bcgit / pc-dart Goto Github PK

It would be great if this package is migrated to support null safety changes.

Are there any plans for this to be implemented soon?

Minor issue with CHANGELOG.md:

#### Version 2.0.0-rc1 (2020-09-11) (Dart SDK version 2.1.1)::q!

See that :q! at the end? Looks like a vi fail.

Hi there! My name is Aditya Kishore, and I'm the author of steel_crypt. I came here today to discuss something that I've been mulling over for a while now.

Some background

I created steel_crypt last year to fill a need. There was no cryptography package with all the features of pointycastle that had adequate documentation and maintenance. I set out to create such a package. Over time, I have essentially maintained a fork of pointycastle within steel_crypt, adding new algorithms (such as AES-GCM and ChaCha20).

Earlier this year, pointycastle was folded into the larger BouncyCastle project. The largest problem with pointycastle (lack of maintenance) was finally solved.

One of my greatest fears is contributing to the "NPM problem", where duplicitous packages exist for no reason other than to prop up individual devs. I really want to make cryptography easier for the broader Dart community; if contributing to a larger package is the best way to do that, then I would jump at the chance to do so.

My Proposal

I propose that we migrate differentiating sections of steel_crypt into pointycastle. pointycastle would get the algorithms I've added (ChaCha20, Poly1305, ChaCha20-Poly1305, AES-GCM) and the codebase cleanups I've done. Then, steel_crypt would stop relying on an internal fork of pointycastle, and would become a simple skin over the public pointycastle package.

Right now, we have only one authenticated block cipher mode of operation (GCM). Redundancy in security primitives is highly important for a few reasons.

OCB is on par with GCM in security level, and is licensed freely for use in open source projects.

https://pub.dev is the central repository for all Dart packages. Without pub, this repository cannot be used by dart code that desires to have control over versioning.

Currently, https://pub.dev/packages/pointycastle package still points to the old GitHub repository and the HKDF commit has not been uploaded.

Hi All,

This release includes some updates to the ASN1 Library.

Given there were no reports of issues for RC1 I think we can schedule a release for the 1st of October (Melbourne Australia).

Please try it out and report any issues here!

Thanks everyone, stay safe during the pandemic.

https://pub.dev/packages/pointycastle/versions/2.0.0-rc2

MW

Hi,

Ultimately we need to be able to support ASN1 encoded messages as CMS, X.509 and others.

We need an ASN1 library so we do not force dependencies on out users.

MW

To help with performance, each algorithm and cipher in this package is split into a separate "library". Each library name, for some reason, has pointycastle affixed to the front. This makes browsing the API Reference needlessly difficult.

Example:

There should be a CI that runs tests and https://pub.dev/packages/pana on all PRs. This would allow you to evaluate the contribution of any given package.

Sorry I should have posted this here not the pre fold repo.

Is there any plan to add CCM mode in the near future?

128 bit AES CCM is very common for Bluetooth. I need it for a project that I'm on now and can't find any dart plugin.

After changing to the RC1 (#46) I found some bugs and things to improve :

• Add ASN1TeletextString to be compatible with the current ASN1Lib package
• Add ASN1GeneralizedTime to be compatible with the current ASN1Lib package
• Add add() method to the ASN1Sequence to be compatible with the current ASN1Lib package
• Add short version of some object identifiers like CN for common name.
• The encoding from ASN1Integer(BigInt.from(0)) differs from the current ASN1Lib package and is maybe buggy
• ASN1BitString can not handle "unused bits" this is a problem by parsing some X509 where the public key is stored in a BitString with beginning 00. Example PEM :

