I am trying to send an encrypted request to a specific API in dart, but without success - I don't have any experience with the Dart language.

This are the requirements:

  • The JSON to be sent is encrypted as follows: "AES/CBC/ZeroBytePadding", IV is generated according to SHA1PRNG with a length of 16 bytes.
  • The encrypted bytes are Base64 encoded. This results in the encryptedJson.
  • The hmac is generated from base64 encoded IV and the encryptedJson with "HmacSHA256".
  • A json will be generated: {"value":encryptedJson,"iv":initialisationVector,"mac":hmac}
  • This json will be base64 encoded and sent as an encrypted payload.

Can anyone help me? Thanks in advance!

This is the Dart Code so far.

import 'dart:convert';
import 'dart:core';
import 'package:crypto/crypto.dart' as crypto;
import 'package:encrypt/encrypt.dart' as enc;

String encrypt(String string) {
    // json encryption
    final enc.Key key = enc.Key.fromUtf8(env.get('password'));
    final enc.IV iv = enc.IV.fromSecureRandom(IV_LENGTH);
    final enc.Encrypter encrypter = enc.Encrypter(enc.AES(key, mode: enc.AESMode.cbc));
    final encryptedJson = encrypter.encrypt(string, iv: iv);
    final String IVBase64String = base64.encode(iv.bytes);

    print('encrypted JSON: '+encryptedJson.base64);
    print('decrypted JSON: '+encrypter.decrypt(encryptedJson, iv: iv));

    crypto.Hmac hmacSha256 = new crypto.Hmac(crypto.sha256, key.bytes);
    crypto.Digest sha256Result = hmacSha256.convert(iv.bytes + encryptedJson.bytes);

    print('data: ' + encryptedJson.base64);
    print('iv: ' + IVBase64String);
    print('hmac: ' + sha256Result.toString());

    // Payload
    final encryptedText = "{\"value\":\""+encryptedJson.base64+"\",\"iv\":\""+IVBase64String+"\",\"mac\":\""+sha256Result.toString()+"\"}";

    print('final: ' + jsonEncode(encryptedText));
    return base64.encode(utf8.encode(encryptedText));

This is the JavaExample

import java.io.UnsupportedEncodingException;
import java.util.Base64;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;

import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

public class ApiJavaSample
    private final Cipher cipher;
    private final SecretKeySpec key;
    private static final String TAG = "AESCrypt";
    private static final int IV_LENGTH = 16;
    private String cypher_mode = "AES/CBC/NoPadding";
    private String cypher_mode_iv = "SHA1PRNG";

    public static void main (String[] args)
            ApiJavaSample test = new ApiJavaSample("password");
            String encryptedString = test.encrypt("{\"coupon_key\":\"011205358365\",\"location_id\":\"2\",\"device_key\":\"test_1234\"}");
        catch(Exception e)

    public ApiJavaSample(String password) throws Exception
        // hash password with SHA-256 and crop the output to 128-bit for key
        //MessageDigest digest = MessageDigest.getInstance("SHA-256");
        byte[] keyBytes = password.getBytes();

        cipher = Cipher.getInstance(cypher_mode);
        key = new SecretKeySpec(keyBytes, "AES");

     private String hmacDigest(String msg, String algo)
        String digest = null;
            //SecretKeySpec key = new SecretKeySpec((keyString).getBytes("UTF-8"), algo);
            Mac mac = Mac.getInstance(algo);

            byte[] bytes = mac.doFinal(msg.getBytes("UTF-8"));

            StringBuilder hash = new StringBuilder();
            for (int i = 0; i < bytes.length; i++)
                String hex = Integer.toHexString(0xFF & bytes[i]);
                if (hex.length() == 1)
            digest = hash.toString();
        catch (UnsupportedEncodingException | InvalidKeyException e)
        catch (NoSuchAlgorithmException e)
        return digest;

    public String encrypt(String plainText) throws Exception

        byte[] iv_bytes = generateIv();
        AlgorithmParameterSpec spec = new IvParameterSpec(iv_bytes);
        cipher.init(Cipher.ENCRYPT_MODE, key, spec);
        int blockSize = cipher.getBlockSize();

        while (plainText.length() % blockSize != 0) {
            plainText += "\0";

        byte[] encrypted = cipher.doFinal(plainText.getBytes("UTF-8"));
        String encryptedText = Base64.getEncoder().encodeToString(encrypted);

