Merge branch 'main' into independent

Upgrade dependencies

.github/workflows/cla.yaml

@@ -0,0 +1,36 @@
+name: "CLA Assistant"
+on:
+    issue_comment:
+        types: [created]
+    pull_request_target:
+        types: [opened, closed, synchronize]
+
+jobs:
+    CLAAssistant:
+        runs-on: ubuntu-latest
+        steps:
+            - name: "CLA Assistant"
+              if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
+              # Beta Release
+              uses: contributor-assistant/github-action@v2.2.1
+              env:
+                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+                  # the below token should have repo scope and must be manually added by you in the repository's secret
+                  PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+              with:
+                  path-to-signatures: "signatures/version1/cla.json"
+                  path-to-document: "https://github.com/ente-io/cla/blob/main/CLA.md" # e.g. a CLA or a DCO document
+                  # branch should not be protected
+                  branch: "main"
+                  allowlist: enteio
+
+                  # the followings are the optional inputs - If the optional inputs are not given, then default values will be taken
+                  #remote-organization-name: enter the remote organization name where the signatures should be stored (Default is storing the signatures in the same repository)
+                  remote-repository-name: cla
+                  #create-file-commit-message: 'For example: Creating file for storing CLA Signatures'
+                  #signed-commit-message: 'For example: $contributorName has signed the CLA in #$pullRequestNo'
+                  #custom-notsigned-prcomment: 'pull request comment with Introductory message to ask new contributors to sign'
+                  #custom-pr-sign-comment: 'The signature to be committed in order to sign the CLA'
+                  #custom-allsigned-prcomment: 'pull request comment when all contributors has signed, defaults to **CLA Assistant Lite bot** All Contributors have signed the CLA.'
+                  #lock-pullrequest-aftermerge: false - if you don't want this bot to automatically lock the pull request after merging (default - true)
+                  #use-dco-flag: true - If you are using DCO instead of CLA

CLA.md

@@ -0,0 +1,98 @@
+## Contributor License Agreement
+
+Thank you for your contribution to ente projects.
+
+This contributor license agreement documents the rights granted by contributors
+to Ente Technologies, Inc ("ente"). This license is for your protection as a
+Contributor as well as the protection of ente, its users, and its licensees; you
+may still license your own Contributions under other terms.
+
+In exchange for the ability to participate in the ente community and for other
+good consideration, the receipt of which is hereby acknowledged, you accept and
+agree to the following terms and conditions for Your present and future
+Contributions submitted to ente. Except for the license granted herein to ente
+and recipients of software distributed by ente, You reserve all right, title,
+and interest in and to Your Contributions.
+
+1. Definitions.
+
+   "You" (or "Your") shall mean the copyright owner or legal entity authorized
+   by the copyright owner that is making this Agreement with ente. For legal
+   entities, the entity making a Contribution and all other entities that
+   control, are controlled by, or are under common control with that entity are
+   considered to be a single Contributor. For the purposes of this definition,
+   "control" means (i) the power, direct or indirect, to cause the direction or
+   management of such entity, whether by contract or otherwise, or (ii)
+   ownership of fifty percent (50%) or more of the outstanding shares, or (iii)
+   beneficial ownership of such entity.
+
+   "Contribution" shall mean any original work of authorship or invention,
+   including any modifications or additions to an existing work, that is
+   intentionally submitted by You to ente for inclusion in, or documentation of,
+   any of the products owned or managed by ente (the "Work"). For the purposes
+   of this definition, "submitted" means any form of electronic, verbal, or
+   written communication sent to ente or its representatives, including but not
+   limited to communication on electronic mailing lists, source code control
+   systems, and issue tracking systems that are managed by, or on behalf of,
+   ente for the purpose of discussing and improving the Work, but excluding
+   communication that is conspicuously marked or otherwise designated in writing
+   by You as "Not a Contribution."
+
+2. Grant of Copyright License. Subject to the terms and conditions of this
+   Agreement, You hereby grant to ente and to recipients of software distributed
+   by ente a perpetual, worldwide, non-exclusive, no-charge, royalty-free,
+   irrevocable copyright license to reproduce, prepare derivative works of,
+   publicly display, publicly perform, and distribute Your Contributions and
+   such derivative works.
+
+3. Grant of Patent License. Subject to the terms and conditions of this
+   Agreement, You hereby grant to ente and to recipients of software distributed
+   by ente a perpetual, worldwide, non-exclusive, no-charge, royalty-free,
+   irrevocable (except as stated in this section) patent license to make, have
+   made, use, offer to sell, sell, import, and otherwise transfer the Work,
+   where such license applies only to those patent claims licensable by You that
+   are necessarily infringed by Your Contribution(s) alone or by combination of
+   Your Contribution(s) with the Work to which such Contribution(s) was
+   submitted. If any entity institutes patent litigation against You or any
+   other entity (including a cross-claim or counterclaim in a lawsuit) alleging
+   that your Contribution, or the Work to which you have contributed,
+   constitutes direct or contributory patent infringement, then any patent
+   licenses granted to that entity under this Agreement for that Contribution or
+   Work shall terminate as of the date such litigation is filed.
+
+4. You represent that you are legally entitled to grant the above license. If
+   your employer(s) has rights to intellectual property that you create that
+   includes your Contributions, you represent that you have received permission
+   to make Contributions on behalf of that employer, that your employer has
+   waived such rights for your contributions to ente, or that your employer has
+   executed with ente a separate contributor license agreement substantially
+   similar to this Agreement. If You are a current employee or contractor of
+   ente, then the terms of your existing Employment Agreement or Consulting
+   Services Agreement shall supersede this CLA, and remain in full effect.
+
+5. You represent that each of Your Contributions is Your original creation (see
+   section 7 for submissions on behalf of others). You represent that Your
+   Contribution submissions include complete details of any third-party license
+   or other restriction (including, but not limited to, related patents and
+   trademarks) of which you are personally aware and which are associated with
+   any part of Your Contributions.
+
+6. You are not expected to provide support for Your Contributions, except to the
+   extent You desire to provide support. You may provide support for free, for
+   a fee, or not at all. Unless required by applicable law or agreed to in
+   writing, You provide Your Contributions on an "AS IS" BASIS, WITHOUT
+   WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including,
+   without limitation, any warranties or conditions of title, non-infringement,
+   merchantability, or fitness for a particular purpose.
+
+7. Should You wish to submit work that is not Your original creation, You may
+   submit it to ente separately from any Contribution, identifying the complete
+   details of its source and of any license or other restriction (including, but
+   not limited to, related patents, trademarks, and license agreements) of which
+   you are personally aware, and conspicuously marking the work as "Not a
+   Contribution". Third-party materials licensed pursuant to: [license name(s)
+   here]" (substituting the bracketed text with the appropriate license
+   name(s)).
+
+8. You agree to notify ente of any facts or circumstances of which you become
+   aware that would make these representations inaccurate in any respect.