-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgIQBxYr+XmB67PWzCkR7C39iDANBgkqhkiG9w0BAQsFADBA
MQswCQYDVQQGEwJVUzERMA8GA1UEChMIT0VNIFRlc3QxHjAcBgNVBAMTFUZ1bGwg
T0VNIFRlc3QgUlNBIFN1YjAeFw0xOTAzMTEwMDAwMDBaFw0yMDAzMTAxMjAwMDBa
MHsxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCYXllcm4xEzARBgNVBAcTClJlZ2Vu
c2J1cmcxFzAVBgNVBAoTDkludGVyTmV0WCBHbWJIMRQwEgYDVQQLEwtFbnR3aWNr
bHVuZzEXMBUGA1UEAxMOanVua2RyYWdvbnMuZGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDGv7+2oQyRWvFAt7UxtAQJB6zajegzrlvLLZ4+PhhJt6w
aSDW6IPV7H4uIvgL3cHP68AkATl+2fW0CEPy2i3vO27VDtxMp2oTk/IdPtVbNtZB
sjeFiNVzr7ZaD6z0u41WLEQbR34CmlWbggza3SS0tvPXD02YJpDz/Qm43hz0m+SJ
0IaesAM7b1tTbmlCxg3rm+CViU9wTsI9eUvOCZIjKS3E3MVcRJZTCCaZMp8JMKct
Ae4B90RunGbpvsYvWo4W4UQMFCVYcZp47FFeWcUnqx03nrSdP3LEEPcePVsRxPeB
ptsZzby9Wf7Sc2UNzTZSGjzxlpItgXdsjL4HiR/VAgMBAAGjggHGMIIBwjAfBgNV
HSMEGDAWgBS8odGV3/ZO7g4f11MzIg9X66vlUjAdBgNVHQ4EFgQUTriCU/8x5yQN
BoQPPYQcUVL7FUIwQQYDVR0RBDowOIIOanVua2RyYWdvbnMuZGWCEnd3dy5qdW5r
ZHJhZ29ucy5kZYISYXBpLmp1bmtkcmFnb25zLmRlMA4GA1UdDwEB/wQEAwIFoDAd
BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwPgYDVR0fBDcwNTAzoDGgL4Yt
aHR0cDovL2NkcC5yYXBpZHNzbC5jb20vRnVsbE9FTVRlc3RSU0FTdWIuY3JsMEwG
A1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3
LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHUGCCsGAQUFBwEBBGkwZzAmBggr
BgEFBQcwAYYaaHR0cDovL3N0YXR1cy5yYXBpZHNzbC5jb20wPQYIKwYBBQUHMAKG
MWh0dHA6Ly9jYWNlcnRzLnJhcGlkc3NsLmNvbS9GdWxsT0VNVGVzdFJTQVN1Yi5j
cnQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAwCJAiSMJSYCIrJZdcLmY
zgH/Hd6VUDQzuo/s8Q+UoqpwyPwGnmNpovvzfjtz2+bF0dCQwUWerm61kYF/3IU6
ucrdTW4uS+T11tipJgDUBU8jEHvASe+QNIP7BiNoXCs10SfI8FQajL0HxnHY0vKC
AAQiFStLngxNYduyz4C3ZUjeNjt/8NhCUhd2GZGA6gveHKvck47ZWFbblecH8Odw
nhzR+ztf+lSGoyQW+egNlPog/OLjr//kKx7kjuuvXa5Os8oPLENu6LAjTZJqGvJP
ga7IcCj2gCeuTdS4Ibhx3hiew7cfuGa9XbVd5JJmV8kIoFlzLrZpKB4eVDKqaNWg
/g==
-----END CERTIFICATE-----

Hi, thanks for the cool library.

In view of the increasing popularity of EdDSA, Is there any plan support it?

https://travis-ci.org/github/bcgit/pc-dart/jobs/691193088

As you can see here, we have hundreds of lints across nearly every class. Given that these lints factor into the pub.dev score, we should probably clean up a bit.

