a high-level, opinionated API providing access to libsodium in a Dart friendly manner. The various functions are available in separate Dart classes. Password hashing for example is available in the PasswordHash
class. The high-level API depends on the core API to get things done.
Threading
The flutter_sodium APIs can be executed on the UI thread, or on a background thread. Most crypto tasks can safely run on the UI thread, some tasks take considerable time to execute (most notable crypto_pwhash_* ), and will run on a background thread by default. All methods of the core API includes an optional useBackgroundThread
argument to switch from UI to background thread or vice versa. Background execution is implemented using AsyncTask
in Android, and DispatchQueue
in iOS.
Please note that the entire API is asynchronous. Even when a crypto task is executed on the UI thread, the method returns an async Future
which needs to be awaited.
Current issues
- Some APIs are not available on Android. An issue has been created with the complete list.
- Using flutter_sodium in iOS doesn’t work right out of the box. Manual installation steps are required.
- Since Flutter does not support native binaries, a platform channel is established to enable native function invocation. One side effect of this approach is that the entire flutter_sodium API is asynchronous. This is great for potential long-running operations such as Argon password hashing, but does not make much sense for other short-running functions.
Download Flutter bindings for libsodium Source Code on GitHub
https://github.com/firstfloorsoftware/flutter_sodium
Provides the list of the opensource Flutter apps collection with GitHub repository.