README.md

@@ -1,20 +1,10 @@
-# 🔥 Warning 🔥
-
-This branch contains untested code that can potentially corrupt your data.
-
-**You <u>should not</u> run this against your main acccount.**
-
-If you are interested in the official release of our desktop app, please ⭐ this repo.
-
----
-
-<br/>
-
 # ente Authenticator
 
 ente's Authenticator app helps you generate and store 2 step verification (2FA)
 tokens on your mobile devices.
 
+[Download now](#-download)
+
 ![App Screenshots](./screenshots/screenshots.png)
 
 ## ✨ Features
@@ -57,23 +47,29 @@ file, that adheres to the above format.
 
 ### Android
 
-This repository's [GitHub releases](https://github.com/ente-io/auth/releases/latest/download/ente-auth.apks) contains APKs, built straight from source. These builds keep themselves updated, without relying on third party stores.
+This repository's [GitHub
+releases](https://github.com/ente-io/auth/releases/latest/download/ente-auth.apks)
+contains APKs, built straight from source. These builds keep themselves updated,
+without relying on third party stores.
 
 You can alternatively install the build from PlayStore.
 
-<a href="https://play.google.com/store/apps/details?id=io.ente.auth">
-  <img width="197" alt="Get it on Google Play" src="https://ente.io/static/ed265c3abdcd3efa5e29f64b927bcb44/e230a/play-store-badge.webp">
+<a href="https://play.google.com/store/apps/details?id=io.ente.auth"> <img
+  width="197" alt="Get it on Google Play"
+src="https://ente.io/static/ed265c3abdcd3efa5e29f64b927bcb44/e230a/play-store-badge.webp">
 </a>
 
 ### iOS
 
-<a href="https://apps.apple.com/us/app/ente-authenticator/id6444121398">
-  <img width="197" alt="Download on AppStore" src="https://user-images.githubusercontent.com/1161789/154795157-c4468ff9-97fd-46f3-87fe-dca789d8733a.png">
+<a href="https://apps.apple.com/us/app/ente-authenticator/id6444121398"> <img
+  width="197" alt="Download on AppStore"
+src="https://user-images.githubusercontent.com/1161789/154795157-c4468ff9-97fd-46f3-87fe-dca789d8733a.png">
 </a>
 
 ### Desktop
 
-Support for desktop platforms (Linux, Mac and Windows) is a [work in progress](https://github.com/ente-io/auth/tree/desktop).
+Support for desktop platforms (Linux, Mac and Windows) is a [work in
+progress](https://github.com/ente-io/auth/tree/desktop).
 
 Please ⭐ this repo to be notified of updates.
 
@@ -81,7 +77,7 @@ Please ⭐ this repo to be notified of updates.
 ## 🔩 Architecture
 
 The architecture that powers end-to-end encrypted storage and sync of your
-tokens has been documented [here](architecture/index.md).
+tokens has been documented [here](architecture/README.md).
 
 
 ## 🧑‍💻 Building from source
@@ -89,31 +85,8 @@ tokens has been documented [here](architecture/index.md).
 1. [Install Flutter](https://flutter.dev/docs/get-started/install)
 2. Clone this repository with `git clone git@github.com:ente-io/auth.git` 
 3. Pull in all submodules with `git submodule update --init --recursive`
-
-### Android 
-```
-flutter build apk --release --flavor independent
-```
-
-### iOS
-```
-flutter build ios
-```
-
-### Linux
-```
-flutter build linux
-```
-
-### MacOS
-```
-fluter build macos
-```
-
-### Windows
-```
-flutter build windows
-```
+4. For Android, run `flutter build apk --release --flavor independent`
+5. For iOS, run `flutter build ios` 
 
 
 ## 🙋‍♂️ Support
@@ -121,10 +94,13 @@ flutter build windows
 If you need help, please reach out to support@ente.io, and a human will get in
 touch with you.
 
-On the other hand, if you wish to support us, please
+If you have feature requests, please create a [GitHub issue](./issues).
+
+If you wish to support us, please ⭐
 [star](https://github.com/ente-io/auth/stargazers) this project.
 
 
 ## 💜 Community
-- Follow us on [Twitter](https://twitter.com/enteio)
-- Join us on [Discord](https://ente.io/discord)
+
+- Follow us on [Twitter](https://twitter.com/enteio) / [Mastodon](https://mstdn.social/@ente)
+- Join us on [Discord](https://ente.io/discord) / [Matrix](https://ente.io/matrix)

architecture/README.md

@@ -8,7 +8,7 @@ specifications of the underlying cryptography.
 Your data is end-to-end encrypted with **ente**. Meaning, they are encrypted
 with your `keys` before they leave your device.
 
-<img src="e2ee.svg" class="architecture-svg" style="max-width: 600px"
+<img src="assets/e2ee.svg" class="architecture-svg" style="max-width: 600px"
 title="End-to-end encryption in ente" />
 
 <br/>
@@ -39,7 +39,7 @@ leaves your device.
 During registration, your `masterKey` is encrypted with your`keyEncryptionKey`,
 and the resultant `encryptedMasterKey` is then sent to our servers for storage.
 
-<img src="key-derivation.svg" class="architecture-svg" title="Key derivation" />
+<img src="assets/key-derivation.svg" class="architecture-svg" title="Key derivation" />
 
 #### <a id="key-encryption-flows-secondary-device"></a> Secondary Device
 
@@ -92,7 +92,7 @@ leave your device unencrypted.
 - All of the above mentioned encrypted data is then pushed to the server for
   storage.
   
-<img src="token-encryption.svg" class="architecture-svg" title="Token
+<img src="assets/token-encryption.svg" class="architecture-svg" title="Token
 encryption" />
 
 #### Download
@@ -149,7 +149,7 @@ the server (as discussed in [Key Encryption](#key-encryption), and decrypts it
 with the entered `recoveryKey`. If the decryption succeeds, the client will know
 that you have entered the correct `recoveryKey`.
 
-<img src="recovery.svg" class="architecture-svg" title="Recovery" />
+<img src="assets/recovery.svg" class="architecture-svg" title="Recovery" />
 
 Now that you have your `masterKey`, the client will prompt you to set a new
 password, using which it will derive a new `keyEncryptionKey`. This is then used
@@ -204,12 +204,12 @@ your `publicKey`. This `encryptedAuthToken` can only be decrypted with your
 - This decrypted `authToken` can then from there on be used to authenticate all
   API calls against our servers.
 
-<img src="authentication.svg" class="architecture-svg" title="Authentication" />
+<img src="assets/authentication.svg" class="architecture-svg" title="Authentication" />
 
 ### Security
 
 Only by verifying access to your email and knowing your password can you obtain
-an`authToken` that can be used to authenticate yourself against our servers.
+an `authToken` that can be used to authenticate yourself against our servers.
 
