SecureKey class abstract

A platform independent secure key, that uses native memory.

This class is designed to make it as secure as possible to store your secret keys in memory. The key tries to protect the memory from unallowed access and only allows reading and writing in scoped callbacks. See runUnlockedSync and runUnlockedAsync.

In the dart VM, it uses native C memory and applies security features of libsodium to protect it. The applied mechanisms are:

• sodium_malloc (to allocate the memory)
• sodium_mlock
• sodium_mprotect_noaccess
• sodium_memzero (when the key is disposed)

In JavaScript however, there is no way to secure memory. So, instead a simple Uint8Array is used that gets cleared with sodium_memzero when the key is disposed. There are no other security measures that can be applied in a JavaScript context.

Note: To create a new secure key, you can either use the factory constructors, which require an instance of Sodium, or you directly use the methods Sodium.secureAlloc, Sodium.secureRandom or Sodium.secureCopy, which do the same thing as the factory constructors. In fact, they are the actual implementation. The factory constructors simply exist for convenience.

See https://libsodium.gitbook.io/doc/memory_management

Available extensions

• SecureKeySplit

Constructors

SecureKey.new(Sodium sodium, int length)

Allocates a new SecureKey of length bytes.

factory

SecureKey.fromList(Sodium sodium, Uint8List data)

Allocates new memory for a SecureKey and copies the data from data.

factory

SecureKey.random(Sodium sodium, int length)

Allocates new memory for a SecureKey and fills it with length bytes of random data.

factory

Properties

hashCode → int

The hash code for this object.

no setter, inherited

length → int

Returns the length of the key in bytes, without unlocking it.

no setter

runtimeType → Type

A representation of the runtime type of the object.

no setter, inherited

Methods

copy() → SecureKey

Creates a secure copy of the key.

dispose() → void

Disposes the key.

extractBytes() → Uint8List

Creates a copy of the raw key bytes in dart memory.

noSuchMethod(Invocation invocation) → dynamic

Invoked when a nonexistent method or property is accessed.

inherited

runUnlockedAsync<T>(SecureCallbackFn<FutureOr<T>> callback, {bool writable = false}) → FutureOr<T>

Runs the given callback with the unlocked key data.

runUnlockedSync<T>(SecureCallbackFn<T> callback, {bool writable = false}) → T

Runs the given callback with the unlocked key data.

split(Sodium sodium, List<int> lengths) → List<SecureKey>

Available on SecureKey, provided by the SecureKeySplit extension

Creates multiple secure keys of different lengths from a single key. It is especially useful for using pwHash to generate enough bytes for multiple keys.

toString() → String

A string representation of this object.

inherited

Operators

operator ==(Object other) → bool

The equality operator.

inherited