When trying to decrypt or encrypt unpadded AES-CTR this library will throw an error, if the provided data isn't fully block-sized. The example given here uses the dart "encrypt" package, but I got told that it was an issue within pointycastle and that I should report it here:

import 'dart:typed_data';
import 'package:encrypt/encrypt.dart';

void main() {
  // these are all zero only to demonstrate the issue
  final key = Uint8List(32);
  final cipher = Uint8List(44); // just make sure that this isn't block-sized  
  final iv = Uint8List(16);
  final res = AES(Key(key), mode: AESMode.ctr, padding: null).decrypt(Encrypted(cipher), iv: IV(iv));
  print(res.toString());
}

The error is:

RangeError (index): Index out of range: index should be less than 44: 44
#0      Uint8List.[] (dart:typed_data-patch/typed_data_patch.dart:2209:7)
#1      SICStreamCipher.processBytes (package:pointycastle/stream/sic.dart:61:39)
#2      StreamCipherAsBlockCipher.processBlock (package:pointycastle/adapters/stream_cipher_as_block_cipher.dart:31:18)
#3      AES._processBlocks (package:encrypt/src/algorithms/aes.dart:45:25)
#4      AES.decrypt (package:encrypt/src/algorithms/aes.dart:35:14)
#5      main (file:///home/sorunome/repos/famedly/famedlysdk/test.dart:9:63)
#6      _startIsolate.<anonymous closure> (dart:isolate-patch/isolate_patch.dart:307:19)
#7      _RawReceivePortImpl._handleMessage (dart:isolate-patch/isolate_patch.dart:174:12)

As work-around you can manually 0-pad your input to be of full block-length and afterwards chop off those extra bytes again.

CTR (and CFB & OFB) are stream ciphers, rather than block ciphers. As such they don't require the input to be a specific blocksize. See @uhoreg 's comment here: leocavalcante/encrypt#136

I am trying to port some C#-Code using BouncyCastle to dart. A comparison of all calculated data did not show any difference, but the behaviour differs: the C#-program verifies the hash, my dart-app doesn't. Possibly this is my own mistake, but I think I ported everything correctly. To break it down, here is some code with the original data:

bool check() {
    final List<int> hash = hex.decode(
        'bb90d028b078852b43e70ed3c116a85767f86f38b4ee22fb1fcc44031a7ab1c99c1c5f0c81a51fb3004219823c5a7c7a');
    final publicKeyBuffer = base64Decode(
        'BIgT5/O6q2MNBKerCVR1jiwbTUN5nVSwmrV96qP2oTpgyAD51k/NC93/77v4YxaUtAFeMWfLDhC6AzqH5l9mjZQnKHVD4ytj4emB6aIjraAFxCD0O8kvafF47xdtgHGi1A==');
    final signatureBuffer = base64Decode(
        'Z6x7OEb4OEYQ+2/CV32TLYPmXGzj5rvXQT9ygYoc/GUklngcgHmSVl3eBLObH1DEbkVXBM7SRSOPmkGC6pcrtQ0DjEzooHL7oVHJNszFItCTtz9RWHokEbx0hiOLxu13');
    final ECDomainParameters domainParameters = ECDomainParameters('secp384r1');
    final ECPoint point = domainParameters.curve.decodePoint(publicKeyBuffer);
    final ECPublicKey publicKey = ECPublicKey(point, domainParameters);
    final PublicKeyParameter<ECPublicKey> param = PublicKeyParameter<ECPublicKey>(publicKey);
    final ECDSASigner signer = ECDSASigner();
    signer.init(false, param);
    final BigInt r = decodeBigInt(signatureBuffer.take(signatureBuffer.length >> 1).toList());
    final BigInt s = decodeBigInt(signatureBuffer.skip(signatureBuffer.length >> 1).toList());
    final ECSignature ecSignature = ECSignature(r, s);
    return signer.verifySignature(hash, ecSignature);
  }

hello
I try to found a solution to sign a hash with a deterministic EDCSA signature with elliptic curve secp256k1

Example in javascript:

const {
      signature,
      recid
    } = secp256k1.ecdsaSign(
      new Uint8Array(hash),
      hexToUint8Array(key)
    );
signature = Buffer.from([...signature, recid]); 