 ---
 

ios/.gitignore

@@ -8,6 +8,7 @@
 .tags*
 **/.vagrant/
 **/DerivedData/
+build/
 Icon?
 **/Pods/
 **/.symlinks/

lib/core/configuration.dart

@@ -3,7 +3,6 @@ import 'dart:io' as io;
 import 'dart:typed_data';
 
 import 'package:bip39/bip39.dart' as bip39;
-import 'package:convert/convert.dart';
 import 'package:ente_auth/core/constants.dart';
 import 'package:ente_auth/core/errors.dart';
 import 'package:ente_auth/core/event_bus.dart';
@@ -16,6 +15,7 @@ import 'package:ente_auth/models/private_key_attributes.dart';
 import 'package:ente_auth/store/authenticator_db.dart';
 import 'package:ente_auth/utils/crypto_util.dart';
 import 'package:flutter_secure_storage/flutter_secure_storage.dart';
+import 'package:flutter_sodium/flutter_sodium.dart';
 import 'package:logging/logging.dart';
 import 'package:path_provider/path_provider.dart';
 import 'package:shared_preferences/shared_preferences.dart';
@@ -120,7 +120,6 @@ class Configuration {
   }
 
   Future<void> logout({bool autoLogout = false}) async {
-    _logger.info("Logging out");
     await _preferences.clear();
     await _secureStorage.deleteAll(iOptions: _secureStorageOptionsIOS);
     await AuthenticatorDB.instance.clearTable();
@@ -139,9 +138,8 @@ class Configuration {
     final recoveryKey = CryptoUtil.generateKey();
 
     // Encrypt master key and recovery key with each other
-    final encryptedMasterKey = await CryptoUtil.encrypt(masterKey, recoveryKey);
-    final encryptedRecoveryKey =
-        await CryptoUtil.encrypt(recoveryKey, masterKey);
+    final encryptedMasterKey = CryptoUtil.encryptSync(masterKey, recoveryKey);
+    final encryptedRecoveryKey = CryptoUtil.encryptSync(recoveryKey, masterKey);
 
     // Derive a key from the password that will be used to encrypt and
     // decrypt the master key
@@ -153,31 +151,31 @@ class Configuration {
 
     // Encrypt the key with this derived key
     final encryptedKeyData =
-        await CryptoUtil.encrypt(masterKey, derivedKeyResult.key);
+        CryptoUtil.encryptSync(masterKey, derivedKeyResult.key);
 
     // Generate a public-private keypair and encrypt the latter
     final keyPair = await CryptoUtil.generateKeyPair();
     final encryptedSecretKeyData =
-        await CryptoUtil.encrypt(keyPair.secretKey.extractBytes(), masterKey);
+        CryptoUtil.encryptSync(keyPair.sk, masterKey);
 
     final attributes = KeyAttributes(
-      base64Encode(kekSalt),
-      base64Encode(encryptedKeyData.encryptedData!),
-      base64Encode(encryptedKeyData.nonce!),
-      base64Encode(keyPair.publicKey),
-      base64Encode(encryptedSecretKeyData.encryptedData!),
-      base64Encode(encryptedSecretKeyData.nonce!),
+      Sodium.bin2base64(kekSalt),
+      Sodium.bin2base64(encryptedKeyData.encryptedData!),
+      Sodium.bin2base64(encryptedKeyData.nonce!),
+      Sodium.bin2base64(keyPair.pk),
+      Sodium.bin2base64(encryptedSecretKeyData.encryptedData!),
+      Sodium.bin2base64(encryptedSecretKeyData.nonce!),
       derivedKeyResult.memLimit,
       derivedKeyResult.opsLimit,
-      base64Encode(encryptedMasterKey.encryptedData!),
-      base64Encode(encryptedMasterKey.nonce!),
-      base64Encode(encryptedRecoveryKey.encryptedData!),
-      base64Encode(encryptedRecoveryKey.nonce!),
+      Sodium.bin2base64(encryptedMasterKey.encryptedData!),
+      Sodium.bin2base64(encryptedMasterKey.nonce!),
+      Sodium.bin2base64(encryptedRecoveryKey.encryptedData!),
+      Sodium.bin2base64(encryptedRecoveryKey.nonce!),
     );
     final privateAttributes = PrivateKeyAttributes(
-      base64Encode(masterKey),
-      hex.encode(recoveryKey),
-      base64Encode(keyPair.secretKey.extractBytes()),
+      Sodium.bin2base64(masterKey),
+      Sodium.bin2hex(recoveryKey),
+      Sodium.bin2base64(keyPair.sk),
     );
     return KeyGenResult(attributes, privateAttributes);
   }
@@ -196,14 +194,14 @@ class Configuration {
 
     // Encrypt the key with this derived key
     final encryptedKeyData =
-        await CryptoUtil.encrypt(masterKey!, derivedKeyResult.key);
+        CryptoUtil.encryptSync(masterKey!, derivedKeyResult.key);
 
     final existingAttributes = getKeyAttributes();
 
     return existingAttributes!.copyWith(
-      kekSalt: base64Encode(kekSalt),
-      encryptedKey: base64Encode(encryptedKeyData.encryptedData!),
-      keyDecryptionNonce: base64Encode(encryptedKeyData.nonce!),
+      kekSalt: Sodium.bin2base64(kekSalt),
+      encryptedKey: Sodium.bin2base64(encryptedKeyData.encryptedData!),
+      keyDecryptionNonce: Sodium.bin2base64(encryptedKeyData.nonce!),
       memLimit: derivedKeyResult.memLimit,
       opsLimit: derivedKeyResult.opsLimit,
     );
@@ -222,7 +220,7 @@ class Configuration {
     _logger.info('state validation done');
     final kek = await CryptoUtil.deriveKey(
       utf8.encode(password) as Uint8List,
-      base64.decode(attributes.kekSalt),
+      Sodium.base642bin(attributes.kekSalt),
       attributes.memLimit,
       attributes.opsLimit,
     ).onError((e, s) {
@@ -233,31 +231,33 @@ class Configuration {
     _logger.info('user-key done');
     Uint8List key;
     try {
-      key = await CryptoUtil.decrypt(
-        base64.decode(attributes.encryptedKey),
+      key = CryptoUtil.decryptSync(
+        Sodium.base642bin(attributes.encryptedKey),
         kek,
-        base64.decode(attributes.keyDecryptionNonce),
+        Sodium.base642bin(attributes.keyDecryptionNonce),
       );
     } catch (e) {
       _logger.severe('master-key failed, incorrect password?', e);
       throw Exception("Incorrect password");
     }
     _logger.info("master-key done");
-    await setKey(base64Encode(key));
-    final secretKey = await CryptoUtil.decrypt(
-      base64.decode(attributes.encryptedSecretKey),
+    await setKey(Sodium.bin2base64(key));
+    final secretKey = CryptoUtil.decryptSync(
+      Sodium.base642bin(attributes.encryptedSecretKey),
       key,
-      base64.decode(attributes.secretKeyDecryptionNonce),
+      Sodium.base642bin(attributes.secretKeyDecryptionNonce),
     );
     _logger.info("secret-key done");
-    await setSecretKey(base64Encode(secretKey));
+    await setSecretKey(Sodium.bin2base64(secretKey));
     final token = CryptoUtil.openSealSync(
-      base64.decode(getEncryptedToken()!),
-      base64.decode(attributes.publicKey),
+      Sodium.base642bin(getEncryptedToken()!),
+      Sodium.base642bin(attributes.publicKey),
       secretKey,
     );
     _logger.info('appToken done');
-    await setToken(base64Url.encode(token));
+    await setToken(
+      Sodium.bin2base64(token, variant: Sodium.base64VariantUrlsafe),
+    );
   }
 
