Using key derivators - ivan-zaera/cipher GitHub Wiki

A KeyDerivator is an algorithm capable of converting a password or some other low entropy data into random data. They are usually used to derive keys for symmetric ciphers from user passwords, and also to store passwords into databases in a format that cannot be reversed but still makes it possible to check credentials.

Usually, a key derivator is designed to consume a big amount of RAM and/or CPU (in the order of milliseconds, for example) to make password attacks impossible or very difficult.

To use a key derivator you can use the following code:

    var salt = new Uint8List.fromList([0x00, 0x01, 0x02, 0x03]);
    var params = new Pbkdf2Parameters(salt, 100, 16);
    var keyDerivator = new KeyDerivator("SHA-1/HMAC/PBKDF2")
      ..init( params )
    ;
    
    var passwordBytes = inputPasswordBytes();
    
    var key = keyDerivator.process( passwordBytes );
    
    outputPasswordDerivedKey( key );        

In general, you construct the KeyDerivator with the factory constructor which receives the standard algorithm name and then init() the cipher with its corresponding CipherParameters. See Algorithm nomenclature for documentation on standard algorithm names.

The type of CipherParameters to be used depends on the algorithm. For the example (SHA-1/HMAC/PBKDF2) it consists of a salt and the parameters needed by the PBKDF2 function but, for other algorithms, it can specify different data. See the Table of provided algorithms to get information on which CipherParameters to use for the algorithm of your choice.

To derive a key you make a call to process() with the password bytes and a buffer with the derived key bytes is returned. Alternatively, if you want more performance, you can use the deriveKey() method which doesn't create the output buffer.