I don't know how to do that with Pointycastle

I try something like that but it's isn't good... non deterministic

String signString(String privateKey, String msgToSign) {
    final Signer signer = Signer('SHA-256/ECDSA');

    final _privateKey = ECPrivateKey(
      BigInt.parse(privateKey, radix: 16),
      ECDomainParameters('secp256k1'),
    );
    var privParams = PrivateKeyParameter(_privateKey);

    final rnd = new SecureRandom("AES/CTR/PRNG");
    final key = new Uint8List(16);
    final keyParam = new KeyParameter(key);
    final params = new ParametersWithIV(keyParam, new Uint8List(16));
    rnd.seed(params);

    signer.reset();
    signer.init(true, new ParametersWithRandom(privParams, rnd));
    ECSignature sig = signer.generateSignature(utf8.encode(msgToSign));
    sig = sig.normalize(ECDomainParameters('secp256k1'));

    var topLevel = new asn1lib.ASN1Sequence();
    topLevel.add(asn1lib.ASN1Integer(sig.r));
    topLevel.add(asn1lib.ASN1Integer(sig.s));

    var sig64 = base64.encode(topLevel.encodedBytes);

thx for help

I am urgently in need of a documentation on how to encode ECDSA keypair to pem using pointy castle but with no success.

Am new to encryption and was able to generate ECDSA keypairs but stuck with encoding and decoding to and from PEM since i'll have to persist both keys as strings

Please point me to the right resource to look through @stevenroose

Any contributions are welcome

Thanks for your assistance

I'm trying to create a Ecc CSR while using the UID parameter, but I get the message that it's not supported yet. Will this be supported in a later release?

In steel_crypt, I pulled GCM from a fork of PointyCastle.

Here's the associated PR: PointyCastle/pointycastle#153

In pointycastle, you can import each file individually, so it doesn't make sense to clump two separate algorithms in the same file.

That named constructor setup was because I didn't want to mess things up refactoring into 2 classes. Now that you guys have done that (thanks to @meganwoods and @mwcw), there's no reason to keep SHA-3 and Keccak together.

Hi,

v2.0.1 has been released, please try it out.

MW

Argon2 is the closest thing to a standard in the password hashing space. It should be an option that we provide.

Implementation Link: https://github.com/bcgit/bc-java/blob/master/core/src/main/java/org/bouncycastle/crypto/generators/Argon2BytesGenerator.java

Do you support ECIES ? I want to find Cipher to support ECIES , just like Java.

This looks like a Null Pointer Exception bug. I just noticed it while investigating something else.

print(base64.encode(ASN1Integer(BigInt.from(128)).encode()));
returns AgGA (020180)
expected AgIAgA== (02020080) (verified by other implementations)

It looks like it is something related to signed/unsigned representation.

pointycastle: 2.0.0

Is there any plan to support the HKDF as described in the RFC 5869?

https://pub.dev/packages/fixnum is written by the Dart team. Right now, we manually roll a solution for doing 32 bit ops in dart (which only has signed 64 bit ints). This is located in src/utils/ufixnum.dart. This WORKS, but doing 32 bit ops on 64 bit ints is syntactically confusing and doesn't make very good use of the type system. Further, Java has 32 AND 64 bit ints, which means that transcribing classes from Java to Dart is a pain.

By using fixnum's 32 bit class for any new development, we can probably increase runtime speed, as well as maybe making a more natural transcribing process from BouncyCastle -> PointyCastle.

I'll be the first to admit that there aren't a ton of use cases for IGE, but it is a valid AES based algo and there aren't many libraries that support it (and absolutely none in dart afaik). Basically IGE has one purpose, it's used in MTProto, Telegram's encrypted communication protocol.

I'm playing with the idea of writing a Dart library for MTProto so that I can build a Telegram client using Flutter, but first I need IGE support. The nice thing is that IGE itself is fairly simple. [Here's an example(https://github.com/pyrogram/pyrogram/blob/master/pyrogram/crypto/aes.py#L85)] of it being done in Python with the support of pyaes.

Another example which actually uses BouncyCastle's Java library is number 35 here.

Any thoughts? Maybe this belongs in the actual BouncyCastle repo?

print(base64.encode(ASN1BitString(stringValues: [1]).encode()));
returns AwEB (030101)
expected AwIAAQ== (03020001) (verified by other implementations)

It looks like there should be added extra byte "padding" for some reason.

I suppose, that it should be enough to add default value for unusedbits field to zero in ASN1BitString.

pointycastle: 2.0.0

So I've noticed that RSAPrivateKey doesn't store the public exponent. This would very useful for encoding private keys in PKCS1 format – which requires the public exponent.

