sdk icon indicating copy to clipboard operation
sdk copied to clipboard

Published 20 hours ago verified publisher icon dart-lang

Datagram Transport Layer Security (DTLS) implementation

Open benfgit opened this issue 5 years ago • 7 comments

I need secure UDP connection between server and client both written in Dart. If DTLS can be implemented in dart:io, it can prevent developers from implementing a security protocol on top of UDP from stratch. This could be very useful for real-time comunication Flutter apps and games.

From DTLS spec

An increasing number of application layer protocols have been designed that use UDP transport. In particular, protocols such as the Session Initiation Protocol (SIP) [SIP] and electronic gaming protocols are increasingly popular. (Note that SIP can run over both TCP and UDP, but that there are situations in which UDP is preferable.) Currently, designers of these applications are faced with a number of unsatisfactory choices. First, they can use IPsec [RFC4301]. However, for a number of reasons detailed in [WHYIPSEC], this is only suitable for some applications. Second, they can design a custom application layer security protocol. Unfortunately, although application layer security protocols generally provide superior security properties (e.g., end-to-end security in the case of S/MIME), they typically require a large amount of effort to design -- in contrast to the relatively small amount of effort required to run the protocol over TLS.

In many cases, the most desirable way to secure client/server applications would be to use TLS; however, the requirement for datagram semantics automatically prohibits use of TLS. This memo describes a protocol for this purpose: Datagram Transport Layer Security (DTLS). DTLS is deliberately designed to be as similar to TLS as possible, both to minimize new security invention and to maximize the amount of code and infrastructure reuse.

benfgit avatar Sep 10 '20 09:09 benfgit

Would appreciate if this was implemented also, so it could be used in flutter.

userABCD-ship-it avatar Jun 30 '21 10:06 userABCD-ship-it

+1

Having DTLS in dart:io would also be great for secure communication with IoT devices.

JKRhb avatar Jan 06 '22 04:01 JKRhb

FYI: In the meantime, there are two approaches for DTLS in Dart available in "userland" based on FFI bindings: Two libraries based on OpenSSL (dtls and its spiritual successor dtls2) and one based on Eclipse tinydtls (dart_tinydtls).

While the OpenSSL packages only provide client-side implementations for now, dart_tinydtls also provides a server implementation. However, I am currently working on also supporting the server side in dtls2, based on my prior work in dart_tinydtls[^1].

Both approaches still have some limitations, but are already relativly stable. If you find the time to try them out, I would appreciate your feedback very much :) Maybe the OpenSSL bindings and the APIs could also be adapted to bring DTLS support to the Dart SDK itself one day.

[^1]: Since the first dtls package has been discontinued, I decided to fork it and port some of the code from dart_tinydtls (where I am one of the maintainers) to it.

JKRhb avatar Jan 09 '23 05:01 JKRhb

While the OpenSSL packages only provide client-side implementations for now, dart_tinydtls also provides a server implementation.

Small update: dtls2 now also offers support for a DTLS server.

JKRhb avatar Jan 26 '23 22:01 JKRhb

We have started a pure dart dtls implementation on this repo:

  • https://github.com/Kellykinyama12/dart-pure-dtls Request for support on the project

Kellykinyama12 avatar Oct 03 '24 06:10 Kellykinyama12

A pure dart dtls server implementation: https://github.com/KellyKinyama/dart-tls

KellyKinyama avatar Feb 26 '25 09:02 KellyKinyama

I implemented webrtc stack in pure dart. WebRTC extensively uses dtls to extract encryption keys https://github.com/KellyKinyama/dart-webrtc/blob/master/bin/srtp_webrtc2.dart

KellyKinyama avatar Jun 06 '25 12:06 KellyKinyama