   Future<void> recover(String recoveryKey) async {
@@ -274,27 +274,29 @@ class Configuration {
     Uint8List masterKey;
     try {
       masterKey = await CryptoUtil.decrypt(
-        base64.decode(attributes!.masterKeyEncryptedWithRecoveryKey),
-        Uint8List.fromList(hex.decode(recoveryKey)),
-        base64.decode(attributes.masterKeyDecryptionNonce),
+        Sodium.base642bin(attributes!.masterKeyEncryptedWithRecoveryKey),
+        Sodium.hex2bin(recoveryKey),
+        Sodium.base642bin(attributes.masterKeyDecryptionNonce),
       );
     } catch (e) {
       _logger.severe(e);
       rethrow;
     }
-    await setKey(base64Encode(masterKey));
-    final secretKey = await CryptoUtil.decrypt(
-      base64.decode(attributes.encryptedSecretKey),
+    await setKey(Sodium.bin2base64(masterKey));
+    final secretKey = CryptoUtil.decryptSync(
+      Sodium.base642bin(attributes.encryptedSecretKey),
       masterKey,
-      base64.decode(attributes.secretKeyDecryptionNonce),
+      Sodium.base642bin(attributes.secretKeyDecryptionNonce),
     );
-    await setSecretKey(base64Encode(secretKey));
+    await setSecretKey(Sodium.bin2base64(secretKey));
     final token = CryptoUtil.openSealSync(
-      base64.decode(getEncryptedToken()!),
-      base64.decode(attributes.publicKey),
+      Sodium.base642bin(getEncryptedToken()!),
+      Sodium.base642bin(attributes.publicKey),
       secretKey,
     );
-    await setToken(base64Url.encode(token));
+    await setToken(
+      Sodium.bin2base64(token, variant: Sodium.base64VariantUrlsafe),
+    );
   }
 
   String getHttpEndpoint() {
@@ -398,23 +400,23 @@ class Configuration {
   }
 
   Uint8List? getKey() {
-    return _key == null ? null : base64.decode(_key!);
+    return _key == null ? null : Sodium.base642bin(_key!);
   }
 
   Uint8List? getSecretKey() {
-    return _secretKey == null ? null : base64.decode(_secretKey!);
+    return _secretKey == null ? null : Sodium.base642bin(_secretKey!);
   }
 
   Uint8List? getAuthSecretKey() {
-    return _authSecretKey == null ? null : base64.decode(_authSecretKey!);
+    return _authSecretKey == null ? null : Sodium.base642bin(_authSecretKey!);
   }
 
-  Future<Uint8List> getRecoveryKey() async {
+  Uint8List getRecoveryKey() {
     final keyAttributes = getKeyAttributes()!;
-    return CryptoUtil.decrypt(
-      base64.decode(keyAttributes.recoveryKeyEncryptedWithMasterKey),
-      getKey()!,
-      base64.decode(keyAttributes.recoveryKeyDecryptionNonce),
+    return CryptoUtil.decryptSync(
+      Sodium.base642bin(keyAttributes.recoveryKeyEncryptedWithMasterKey),
+      getKey(),
+      Sodium.base642bin(keyAttributes.recoveryKeyDecryptionNonce),
     );
   }
 

lib/core/constants.dart

@@ -1,15 +1,28 @@
+const int thumbnailSmallSize = 256;
+const int thumbnailQuality = 50;
+const int thumbnailLargeSize = 512;
+const int compressedThumbnailResolution = 1080;
+const int thumbnailDataLimit = 100 * 1024;
 const String sentryDSN =
     "https://ed4ddd6309b847ba8849935e26e9b648@sentry.ente.io/9";
 const String sentryTunnel = "https://sentry-reporter.ente.io";
 const String roadmapURL = "https://roadmap.ente.io";
 const int microSecondsInDay = 86400000000;
 const int android11SDKINT = 30;
+const int galleryLoadStartTime = -8000000000000000; // Wednesday, March 6, 1748
+const int galleryLoadEndTime = 9223372036854775807; // 2^63 -1
 
 // used to identify which ente file are available in app cache
 // todo: 6Jun22: delete old media identifier after 3 months
 const String oldSharedMediaIdentifier = 'ente-shared://';
 const String sharedMediaIdentifier = 'ente-shared-media://';
 
+const int maxLivePhotoToastCount = 2;
+const String livePhotoToastCounterKey = "show_live_photo_toast";
+
+const thumbnailDiskLoadDeferDuration = Duration(milliseconds: 40);
+const thumbnailServerLoadDeferDuration = Duration(milliseconds: 80);
+
 // 256 bit key maps to 24 words
 // https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#Generating_the_mnemonic
 const mnemonicKeyWordCount = 24;

lib/core/network.dart

@@ -11,17 +11,13 @@ class Network {
   late Dio _dio;
 
   Future<void> init() async {
-    String userAgent = "";
-    if (Platform.isAndroid || Platform.isIOS) {
-      await FkUserAgent.init();
-      userAgent = FkUserAgent.userAgent ?? "";
-    }
+    await FkUserAgent.init();
     final packageInfo = await PackageInfo.fromPlatform();
     _dio = Dio(
       BaseOptions(
         connectTimeout: kConnectTimeout,
         headers: {
-          HttpHeaders.userAgentHeader: userAgent,
+          HttpHeaders.userAgentHeader: FkUserAgent.userAgent,
           'X-Client-Version': packageInfo.version,
           'X-Client-Package': packageInfo.packageName,
         },