From what I can tell, the bc-java library stores the public exponent – see.

Furthermore, I was reading this blog post and noticed it incorrectly uses the private exponent as the public exponent when encoding the private key. I believe that the d and e alias properties in the private and public key classes are bad design as they introduce confusion. The bc-java library exposes these properties in their longer form getExponent and getPublicExponent and doesn't offer any shortened names or aliases.

I suggest deprecating the d and e properties (eventually removing them), and adding a publicExponent to the private key class.

https://travis-ci.org/github/bcgit/pc-dart/builds/697600045

Something about command pub run test is failing. Will dig in to see what's up later.

It would be great if this package had RSA-PSS support. It has been requested before here.

I can try and work on implementing it if the team doesn't have the bandwidth to do so or is uninterested but I'm not at all familiar with cryptography so will need some guidance on how to do it.

Is porting the C# and Java implementation "simply" a matter of changing the syntax? 😅

As of right now, AES is the only available block cipher. Adding other ciphers could help us in the vague sense that providing more secure primitives is never a bad thing. Threefish is generally regarded as being secure by a large margin.

On top of that, implementing Threefish would allow us to implement Skein as well, which is a well regarded hashing function. The same logic applies; Skein was a finalist (runner-up?) in the SHA-3 competition.

Is Point Castle able to read and write RSA PEM files? I need to turn a PEM file created with Bouncy Castle back into a RSA Public Key.

Hello @mwcw

Can you please create a new release on pub.dev ? Recently, there have been a few PRs that have been closed.

Regards

dart:typed_data _ByteDataView.getUint32
package:pointycastle/src/ufixnum.dart 221:28 unpack32
package:pointycastle/src/ufixnum.dart 450:17 Register64.unpack
package:pointycastle/digests/blake2b.dart 216:13 Blake2bDigest._compress
package:pointycastle/digests/blake2b.dart 144:9 Blake2bDigest.update
package:ckb_sdk_dart/src/crypto/blake2b.dart 20:20 Blake2b.update
test/crypto/blake2b_test.dart 12:17 main..

RangeError (byteOffset): Invalid value: Not in range 0..28, inclusive: 36

And my code is

test('Blake2b hash with update', () {
      var blake2b = Blake2b();
      for (var i = 0; i < 100; i++) {
        blake2b.update(hexToList(
            'a79f3207ea4980b7fed79956d5934249ceac4751a4fae01a0f7c4a96884bc4e3'));
      }
      expect(blake2b.doFinalString(),
          '0x44f4c69744d5f8c55d642062949dcae49bc4e7ef43d388c5a12f42b5633d163e');
    });



Blake2b({int digestSize = 32}) {
    _blake2bDigest = Blake2bDigest(
        digestSize: digestSize,
        personalization: utf8.encode(CkbHashPersonalization));
  }

  void update(Uint8List input) {
    _blake2bDigest.update(input, 0, input.length);
  }

  Uint8List doFinal() {
    var out = Uint8List(_blake2bDigest.digestSize);
    var len = _blake2bDigest.doFinal(out, 0);
    return out.sublist(0, len);
  }

The same blake2b test case work well in Java language with bouncycastle library.

Can you help me? Thanks.

I tried port below PHP script but no chance. Could someone help me for converting to dart ?

I am trying to encrypt and decrypt a string that is large then the blockSize. I can encrypt it but I can't decrypt the resulting ciphertext. The same basic code works in the java version of Bouncy Castle.

Coding on Android Studio for a Samsung Galaxy S10 via a Windows 10 Pro box.

update to date versions of libraries.

Hi,

What has happened is that the "pana" tool has been updated and takes new arguments.

This causes travis ci to fail.

I have pushed an update to the Travis config file but there is some delay in travis picking that up.

I'll check back on Tuesday morning UTC +10 (Melbourne AU) time.

Hope everyone is going ok during the pandemic.

