joshi-stuff / cipher Goto Github PK

In the project's wiki

Given that current implementations have been ported from Java it could be the case that they work for the tests but fail for boundary conditions (due to overflows or things like that).

I want to make sure that the current algorithms don't suffer these issues.

This allows using a BlockCipher in CTR mode as a pure StreamCipher

If you call initCipher() more than once an exception is thrown. This should be fixed as discussed here: [https://groups.google.com/a/dartlang.org/d/topic/misc/_ko-kPSmvPc/discussion]

Create dartdoc for implementations of algorithms

See https://en.wikipedia.org/wiki/AEAD_block_cipher_modes_of_operation for an explanation of what AEAD mode is.

The idea is to avoid the need to call initCipher() before using the library. I'll try to call initCipher() from Registry.create().

Also, it would be good to redesign initCipher() so that it can be tweaked to load only the algorithms used. This is a good starting point: http://blog.sethladd.com/2013/04/lazy-load-libraries-in-dart.html

Implement elliptic curve signatures (http://en.wikipedia.org/wiki/Elliptic_Curve_DSA)

Create an ext.dart library with the API for extending cipher (so that it does not appear in api.dart).

Refactor factories as a class instead of many hashmaps and functions.

This will make, IMO, things clearer and easier to use and maintain.

Create the command line tool and add the benchmark functionality to begin with (later we will add cipher, decipher, digest, etc. functions).

Port AES fast benchmark to this framework/tool.

This could be used both in server and client if properly abstracted, but it would have the problem that it requires user intervention. On the other hand it would be a truly secure method.

Feature request. Scrypt is a key deriviation function often used in the light of cryptocurrencies.
A Java implementation of scrypt can be found ar BouncyCastle: org.bouncycastle.crypto.generators.SCrypt

I have not yet run tests on Javascript, just in the VM. This should be tested.

I need it for scrypt.

Implement missing digests from BouncyCastle

Did you skip the ECPoint.Fp() method from BouncyCastle on purpose?

There is currently no way to compress an ECPoint, neither using the ECPoint or the ECCurve class.

If compression can be achieved using the ECPoint.createPoint(BigInteger x, BigInteger y, [bool withCompression = false]) method by using uncompressed x and y and setting the flag to true (which I doubt), please specify it in the documentation.

This is a feature request to have an RSA signing algorithm. Specifically, I need to be able to:

• create an RSA public and private key
• send a client the public key
• given a token from the client, sign it with my private key

Thanks!

The benchmark tool should look at the types in init() method of ciphers to figure out how to initialize them so that it can init ciphers of different types.

BC uses a CipherStream, I think.

I'm not sure if Dart has something as a ByteStream that could be underlying this. But it might be cumbersome to split your input data into multiple blocks to use the processBlock() method.

I'm not sure of a Uint8List BlockCipher.processData(Uint8List input) is possible?

This includes all those found in BouncyCastle:

-GCTR
-ECB
-CFB
-OFB

I have already implemented HMAC because I needed it for PBKDFs.

Now is the time to get your package ready for Dart's release.

If you author Dart packages hosted on pub.dartlang.org, please read on for this important call for participation.

Hello Dart package authors! Time to test and stabilize your packages, and get ready for Dart 1.0. Wait, what?! 1.0? Forealz? Not yet, but soon. You can help the community, and new users, have a successful 1.0 launch by following these steps:

1. Please update your Dart Editor and SDK to 0.8.10+8 or later.

2. Update your library's pubspec.yaml with specific version constraints. Please add:

environment:

sdk: ">=0.8.10+6 <2.0.0"

If your package depends on packages produced by the Dart team, like "args", "unittest", "polymer", etc, please use these specific lower and upper bounds:

analyzer: >=0.10.1 < 0.11.0

everything else: >=0.9.0 < 0.10.0

These specific versions protect your package, and more importantly your users, in the face of potential breaking changes in dependencies. Sometime after the 1.0 launch, each package will get its own release cadence.

That's right, the days of 'any' for library packages are over. With a stable SDK, there's no reason to force your users to live on the bleeding edge. Let's all stabilize the Dart community by specifying version dependencies for our libraries.

3. Test your package, and fix any breaks.

4. Bump the version of your package.

If your package is >=1.0: Add +1.0.0 if you introduced a breaking change, add +0.1.0 if you added a feature (and it does not break existing users), or add +0.0.1 if it is a bugfix.

if your package is <1.0: technically anything less than 1.0 can break at any time. However we have found the following scheme is helpful to users of your package: add +0.1.0 if it is a breaking change, otherwise add +0.0.1. If you follow this scheme, let your users know!

5. Publish to pub.dartlang.org! Give yourself a high five for helping launch Dart.

Thank you for your early support and your help to get ready for the launch.

So that encryption of variable sizes can be done in an intuitive way.

We're using this package in the context of a web app (actually a chrome app). The latest version has introduced a dependency on dart:io. We've temporarily pegged our version dependency at 0.4.0.

packages/cipher/entropy/url_entropy_source.dart:9:8: Error: Library not found 'dart:io'.
import "dart:io";

Any chance this dart:io dependency could be removed, or only included from a cipher_io.dart entry-point?

Currently I'm used a modified version internally added to cipher of that library. The patches I've made should be transferred to bignum and cipher should rely on that lib.

Done in commit 6df93a5

Perhaps use Truecrypt's specification.

Refactor tests to create generic tests based on BlockCipher, StreamCipher, Digest, etc. interfaces.

Don't forget bitcoin curve: https://en.bitcoin.it/wiki/Secp256k1

Not too sure about this one: bytes extracted from random.org may be attacked (by eavesdropping or just because random.org may be unfair).

The problem is that, AFAIK, we don't have real sources of randomness in DART.

See http://wiki.openssl.org/index.php/Random_Numbers

Let users do:

var cipher = new BlockCipher("AES/SIC");

We want to be able to do, for example:

var c = new BlockCipher("AES");

instead of:

var c = new AESFastEngine()