How to encrypt a string and decrypt this encrypted string in other device in flutter?

Question

I found encrypt package for flutter to encrypt and decrypt a message, I succeded to encrypt and decrypt but don't succeded to use this in a cas of separated device like illustrated.

Here is an example, where I compose a plaintext with a static string and a random number, it permit to change the generated key and when I decrypt, found the static string with regex match

var number = new Random();

 var random= number.nextInt(100); 

  final plainText = 'static_name$random';

  final key = Key.fromLength(16);
  final iv = IV.fromLength(8);
  final encrypter = Encrypter(AES(key));

  final encrypted = encrypter.encrypt(plainText, iv: iv);
  final decrypted = encrypter.decrypt(encrypted, iv: iv);

  print(encrypted.base64);//my plaintext is encrypted fesesgesgneslg465esg6es4g
  print(decrypted); //my random plaintext is decrypted static_name$rnd

  //my regex match function

Currently I don't find how to enter my encrypted key ( fesesgesgneslg465esg6es4g) I serach to do something like that

//---------on press I generate a random key that I encrypt---- var rng = new Random();

 var rnd= rng.nextInt(100); //choisir le nombre max de contenu de la catégorie

  final plainText = 'static_name$rnd';

  final key = Key.fromLength(16);
  final iv = IV.fromLength(8);
  final encrypter = Encrypter(AES(key));

  final encrypted = encrypter.encrypt(plainText, iv: iv);

//output : 68e4sg68es4ges68g4

//---------the user enter the key(68e4sg68es4ges68g4) on a second device ----

encrypted=68e4sg68es4ges68g4;

  final key = Key.fromLength(16);
  final iv = IV.fromLength(8);
  final encrypter = Encrypter(AES(key));

final decrypted = encrypter.decrypt(encrypted, iv: iv);
  print(decrypted);

I can't found how to decrypt my key ( 68e4sg68es4ges68g4)

In few word I succeded to encrypt and decrypt automatically an input but don't succeded to manually add the generated key to the decrypt function.

Answer 1

There's a serious problem with how you are trying to use the encrypt package. By using Key.forLength() you are basically using a key of 0000000....000. The same for IV. That's not a very secure key!

When using a crypto system between two different machines you need to find some way to share the key between them - the so-called "shared secret". You might generate this from a "passphrase" using, for example, PKKDF2. Or you could just compile a random byte string into the code, but expect that an attacker could reverse-engineer your code.

Using AES, you should not use the same IV twice with the same key, which is why cryptosystems typically generate a key and an initial IV uniquely during the key exchange, and then use something (like a message sequence number) to change the IV for each message that's encrypted with that one key.

For test purposes, like yours, you might want to generate a fixed 16 bit key and fixed 16 bit IV using a random number generator like this. Then use the .fromBase64() constructors.

var key = Key.fromBase64('yE9tgqNxWcYDTSPNM+EGQw=='); // obviously, insert your own value!
var iv = IV.fromBase64('8PzGKSMLuqSm0MVbviaWHA==');

Use the same values for key and IV in the encrypting and decrypting app.

Answer 2

You can use this method:

String encrypted = "68e4sg68es4ges68g4";
    
final decrypted = encrypter.decrypt(encrypt.Encrypted.fromBase64(encrypted),iv:iv);