MW

I was curious about my usage of the FortunaRandom class and wanted to check if I used it correctly. I did a bit of digging and read through a fair part of the description by Bruce Schneier (https://www.schneier.com/wp-content/uploads/2015/12/fortuna.pdf) as well as the implementation in PointyCastle.

From what I can tell, the implementation in PointyCastle does not (entirely) follow the algorithm as described by Schneier. I'm wondering if this is intentional or whether I'm missing something?

Things I'm missing specifically:

• Different pools of entropy from where the block cipher is reseeded (re-keyed).
• Updating the pools of entropy.

Given how much non-owners have contributed to this library, I think it's useful to provide a scaffold for contributions to this library. Notably, thus far, AES-GCM, ChaCha20, HKDF, Poly1305, ASN1, and Keccak/SHA-3 separation have all been recently contributed by people who were not maintainers of the project. Regularizing contributions to the library thus has significant value.

As for what it would include, I imagine it to be a sort of guide: we could have instructions for porting from BouncyCastle, instructions for tests, etc. I have a lot of experience with some of the issues that we run into porting from java (most notably, the lack of different integer sizes). The internal APIs in PointyCastle also differ somewhat significantly from those in Bouncy Castle.

Dart is migrating to Non-Nullable By Default. This should speed up PointyCastle significantly when it is compiled AOT, so we should begin migrating this library soon.

The feature is still in preview, so there's no hurry, but it's worth considering. We could use bc-kotlin as a model for the transition.

https://medium.com/dartlang/announcing-sound-null-safety-defd2216a6f3

Hello, is there an example of ECDSA algorithm?

pc-dart support rsa/ecb/oaepwithsha-256andmgf1padding? I hope we can encrypt with pc-dart and decrypt with Java.

The same issue is open here

Hello

have you an equivalence with js code (bold section)
the need is to decrypt an Encrypted data (String) with a passphrase (String)

export function decryptPrivateKey(data, passphrase) {
const key = sha3.sha3_256.array(passphrase)
const dataArray = Buffer.from(
typeof data === 'string' ? hexToUint8Array(data) : new Uint8Array(data)
)
const decipher = crypto.createDecipheriv(
'aes-256-gcm',
key,
dataArray.slice(0, 12)
)
decipher.setAuthTag(dataArray.slice(dataArray.length - 16))
const decrypted = [
...decipher.update(dataArray.slice(12, dataArray.length - 16)),
...decipher.final(),
]
return toHexString(decrypted)
}

Hi,

Release Candidate 1 of Pointy Castle 2.0.0 has been release.

Please try it out.

I would like to move through the rc phase reasonable quickly so we can get the 2.0.0 release out and move forward from there.

https://pub.dev/packages/pointycastle/versions/2.0.0-rc1

MW

This library has always had an issue with documentation. I figured that I might take a crack at the issue; my work is at https://akushwarrior2.gitbook.io/pointycastle-a-guide/.

Not especially notable or anything, but I figured there should be a place for you guys to track my progress.

As I browse through the algorithms, I've noticed that certain files (src/utils.dart, src/ufixnum.dart, src/registry/registry.dart) are imported by nearly every algorithm. If we create a simple internal library that exports all of these files, we can probably clean up imports (import one thing instead of 3-4).

This library could also use typedefs to better match up with Java types (e.g. Array -> List, Long -> Int64, Int -> Int32). The latter two match up with https://pub.dev/packages/fixnum (#25)

I can think of other uses for this "internal library": extension methods to match common cryptographic applications, or defining classes that are used in BC but not available in PC (Pack, for example).

Note that the second paragraph is dependent on dart-lang/language#65, which should come out in a couple months or so. Since this issue is decidedly high-level and not strictly necessary, that about matches my suggested timeline for implementation.

Hi there:

Just wanted to notify you that I have archived https://github.com/PointyCastle/pointycastle . It was still open for modification and people were still sending PRs and opening issues.

I redirected all of them here, but archiving the repo and writing a message in its README should do the trick much better.

I tried to contact @stevenroose to confirm that I could archive the repo but I haven't got any answer from him yet, so I decided to do it anyway after creating an issue to notify all subscribers and haven't received any comment from anybody in a week or so.