lib/l10n/arb/app_en.arb

@@ -6,7 +6,6 @@
   },
   "onBoardingBody": "Secure your 2FA codes",
   "onBoardingGetStarted": "Get Started",
-
   "setupFirstAccount": "Setup your first account",
   "importScanQrCode": "Scan a QR Code",
   "importEnterSetupKey": "Enter a setup key",
@@ -18,7 +17,100 @@
   "timeBasedKeyType": "Time based (TOTP)",
   "counterBasedKeyType": "Counter based (HOTP)",
   "saveAction": "Save",
-
+  "nextTotpTitle": "next",
+  "deleteCodeTitle": "Delete code?",
+  "deleteCodeMessage": "Are you sure you want to delete this code? This action is irreversible.",
+  "viewLogsAction": "View logs",
+  "sendLogsDescription": "This will send across logs to help us debug your issue. While we take precautions to ensure that sensitive information is not logged, we encourage you to view these logs before sharing them.",
+  "preparingLogsTitle": "Preparing logs...",
+  "emailLogsTitle": "Email logs",
+  "emailLogsMessage": "Please send the logs to {email}",
+  "@emailLogsMessage": {
+    "placeholders": {
+      "email": {
+        "type": "String"
+      }
+    }
+  },
+  "copyEmailAction": "Copy email",
+  "exportLogsAction": "Export logs",
+  "reportABug": "Report a bug",
+  "crashAndErrorReporting": "Crash & error reporting",
+  "reportBug": "Report bug",
+  "emailUsMessage": "Please email us at {email}",
+  "@emailUsMessage": {
+    "placeholders": {
+      "email": {
+        "type": "String"
+      }
+    }
+  },
+  "contactSupport": "Contact support",
+  "verifyPassword": "Verify password",
+  "pleaseWaitTitle": "Please wait...",
+  "generatingEncryptionKeysTitle": "Generating encryption keys...",
+  "recreatePassword": "Recreate password",
+  "recreatePasswordMessage": "The current device is not powerful enough to verify your password, so we need to regenerate it once in a way that works with all devices. \n\nPlease login using your recovery key and regenerate your password (you can use the same one again if you wish).",
+  "useRecoveryKeyAction": "Use recovery key",
+  "incorrectPassword": "Incorrect password",
+  "welcomeBackTitle": "Welcome back!",
+  "madeWithLoveAtPrefix": "made with ❤️ at ",
+  "changeEmail": "change email",
+  "ok": "OK",
+  "cancel": "Cancel",
+  "yes": "Yes",
+  "no": "No",
+  "email": "Email",
+  "support": "Support",
+  "settings": "Settings",
+  "copied": "Copied",
+  "tryAgainMessage": "Please try again",
   "existingUser": "Existing User",
-  "newUser" : "New to ente"
-}
+  "newUser" : "New to ente",
+  "delete": "Delete",
+  "enterYourPasswordHint": "Enter your password",
+  "forgotPassword": "Forgot password",
+  "oops": "Oops",
+  "somethingWentWrongMessage": "Something went wrong, please try again",
+  "leaveFamily": "Leave family",
+  "leaveFamilyMessage": "Are you sure that you want to leave the family plan?",
+  "inFamilyPlanMessage": "You are on a family plan!",
+  "swipeHint": "Swipe left to edit or remove codes",
+  "scan": "Scan",
+  "scanACode": "Scan a code",
+  "verify": "Verify",
+  "enterCodeHint": "Enter the 6-digit code from\nyour authenticator app",
+  "lostDeviceTitle": "Lost device?",
+  "twoFactorAuthTitle": "Two-factor authentication",
+  "recoverAccount": "Recover account",
+  "enterRecoveryKeyHint": "Enter your recovery key",
+  "recover": "Recover",
+  "contactSupportViaEmailMessage":"Please drop an email to {email} from your registered email address",
+  "@contactSupportViaEmailMessage": {
+    "placeholders": {
+      "email": {
+        "type": "String"
+      }
+    }
+  },
+  "noRecoveryKeyTitle": "No recovery key?",
+  "enterEmailHint": "Enter your email address",
+  "invalidEmailTitle": "Invalid email address",
+  "invalidEmailMessage": "Please enter a valid email address.",
+  "deleteAccount": "Delete account",
+  "deleteAccountQuery": "We'll be sorry to see you go. Are you facing some issue?",
+  "yesSendFeedbackAction": "Yes, send feedback",
+  "noDeleteAccountAction": "No, delete account",
+  "initiateAccountDeleteTitle": "Please authenticate to initiate account deletion",
+  "confirmAccountDeleteTitle": "Are you sure you want to delete your ente account?",
+  "confirmAccountDeleteMessage": "Your uploaded data, across all apps (Photos and Authenticator both), will be scheduled for deletion, and your account will be permanently deleted.",
+  "sendEmail": "Send email",
+  "createNewAccount": "Create new account",
+  "passwordStrengthWeak": "Weak",
+  "passwordStrengthStrong": "Strong",
+  "passwordStrengthModerate": "Moderate",
+  "confirmPassword": "Confirm password",
+  "close": "Close",
+  "oopsSomethingWentWrong": "Oops, Something went wrong."
+
+}

lib/main.dart

@@ -1,6 +1,4 @@
 // @dart=2.9
-import 'dart:io';
-
 import "package:ente_auth/app/view/app.dart";
 import 'package:ente_auth/core/configuration.dart';
 import 'package:ente_auth/core/constants.dart';
@@ -21,17 +19,11 @@ import 'package:ente_auth/utils/crypto_util.dart';
 import "package:flutter/material.dart";
 import 'package:logging/logging.dart';
 import 'package:path_provider/path_provider.dart';
-import 'package:window_size/window_size.dart';
 
 final _logger = Logger("main");
 
 void main() async {
   WidgetsFlutterBinding.ensureInitialized();
-  if (Platform.isWindows || Platform.isLinux || Platform.isMacOS) {
-    setWindowTitle("ente Auth");
-    setWindowMinSize(const Size(375, 750));
-    setWindowMaxSize(const Size(375, 750));
-  }
   await _runInForeground();
 }
 
@@ -66,7 +58,7 @@ Future _runWithLogs(Function() function, {String prefix = ""}) async {
 }
 
 Future<void> _init(bool bool, {String via}) async {
-  await CryptoUtil.init();
+  CryptoUtil.init();
   await PreferenceService.instance.init();
   await CodeStore.instance.init();
   await Configuration.instance.init();

lib/services/authenticator_service.dart

@@ -16,6 +16,7 @@ import 'package:ente_auth/models/authenticator/local_auth_entity.dart';
 import 'package:ente_auth/store/authenticator_db.dart';
 import 'package:ente_auth/utils/crypto_util.dart';
 import 'package:flutter/foundation.dart';
+import 'package:flutter_sodium/flutter_sodium.dart';
 import 'package:logging/logging.dart';
 import 'package:shared_preferences/shared_preferences.dart';
 
