tom_crypto

tom_crypto · v1.0.1

Cryptographic building blocks for Tom: JWT tokens, Argon2 password hashing, and RSA encryption, signing, and key management for secure authentication and data protection.

View repository → See License

Status

Published

LOC

588

Tests

Test LOC

Overview

`tom_crypto` collects the cryptographic primitives Tom's authentication and security code relies on. It issues and verifies JWT tokens with HMAC or RSA signing and encrypted payloads, and hashes passwords with Argon2 for secure storage. For asymmetric work it provides RSA encryption with OAEP padding, digital signatures, and key management — generation plus PEM parsing and encoding in PKCS#1 and PKCS#8. Together these give the framework a consistent set of crypto operations to build identity and security features on.

What it enables

Enables JWT authentication tokens, Argon2 password hashing, RSA encryption and signing, Key generation and parsing.

Relationships

Standalone — no declared relationships.

Documentation

Authored guides (.md)

📄

CHANGELOG.md CHANGELOG.md

📄

README.md README.md

📄

crypto.md doc/crypto.md

📜

license.md LICENSE

API

API surface / generated

❮❯

api .gen/api/tom_crypto.json

Tom Crypto

Cryptographic utilities for secure authentication and data protection.

Features

**JWT Tokens** - Token-based authentication with HMAC/RSA signing and encrypted payloads
**Password Hashing** - Secure password storage using Argon2 algorithm
**RSA Encryption** - Asymmetric encryption with OAEP padding and digital signatures
**RSA Key Management** - Key generation, PEM parsing/encoding (PKCS#1 and PKCS#8)

Getting Started

Add the package to your `pubspec.yaml`:

dependencies:
  tom_crypto: ^1.0.0

Usage

Password Hashing

import 'package:tom_crypto/tom_crypto.dart';

// Hash a password
final (hash, spec) = TomPasswordHasher.hashPassword('userPassword123');

// Store both hash and spec in your database
await db.saveUser(passwordHash: hash, hashSpec: spec);

// Verify the password later
if (TomPasswordHasher.verifyPassword('userPassword123', hash, spec)) {
  print('Login successful!');
}

JWT Tokens

import 'package:tom_crypto/tom_crypto.dart';

// Server: Create a token
final token = TomServerJwtToken(
  {'userId': '123', 'role': 'admin'},
  encryptedData: {'permissions': ['read', 'write', 'delete']},
  expiresIn: Duration(hours: 24),
);
final jwtString = token.getJWT('my-auth-server');

// Client: Parse the token
final clientToken = TomClientJwtToken(jwtString);
print('User ID: ${clientToken.payload?['userId']}');
print('Permissions: ${clientToken.secretData?['permissions']}');

RSA Encryption

import 'package:tom_crypto/tom_crypto.dart';
import 'dart:convert';
import 'dart:typed_data';

// Generate keys
final secureRandom = RsaKeyHelper.getSecureRandom();
final keyPair = await RsaKeyHelper.computeRSAKeyPair(secureRandom);
final publicKey = keyPair.publicKey as RSAPublicKey;
final privateKey = keyPair.privateKey as RSAPrivateKey;

// Encrypt
final plaintext = utf8.encode('Secret message');
final encrypted = rsaEncrypt(publicKey, Uint8List.fromList(plaintext));

// Decrypt
final decrypted = rsaDecrypt(privateKey, encrypted);
final message = utf8.decode(decrypted);

Core Components

Component	Purpose	Key Features
`jwt_token.dart`	Token-based authentication	HMAC/RSA signing, encrypted payloads
`password_hashing.dart`	Secure password storage	Argon2 algorithm, configurable parameters
`rsa_encryption.dart`	Asymmetric encryption	OAEP padding, digital signatures
`rsa_tools.dart`	RSA key management	Key generation, PEM parsing/encoding

Additional Information

This package is part of the TOM Framework. It depends on: - `tom_basics` - Basic utilities including exception handling

License

BSD-3-Clause - See [LICENSE](LICENSE) for details.

License

BSD 3-Clause License

Copyright (c) 2026, Various unknown authors from the internet and Alexis Kyaw
All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this
   list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice,
   this list of conditions and the following disclaimer in the documentation
   and/or other materials provided with the distribution.

3. Neither the name of the copyright holder nor the names of its
   contributors may be used to endorse or promote products derived from
   this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.