Flutter上线项目实战——即时通讯端对端加密(E2E)

Posted 2021-05-28 callme大帅

tags:

篇首语：本文由小常识网(cha138.com)小编为大家整理，主要介绍了Flutter上线项目实战——即时通讯端对端加密(E2E)相关的知识，希望对你有一定的参考价值。

1.背景知识

数字签名算法EdDSA: ed25519
密钥交换算法ECDH: x25519
加密算法AES
参考阅读: http://www.freebuf.com/articles/database/113855.html

2.设计思路

>> image link

3.流程代码

引入加解密库

cryptography: ^1.4.0

主流程

  static Future<void> mainLogic() async {
    // User A 生成密钥
    var keyPairEd25519App1 = await ed25519.newKeyPair();
    var keyPairX25519App1 = await x25519.newKeyPair();
    // User B 生成密钥
    var keyPairEd25519App2 = await ed25519.newKeyPair();
    var keyPairX25519App2 = await x25519.newKeyPair();
    
    // User A通过 ed25519 密钥对对 x25519 的公钥进行签名
    var signature1 = await EncryptUtil.sign(keyPairX25519App1.publicKey.bytes, keyPairEd25519App1);
    // User B通过 ed25519 密钥对对 x25519 的公钥进行签名
    var signature2 = await EncryptUtil.sign(keyPairX25519App2.publicKey.bytes, keyPairEd25519App2);
    
    // User A验证签名
    var publicKeyEd25519App2 = base64.encode(keyPairEd25519App2.publicKey.bytes);
    var publicKeyX25519App2 = base64.encode(keyPairX25519App2.publicKey.bytes);
    var isMatch1 = await EncryptUtil.verify(publicKeyEd25519App2, publicKeyX25519App2, signature2);
    assert(isMatch1);
    // User B验证签名
    var publicKeyEd25519App1 = base64.encode(keyPairEd25519App1.publicKey.bytes);
    var publicKeyX25519App1 = base64.encode(keyPairX25519App1.publicKey.bytes);
    var isMatch2 = await EncryptUtil.verify(publicKeyEd25519App1, publicKeyX25519App1, signature1);
    assert(isMatch2);

    // User A 生成共享密钥
    var commomKey1 = await EncryptUtil.sharedSecret(keyPairX25519App1.privateKey, publicKeyX25519App2);
    L.d('app1 计算共享密钥: ${base64.encode(sc1)}');
    // User B 生成共享密钥
    var commomKey2 = await EncryptUtil.sharedSecret(keyPairX25519App2.privateKey, publicKeyX25519App1);
    L.d('app2 计算共享密钥: ${base64.encode(sc2)}');
    assert(base64.encode(commomKey1) == base64.encode(commomKey2));
    
    
    // User A 加密消息
    SecretKey secretKey = SecretKey(base64.decode(commonKey1));
    Nonce nonce = Nonce.randomBytes(12);
    List<int> message = utf8.encode('要加密的消息');
    Uint8List encrypted = await EncryptUtil.encrypt(message, secretKey, nonce);
    // 发送加密消息
    String nonceString = nonce.bytes.toString();
    String body = base64Encode(encrypted);
    sendMsg(body, nonceString);
    
    // User B 解密
    SecretKey secretKey = SecretKey(base64.decode(commonKey2));
    Nonce nonce = await getNonceByString(nonceString);
    Uint8List decrypted = await EncryptUtil.decrypt(base64Decode(body), secretKey, nonce);
    // 打印明文
    String result = utf8.decode(decrypted);
  }

元子操作

class EncryptUtil {
  // 根据本地密钥和远程公钥，计算出共享密钥
  static Future<List<int>> sharedSecret(PrivateKey localPrivateKey, String remotePublicKey) async {
    PublicKey pk = PublicKey(base64.decode(remotePublicKey));
    // We can now calculate a shared 256-bit secret
    SecretKey sharedSecret = await x25519.sharedSecret(
      localPrivateKey: localPrivateKey,
      remotePublicKey: pk,
    );

    List<int> secretBytes = await sharedSecret.extract();
    return secretBytes;
  }

  /// 用 ED25519 key pair 对 X25519 publicKey 签名
  static Future<String> sign(List<int> publicKeyX25519, KeyPair keyPairEd25519) async {
    // Sign
    Signature signature = await ed25519.sign(publicKeyX25519, keyPairEd25519);

    return base64.encode(signature.bytes);
  }

  /// 验证公钥与签名是否匹配
  static Future<bool> verify(publicKeyEd25519, publicKeyX25519, String signature) async {
    PublicKey pk = PublicKey(base64.decode(publicKeyEd25519));
    Signature s2 = Signature(base64.decode(signature), publicKey: pk);
    bool isSignatureCorrect = await ed25519.verify(base64.decode(publicKeyX25519), s2);
    return isSignatureCorrect;
  }

  /// AES-CTR加密消息， 并附加Hmac签名
  static Future<Uint8List> encrypt(Uint8List byte, SecretKey secretKey, Nonce nonce) async {
    CipherWithAppendedMac cipher = CipherWithAppendedMac(aesCtr, Hmac(sha512));
    Uint8List encrypted = await cipher.encrypt(
      byte,
      secretKey: secretKey,
      nonce: nonce,
    );
    return encrypted;
  }

  /// AES-CTR解密消息， 并验证Hmac签名
  static Future<Uint8List> decrypt(Uint8List encrypted, SecretKey secretKey, Nonce nonce) async {
    CipherWithAppendedMac cipher = CipherWithAppendedMac(aesCtr, Hmac(sha512));
    Uint8List decrypted = await cipher.decrypt(
      encrypted,
      secretKey: secretKey,
      nonce: nonce,
    );
    return decrypted;
  }
  
  static Future<Nonce> getNonceByString(String nonceStr) async {
    String str = nonceStr.substring(1, nonceStr.length - 1);
    List nonceList = str.split(',');
    List<int> nonceResult = [];
    for (int i = 0; i < nonceList.length; i++) {
      nonceResult.add(int.parse(nonceList[i]));
    }
    Nonce nonce = Nonce(nonceResult);
    return nonce;
  }
}

完结，撒花🎉

以上是关于Flutter上线项目实战——即时通讯端对端加密(E2E)的主要内容，如果未能解决你的问题，请参考以下文章

Flutter上线项目实战——即时通讯Protobuf

论如何设计一款端对端加密通讯软件

COAP协议 - arduino ESP32 M2M（端对端）通讯与代码详解

Flutter高仿微信项目开源-具即时通讯IM功能

十分钟利用环信WebIM-vue3-Demo，打包上线一个即时通讯项目含音视频通话