        String iv_base64_string = Base64.getEncoder().encodeToString(iv_bytes);

        String mac = hmacDigest(iv_base64_string + encryptedText.trim(), "HmacSHA256");

        //JSONObject encryptedJson = new JSONObject();

        //encryptedJson.put("value", encryptedText.trim());
        //encryptedJson.put("iv", iv_base64_string);
        //encryptedJson.put("mac", mac);

        String base64Encrypt = "{\"value\":\""+encryptedText.trim()+"\",\"iv\":\""+iv_base64_string+"\",\"mac\":\""+mac+"\"}";

        return Base64.getEncoder().encodeToString(base64Encrypt.getBytes());

    private byte[] generateIv() throws NoSuchAlgorithmException
        SecureRandom random = SecureRandom.getInstance(cypher_mode_iv);
        byte[] iv = new byte[IV_LENGTH];

        return iv;

Here is my test data:





Solution 1: Topaco

The following has to be changed/optimized in the Dart code:

  • The Java code uses Zero padding. PointyCastle and the encrypt package (a PointyCastle wrapper) do not support Zero padding (to my knowledge). A possible approach for the Dart code is to disable the default PKCS#7 padding in combination with a custom implementation for Zero padding.
  • The Java code applies the Base64 encoded data for the HMAC, while the Dart code uses the raw data. This has to be changed.
  • The Base64 encoding of the IV is obtained more efficiently with iv.base64.

Thus, the code is to be changed as follows:

import 'package:crypto/crypto.dart' as crypto;
import 'package:encrypt/encrypt.dart' as enc;
import 'package:convert/convert.dart';
import 'dart:typed_data';
import 'dart:convert';

String encrypt(String string) {

  final enc.Key key = enc.Key.fromUtf8(env.get('password')); // Valid AES key           
  final enc.IV iv = enc.IV.fromSecureRandom(IV_LENGTH);      // IV_LENGTH = 16          

  final dataPadded = pad(Uint8List.fromList(utf8.encode(string)), 16);
  final enc.Encrypter encrypter = enc.Encrypter(enc.AES(key, mode: enc.AESMode.cbc, padding: null));
  final encryptedJson = encrypter.encryptBytes(dataPadded, iv: iv);

  crypto.Hmac hmacSha256 = crypto.Hmac(crypto.sha256, key.bytes);
  crypto.Digest sha256Result = hmacSha256.convert(utf8.encode(iv.base64 + encryptedJson.base64));

  final encryptedText = "{\"value\":\""+encryptedJson.base64+"\",\"iv\":\""+iv.base64+"\",\"mac\":\""+sha256Result.toString()+"\"}";
  return base64.encode(utf8.encode(encryptedText));

Uint8List pad(Uint8List plaintext, int blockSize){
  int padLength = (blockSize - (plaintext.lengthInBytes % blockSize)) % blockSize;
  if (padLength != 0) {
    BytesBuilder bb = BytesBuilder();
    Uint8List padding = Uint8List(padLength);
    return bb.toBytes();
  else {
    return plaintext;

Test (using a static IV to allow comparison between the ciphertexts of the two codes):

Key:        enc.Key.fromUtf8("5432109876543210")
IV:         enc.IV.fromUtf8("0123456789012345")
Plaintext:  "{\"coupon_key\":\"011205358365\",\"location_id\":\"2\",\"device_key\":\"test_1234\"}"  

After the changes, both codes return the above result for the above input data.


  • Typically, an AES key is a randomly generated byte sequence and not a string. If the key is to be derived from a passphrase/string, a reliable key derivation like PBKDF2 is to be used.
  • Zero padding is unreliable, so the reliable PKCS#7 padding that most libraries use by default should be applied. If the Java code had used PKCS#7 padding, porting would have been easier.
  • For encoding/decoding the charset should be specified (e.g. getBytes(StandardCharsets.UTF_8)), otherwise the default encoding will be used (which might not be wanted).
  • Using the same key for encryption and integrity checking for AES/HMAC is not a pressing security issue, but should be avoided as a preventive measure, see here.
  • The code is partially inefficient, e.g. when concatenating the Base64 encoded data instead of the raw data to determine the HMAC.