@@ -54,9 +55,9 @@ class AuthenticatorService {
     for (LocalAuthEntity e in result) {
       try {
         final decryptedValue = await CryptoUtil.decryptChaCha(
-          base64.decode(e.encryptedData),
+          Sodium.base642bin(e.encryptedData),
           key,
-          base64.decode(e.header),
+          Sodium.base642bin(e.header),
         );
         final hasSynced = !(e.id == null || e.shouldSync);
         entities.add(
@@ -79,8 +80,8 @@ class AuthenticatorService {
       utf8.encode(plainText) as Uint8List,
       key,
     );
-    String encryptedData = base64Encode(encryptedKeyData.encryptedData!);
-    String header = base64Encode(encryptedKeyData.header!);
+    String encryptedData = Sodium.bin2base64(encryptedKeyData.encryptedData!);
+    String header = Sodium.bin2base64(encryptedKeyData.header!);
     final insertedID = await _db.insert(encryptedData, header);
     if (shouldSync) {
       unawaited(sync());
@@ -98,8 +99,8 @@ class AuthenticatorService {
       utf8.encode(plainText) as Uint8List,
       key,
     );
-    String encryptedData = base64Encode(encryptedKeyData.encryptedData!);
-    String header = base64Encode(encryptedKeyData.header!);
+    String encryptedData = Sodium.bin2base64(encryptedKeyData.encryptedData!);
+    String header = Sodium.bin2base64(encryptedKeyData.header!);
     final int affectedRows =
         await _db.updateEntry(generatedID, encryptedData, header);
     assert(
@@ -206,22 +207,22 @@ class AuthenticatorService {
     }
     try {
       final AuthKey response = await _gateway.getKey();
-      final authKey = await CryptoUtil.decrypt(
-        base64.decode(response.encryptedKey),
-        _config.getKey()!,
-        base64.decode(response.header),
+      final authKey = CryptoUtil.decryptSync(
+        Sodium.base642bin(response.encryptedKey),
+        _config.getKey(),
+        Sodium.base642bin(response.header),
       );
-      await _config.setAuthSecretKey(base64Encode(authKey));
+      await _config.setAuthSecretKey(Sodium.bin2base64(authKey));
       return authKey;
     } on AuthenticatorKeyNotFound catch (e) {
       _logger.info("AuthenticatorKeyNotFound generating key ${e.stackTrace}");
       final key = CryptoUtil.generateKey();
-      final encryptedKeyData = await CryptoUtil.encrypt(key, _config.getKey()!);
+      final encryptedKeyData = CryptoUtil.encryptSync(key, _config.getKey()!);
       await _gateway.createKey(
-        base64Encode(encryptedKeyData.encryptedData!),
-        base64Encode(encryptedKeyData.nonce!),
+        Sodium.bin2base64(encryptedKeyData.encryptedData!),
+        Sodium.bin2base64(encryptedKeyData.nonce!),
       );
-      await _config.setAuthSecretKey(base64Encode(key));
+      await _config.setAuthSecretKey(Sodium.bin2base64(key));
       return key;
     } catch (e, s) {
       _logger.severe("Failed to getOrCreateAuthDataKey", e, s);

lib/services/local_authentication_service.dart

@@ -65,10 +65,6 @@ class LocalAuthenticationService {
   }
 
   Future<bool> _isLocalAuthSupportedOnDevice() async {
-    try {
-      return await LocalAuthentication().isDeviceSupported();
-    } catch (e) {
-      return false;
-    }
+    return await LocalAuthentication().isDeviceSupported();
   }
 }

lib/services/user_service.dart

@@ -1,15 +1,13 @@
 // @dart=2.9
 
-import 'dart:convert';
-
 import 'package:bip39/bip39.dart' as bip39;
-import 'package:convert/convert.dart';
 import 'package:dio/dio.dart';
 import 'package:ente_auth/core/configuration.dart';
 import 'package:ente_auth/core/constants.dart';
 import 'package:ente_auth/core/event_bus.dart';
 import 'package:ente_auth/core/network.dart';
 import 'package:ente_auth/events/user_details_changed_event.dart';
+import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/models/delete_account.dart';
 import 'package:ente_auth/models/key_attributes.dart';
 import 'package:ente_auth/models/key_gen_result.dart';
@@ -27,6 +25,7 @@ import 'package:ente_auth/utils/crypto_util.dart';
 import 'package:ente_auth/utils/dialog_util.dart';
 import 'package:ente_auth/utils/toast_util.dart';
 import 'package:flutter/material.dart';
+import 'package:flutter_sodium/flutter_sodium.dart';
 import 'package:logging/logging.dart';
 
 class UserService {
@@ -49,7 +48,8 @@ class UserService {
     bool isChangeEmail = false,
     bool isCreateAccountScreen = false,
   }) async {
-    final dialog = createProgressDialog(context, "Please wait...");
+    final l10n = context.l10n;
+    final dialog = createProgressDialog(context, l10n.pleaseWaitTitle);
     await dialog.show();
     try {
       final response = await _dio.post(
@@ -193,7 +193,8 @@ class UserService {
   Future<DeleteChallengeResponse> getDeleteChallenge(
     BuildContext context,
   ) async {
-    final dialog = createProgressDialog(context, "Please wait...");
+    final l10n = context.l10n;
+    final dialog = createProgressDialog(context, l10n.pleaseWaitTitle);
     await dialog.show();
     try {
       final response = await _dio.get(
@@ -261,7 +262,8 @@ class UserService {
   }
 
   Future<void> verifyEmail(BuildContext context, String ott) async {
-    final dialog = createProgressDialog(context, "Please wait...");
+    final l10n = context.l10n;
+    final dialog = createProgressDialog(context, l10n.pleaseWaitTitle);
     await dialog.show();
     try {
       final response = await _dio.post(
@@ -331,7 +333,8 @@ class UserService {
     String email,
     String ott,
   ) async {
-    final dialog = createProgressDialog(context, "Please wait...");
+    final l10n = context.l10n;
+    final dialog = createProgressDialog(context, l10n.pleaseWaitTitle);
     await dialog.show();
     try {
       final response = await _dio.post(
@@ -500,7 +503,8 @@ class UserService {
   }
 
   Future<void> recoverTwoFactor(BuildContext context, String sessionID) async {
-    final dialog = createProgressDialog(context, "Please wait...");
+    final l10n = context.l10n;
+    final dialog = createProgressDialog(context, l10n.pleaseWaitTitle);
     await dialog.show();
     try {
       final response = await _dio.get(
@@ -620,7 +624,8 @@ class UserService {
     String encryptedSecret,
     String secretDecryptionNonce,
   ) async {
-    final dialog = createProgressDialog(context, "Please wait...");
+    final l10n = context.l10n;
+    final dialog = createProgressDialog(context, l10n.pleaseWaitTitle);
     await dialog.show();
     String secret;
     try {
@@ -632,11 +637,11 @@ class UserService {
         }
         recoveryKey = bip39.mnemonicToEntropy(recoveryKey);
       }
-      secret = base64Encode(
+      secret = Sodium.bin2base64(
         await CryptoUtil.decrypt(
-          base64.decode(encryptedSecret),
-          hex.decode(recoveryKey.trim()),
-          base64.decode(secretDecryptionNonce),
+          Sodium.base642bin(encryptedSecret),
+          Sodium.hex2bin(recoveryKey.trim()),
+          Sodium.base642bin(secretDecryptionNonce),
         ),
       );
     } catch (e) {

lib/ui/account/change_email_dialog.dart

@@ -1,5 +1,6 @@
 // @dart=2.9
 
+import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/services/user_service.dart';
 import 'package:ente_auth/utils/dialog_util.dart';
 import 'package:ente_auth/utils/email_util.dart';
@@ -17,20 +18,21 @@ class _ChangeEmailDialogState extends State<ChangeEmailDialog> {
 
