I made an iOS & Android app in Flutter...
We need to do some client-side encryption to pass data securely for a face-id SDK integration we're using.
We have both public and private keys.
Currently I'm doing the encryption like this:
final publicPem =
await rootBundle.loadString('keys/public-key.pub');
final publicKey = e_package.RSAKeyParser().parse(publicPem) as RSAPublicKey;
final privPem =
await rootBundle.loadString('keys/private-key.pem');
final privKey =
e_package.RSAKeyParser().parse(privPem) as RSAPrivateKey;
final encrypter = e_package.Encrypter(
e_package.RSA(publicKey: publicKey, privateKey: privKey));
final encrypted = encrypter.encrypt(plainText);
final decrypted = encrypter.decrypt(encrypted);
print('DECRYPTED IS: ' +
decrypted);
print('ENCRYPTED IS: ' + encrypted.base64);
The keys directory is added to the pubspec.yaml like so:
flutter:
assets:
- assets/
- keys/
This is working... but is it safe to store my private key in the file keys/private-key.pem client side?
Is there a more secure way to store private keys? Or is this fine?
Thank you guys all in advance!
