Skip to content
Fasq Flutter Async State Docs Home pub.dev

Fasq Security Model

Security Scope

Section titled “Security Scope”

This guide explains what Fasq security features are designed to protect, how encryption is applied, and where application-level responsibility still matters.

  • Confidentiality for cached and persisted query payloads.
  • Integrity checks for encrypted payload tampering.
  • Secure key material handling through platform key stores.

Fasq does not replace your API authorization layer, transport security, or business-domain access controls.

Platform Key Storage Backends

Section titled “Platform Key Storage Backends”

Fasq security integrations rely on platform-provided secure storage for high-value key material.

  • iOS and macOS: System Keychain with Secure Enclave-backed protection where available on device hardware.
  • Android: Android Keystore with hardware-backed storage when the device supports TEE or StrongBox.

Hardware-backed capability is device-dependent. On devices without hardware-backed storage, platform software keystore protections are used.

Encryption Design

Section titled “Encryption Design”

For secure query paths (isSecure: true) and encrypted persistence flows:

  • Symmetric encryption uses AES-GCM with 256-bit keys.
  • Per-encryption random IV (96-bit nonce) generation is required.
  • Authentication tag verification happens before decrypted payload use.

High-level flow:

  1. Serialize typed query payload.
  2. Encrypt payload with AES-GCM and generated IV.
  3. Store ciphertext + IV + authentication tag.
  4. Verify tag and decrypt on read.

Key Hierarchy and Rotation Caveats

Section titled “Key Hierarchy and Rotation Caveats”

Fasq security uses a master-key-driven model for deriving or protecting operational data keys.

  • Master key lifecycle is tied to secure platform storage.
  • Data key usage is scoped to payload/database encryption operations.
  • Manual rotation strategy should be planned per app compliance requirements.

Rotation caveat: rotating keys without a migration plan can make previous encrypted cache/persistence data unreadable.

Operational Guidance

Section titled “Operational Guidance”
  • Avoid logging secure payloads, keys, IVs, or tags.
  • Prefer short-lived sensitive cache entries (staleTime, cacheTime, persistence filters).
  • Document fallback behavior for devices that do not offer hardware-backed key storage.
  • Validate encrypted persistence recovery paths during app cold-start and upgrade tests.
Section titled “Related Docs”