createSaltedVerificationKey static method
Creates a salted verification key.
Pass this key to server as part of user registration request.
WARNING: If safePrime is not provided, the default safe prime provided
by dsrp is used. This should NOT be done in production. You are encouraged
to generate your own safe prime instead to reduce the chance of a
pre-computed attack on common safe primes impacting your users.
If kdf is not provided, Argon2id is used since it is slow and
hence relatively secure. Alternatively, provide customKdf to use a
custom KDF implementation (cannot provide both kdf and customKdf).
If salt is not provided then a 32-byte random salt is generated.
Only provide userId if you want derivation of the user private key to
include it, as is done in the RFC5054 standard. Not including the user ID
means if the ID changes, the user private key will need to be regenerated
and the user registration process repeated. When key derivation excludes
the user ID, re-registration is only needed if the password changes.
Another option is to provide a unique, fixed userId (e.g., a UUID, user
database index, etc.) that is different from the user-chosen ID. That
allows the user to change their login ID while their internal user ID
remains constant.
For improved security, use createSaltedVerificationKeyFromBytes to pass credentials as Uint8List instead of String.
Implementation
static Future<SaltedVerificationKey> createSaltedVerificationKey({
required String password,
String? userId,
BigInt? generator, BigInt? safePrime,
KdfChoice? kdf,
Kdf? customKdf,
Uint8List? salt
}) async {
return createSaltedVerificationKeyFromBytes(
passwordBytes: password.utf8Bytes,
userIdBytes: userId?.utf8Bytes,
generator: generator,
safePrime: safePrime,
kdf: kdf,
customKdf: customKdf,
salt: salt,
);
}