   @override
   Widget build(BuildContext context) {
+    final l10n = context.l10n;
     return AlertDialog(
-      title: const Text("Enter your email address"),
+      title: Text(l10n.enterEmailHint),
       content: SingleChildScrollView(
         child: Column(
           mainAxisAlignment: MainAxisAlignment.start,
           crossAxisAlignment: CrossAxisAlignment.start,
           children: [
             TextFormField(
-              decoration: const InputDecoration(
-                hintText: 'Email',
-                hintStyle: TextStyle(
+              decoration: InputDecoration(
+                hintText: l10n.email,
+                hintStyle: const TextStyle(
                   color: Colors.white30,
                 ),
-                contentPadding: EdgeInsets.all(12),
+                contentPadding: const EdgeInsets.all(12),
               ),
               onChanged: (value) {
                 setState(() {
@@ -47,9 +49,9 @@ class _ChangeEmailDialogState extends State<ChangeEmailDialog> {
       ),
       actions: [
         TextButton(
-          child: const Text(
-            "Cancel",
-            style: TextStyle(
+          child: Text(
+            l10n.cancel,
+            style: const TextStyle(
               color: Colors.redAccent,
             ),
           ),
@@ -58,9 +60,9 @@ class _ChangeEmailDialogState extends State<ChangeEmailDialog> {
           },
         ),
         TextButton(
-          child: const Text(
-            "Verify",
-            style: TextStyle(
+          child: Text(
+            l10n.verify,
+            style: const TextStyle(
               color: Colors.purple,
             ),
           ),
@@ -68,8 +70,8 @@ class _ChangeEmailDialogState extends State<ChangeEmailDialog> {
             if (!isValidEmail(_email)) {
               showErrorDialog(
                 context,
-                "Invalid email address",
-                "Please enter a valid email address.",
+                l10n.invalidEmailTitle,
+                l10n.invalidEmailMessage,
               );
               return;
             }

lib/ui/account/delete_account_page.dart

@@ -3,6 +3,7 @@
 import 'dart:convert';
 
 import 'package:ente_auth/core/configuration.dart';
+import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/models/delete_account.dart';
 import 'package:ente_auth/services/local_authentication_service.dart';
 import 'package:ente_auth/services/user_service.dart';
@@ -11,6 +12,7 @@ import 'package:ente_auth/ui/common/gradient_button.dart';
 import 'package:ente_auth/utils/crypto_util.dart';
 import 'package:ente_auth/utils/email_util.dart';
 import 'package:flutter/material.dart';
+import 'package:flutter_sodium/flutter_sodium.dart';
 
 class DeleteAccountPage extends StatelessWidget {
   const DeleteAccountPage({
@@ -19,10 +21,11 @@ class DeleteAccountPage extends StatelessWidget {
 
   @override
   Widget build(BuildContext context) {
+    final l10n = context.l10n;
     return Scaffold(
       appBar: AppBar(
         elevation: 0,
-        title: const Text("Delete account"),
+        title: Text(l10n.deleteAccount),
         leading: IconButton(
           icon: const Icon(Icons.arrow_back),
           color: Theme.of(context).iconTheme.color,
@@ -46,7 +49,7 @@ class DeleteAccountPage extends StatelessWidget {
               ),
               Center(
                 child: Text(
-                  "We'll be sorry to see you go. Are you facing some issue?",
+                  l10n.deleteAccountQuery,
                   style: Theme.of(context).textTheme.subtitle1,
                 ),
               ),
@@ -73,7 +76,7 @@ class DeleteAccountPage extends StatelessWidget {
                 height: 24,
               ),
               GradientButton(
-                text: "Yes, send feedback",
+                text: l10n.yesSendFeedbackAction,
                 iconData: Icons.check,
                 onTap: () async {
                   await sendEmail(
@@ -103,9 +106,9 @@ class DeleteAccountPage extends StatelessWidget {
                       ),
                       backgroundColor: Colors.white,
                     ),
-                    label: const Text(
-                      "No, delete account",
-                      style: TextStyle(
+                    label: Text(
+                      l10n.noDeleteAccountAction,
+                      style: const TextStyle(
                         color: Colors.redAccent, // same for both themes
                       ),
                       textAlign: TextAlign.center,
@@ -142,21 +145,20 @@ class DeleteAccountPage extends StatelessWidget {
     BuildContext context,
     DeleteChallengeResponse response,
   ) async {
+    final l10n = context.l10n;
     final hasAuthenticated =
         await LocalAuthenticationService.instance.requestLocalAuthentication(
       context,
-      "Please authenticate to initiate account deletion",
+      l10n.initiateAccountDeleteTitle,
     );
 
     if (hasAuthenticated) {
       final choice = await showChoiceDialog(
         context,
-        'Are you sure you want to delete your ente account?',
-        'Your uploaded data, across all apps '
-            '(Photos and Authenticator both), will be scheduled for deletion,'
-            'and your account will be permanently deleted.',
-        firstAction: 'Cancel',
-        secondAction: 'Delete',
+        l10n.confirmAccountDeleteTitle,
+        l10n.confirmAccountDeleteMessage,
+        firstAction: l10n.cancel,
+        secondAction: l10n.delete,
         firstActionColor: Theme.of(context).colorScheme.onSurface,
         secondActionColor: Colors.red,
       );
@@ -164,8 +166,8 @@ class DeleteAccountPage extends StatelessWidget {
         return;
       }
       final decryptChallenge = CryptoUtil.openSealSync(
-        base64.decode(response.encryptedChallenge),
-        base64.decode(Configuration.instance.getKeyAttributes().publicKey),
+        Sodium.base642bin(response.encryptedChallenge),
+        Sodium.base642bin(Configuration.instance.getKeyAttributes().publicKey),
         Configuration.instance.getSecretKey(),
       );
       final challengeResponseStr = utf8.decode(decryptChallenge);
@@ -174,10 +176,11 @@ class DeleteAccountPage extends StatelessWidget {
   }
 
