I'm writing a little library using the dart pointycastle library (based on the java bouncycastle).
The libraries don't include any methods for writing a private key to disk.
So I need to write the key to disk after first encrypting it with a pass phrase.
The approach I've taken is to:
- encode each component of the key (modulus, exponent...) as a base64 string (converted from a bigint)
- write each base 64 encoded component to a common string
- encrypt the common string using AES
- base64 encode the results
- write the base 64 encoded results to a file.
Is this considered a secure way to store a private key.
I've found this code that I'm using to stretch the passphrase to 128 bits:
Key stretch(int desiredKeyLength,
{int iterationCount = 100, Uint8List salt}) {
if (salt == null) {
salt = SecureRandom(desiredKeyLength).bytes;
}
final params = Pbkdf2Parameters(salt, iterationCount, desiredKeyLength);
final pbkdf2 = PBKDF2KeyDerivator(Mac('SHA-1/HMAC'))..init(params);
return Key(pbkdf2.process(_bytes));
}
Is this adequate?