Feature request: public key encryption

[westracer]

Hi.

I'd like to see a counterpart to the "decrypt" function in this package. I understand that for a normal use case of this package, the server is supposed to encrypt the data by the client's public key and send it back, but, for my use case, I'd like to encrypt some data directly on the client, that data would stay on the client without transferring it anywhere (e.g. in shared prefs), and later, after the user is authenticated via biometrics to access the private key, the data would get decrypted.

Do you think it's reasonable to have that implemented in the package or not?

Thank you

[chamodanethra]

Hi @westracer ,

Thank you for the feature request! Your use case for local data protection (encrypting sensitive info on-device to be decrypted only after biometric auth) is definitely a standard scenario that this plugin could support.

Currently, the plugin focuses on operations that require the hardware-backed private key (Signing and Decryption), which is why those methods trigger the biometric prompt. Public key encryption, by contrast, doesn't require user authentication.

You can technically achieve this today by taking the publicKey returned from createKeys() or getKeyInfo() and using a Dart-side library like pointycastle to encrypt your data.

However, I think it is reasonable to add an encrypt helper to the package for a few reasons including developer experience and consistency.