DecryptionOptions class
Configuration for controlling how a decryption request is executed.
Decryption is performed using the key material currently stored on the device. The plugin automatically selects the appropriate algorithm based on the active key mode (RSA, EC signing-only, or Hybrid EC).
Supported Algorithms
RSA Decryption
- Uses RSA/ECB/PKCS1Padding on Android, iOS, and macOS.
EC Decryption (ECIES)
- Uses ECIES with ANSI X9.63 KDF (SHA-256) and AES-128-GCM.
- Android:
- ECIES is implemented manually (ECDH → X9.63 KDF → AES-GCM).
- The software EC private key is stored in app-private files (encrypted), and unwrapped at runtime using a biometric-protected AES-256 master key stored inside Keystore/StrongBox.
- iOS/macOS:
- ECIES is performed natively using
SecKeyAlgorithm.eciesEncryptionStandardX963SHA256AESGCM.
- ECIES is performed natively using
Payload Format
The encrypted payload must be Base64-encoded:
-
RSA: A standard PKCS#1 RSA block.
-
EC (ECIES):
ephemeralPubKey(65 bytes) || ciphertext || gcmTag(16 bytes)
The plugin validates and parses this structure automatically.
Constructors
- DecryptionOptions({required String payload, String? promptMessage, AndroidDecryptionOptions? androidOptions, IosDecryptionOptions? iosOptions, MacosDecryptionOptions? macosOptions})
-
Creates a new DecryptionOptions instance.
const
Properties
- androidOptions → AndroidDecryptionOptions?
-
Android-specific biometric and prompt configuration.
final
- hashCode → int
-
The hash code for this object.
no setterinherited
- iosOptions → IosDecryptionOptions?
-
iOS-specific configuration, including optional migration of legacy keys.
final
- macosOptions → MacosDecryptionOptions?
-
macOS-specific configuration.
final
- payload → String
-
Base64-encoded encrypted payload.
final
- promptMessage → String?
-
Optional custom message shown in the biometric authentication prompt.
final
- runtimeType → Type
-
A representation of the runtime type of the object.
no setterinherited
Methods
-
noSuchMethod(
Invocation invocation) → dynamic -
Invoked when a nonexistent method or property is accessed.
inherited
-
toMethodChannelMap(
) → Map< String, dynamic> - Converts this object to a map suitable for method-channel transport.
-
toString(
) → String -
A string representation of this object.
inherited
Operators
-
operator ==(
Object other) → bool -
The equality operator.
inherited