   Future<void> _requestEmailForDeletion(BuildContext context) async {
+    final l10n = context.l10n;
     final AlertDialog alert = AlertDialog(
-      title: const Text(
-        "Delete account",
-        style: TextStyle(
+      title: Text(
+        l10n.deleteAccount,
+        style: const TextStyle(
           color: Colors.red,
         ),
       ),
@@ -207,9 +210,9 @@ class DeleteAccountPage extends StatelessWidget {
       ),
       actions: [
         TextButton(
-          child: const Text(
-            "Send email",
-            style: TextStyle(
+          child: Text(
+            l10n.sendEmail,
+            style: const TextStyle(
               color: Colors.red,
             ),
           ),
@@ -224,7 +227,7 @@ class DeleteAccountPage extends StatelessWidget {
         ),
         TextButton(
           child: Text(
-            "Ok",
+            l10n.ok,
             style: TextStyle(
               color: Theme.of(context).colorScheme.onSurface,
             ),

lib/ui/account/email_entry_page.dart

@@ -5,6 +5,7 @@ import 'dart:io';
 import 'package:email_validator/email_validator.dart';
 import 'package:ente_auth/core/configuration.dart';
 import 'package:ente_auth/ente_theme_data.dart';
+import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/models/billing_plan.dart';
 import 'package:ente_auth/services/billing_service.dart';
 import 'package:ente_auth/services/user_service.dart';
@@ -122,13 +123,14 @@ class _EmailEntryPageState extends State<EmailEntryPage> {
   }
 
   Widget _getBody() {
-    var passwordStrengthText = 'Weak';
+    final l10n = context.l10n;
+    var passwordStrengthText = l10n.passwordStrengthWeak;
     var passwordStrengthColor = Colors.redAccent;
     if (_passwordStrength > kStrongPasswordStrengthThreshold) {
-      passwordStrengthText = 'Strong';
+      passwordStrengthText = l10n.passwordStrengthStrong;
       passwordStrengthColor = Colors.greenAccent;
     } else if (_passwordStrength > kMildPasswordStrengthThreshold) {
-      passwordStrengthText = 'Moderate';
+      passwordStrengthText = l10n.passwordStrengthModerate;
       passwordStrengthColor = Colors.orangeAccent;
     }
     return Column(
@@ -141,7 +143,7 @@ class _EmailEntryPageState extends State<EmailEntryPage> {
                   padding:
                       const EdgeInsets.symmetric(vertical: 30, horizontal: 20),
                   child: Text(
-                    'Create new account',
+                    l10n.createNewAccount,
                     style: Theme.of(context).textTheme.headline4,
                   ),
                 ),
@@ -153,7 +155,7 @@ class _EmailEntryPageState extends State<EmailEntryPage> {
                     decoration: InputDecoration(
                       fillColor: _emailIsValid ? _validFieldValueColor : null,
                       filled: true,
-                      hintText: 'Email',
+                      hintText: l10n.email,
                       contentPadding: const EdgeInsets.symmetric(
                         horizontal: 16,
                         vertical: 14,
@@ -268,7 +270,7 @@ class _EmailEntryPageState extends State<EmailEntryPage> {
                     decoration: InputDecoration(
                       fillColor: _passwordsMatch ? _validFieldValueColor : null,
                       filled: true,
-                      hintText: "Confirm password",
+                      hintText: l10n.confirmPassword,
                       contentPadding: const EdgeInsets.symmetric(
                         horizontal: 16,
                         vertical: 14,
@@ -510,13 +512,14 @@ class PricingWidget extends StatelessWidget {
 
   @override
   Widget build(BuildContext context) {
+    final l10n = context.l10n;
     return FutureBuilder<BillingPlans>(
       future: BillingService.instance.getBillingPlans(),
       builder: (BuildContext context, AsyncSnapshot snapshot) {
         if (snapshot.hasData) {
           return _buildPlans(context, snapshot.data);
         } else if (snapshot.hasError) {
-          return const Text("Oops, Something went wrong.");
+          return Text(l10n.oopsSomethingWentWrong);
         }
         return const EnteLoadingWidget();
       },
@@ -524,6 +527,7 @@ class PricingWidget extends StatelessWidget {
   }
 
   Container _buildPlans(BuildContext context, BillingPlans plans) {
+    final l10n = context.l10n;
     final planWidgets = <BillingPlanWidget>[];
     for (final plan in plans.plans) {
       final productID = Platform.isAndroid ? plan.androidID : plan.iosID;
@@ -564,16 +568,16 @@ class PricingWidget extends StatelessWidget {
             child: Row(
               mainAxisAlignment: MainAxisAlignment.center,
               crossAxisAlignment: CrossAxisAlignment.center,
-              children: const [
-                Icon(
+              children: [
+                const Icon(
                   Icons.close,
                   size: 12,
                   color: Colors.white38,
                 ),
-                Padding(padding: EdgeInsets.all(1)),
+                const Padding(padding: EdgeInsets.all(1)),
                 Text(
-                  "Close",
-                  style: TextStyle(
+                  l10n.close,
+                  style: const TextStyle(
                     color: Colors.white38,
                   ),
                 ),

lib/ui/account/password_entry_page.dart

@@ -1,6 +1,7 @@
 // @dart=2.9
 
 import 'package:ente_auth/core/configuration.dart';
+import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/services/user_service.dart';
 import 'package:ente_auth/ui/account/recovery_key_page.dart';
 import 'package:ente_auth/ui/common/dynamic_fab.dart';
@@ -400,15 +401,16 @@ class _PasswordEntryPageState extends State<PasswordEntryPage> {
   }
 
   Future<void> _showRecoveryCodeDialog(String password) async {
+    final l10n = context.l10n;
     final dialog =
-        createProgressDialog(context, "Generating encryption keys...");
+        createProgressDialog(context, l10n.generatingEncryptionKeysTitle);
     await dialog.show();
     try {
       final result = await Configuration.instance.generateKey(password);
       Configuration.instance.setVolatilePassword(null);
       await dialog.hide();
       onDone() async {
-        final dialog = createProgressDialog(context, "Please wait...");
+        final dialog = createProgressDialog(context, l10n.pleaseWaitTitle);
         await dialog.show();
         try {
           await UserService.instance.setAttributes(result);

lib/ui/account/password_reentry_page.dart

@@ -2,6 +2,7 @@
 
 import 'package:ente_auth/core/configuration.dart';
 import 'package:ente_auth/core/errors.dart';
+import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/models/key_attributes.dart';
 import 'package:ente_auth/ui/account/recovery_page.dart';
 import 'package:ente_auth/ui/common/dialogs.dart';
@@ -40,6 +41,7 @@ class _PasswordReentryPageState extends State<PasswordReentryPage> {
 
   @override
   Widget build(BuildContext context) {
+    final l10n = context.l10n;
     final isKeypadOpen = MediaQuery.of(context).viewInsets.bottom > 100;
 
     FloatingActionButtonLocation fabLocation() {
@@ -66,10 +68,10 @@ class _PasswordReentryPageState extends State<PasswordReentryPage> {
       floatingActionButton: DynamicFAB(
         isKeypadOpen: isKeypadOpen,
         isFormValid: _passwordController.text.isNotEmpty,
-        buttonText: 'Verify password',
+        buttonText: l10n.verifyPassword,
         onPressedFunction: () async {
           FocusScope.of(context).unfocus();
-          final dialog = createProgressDialog(context, "Please wait...");
+          final dialog = createProgressDialog(context, l10n.pleaseWaitTitle);
           await dialog.show();
           try {
             await Configuration.instance.decryptAndSaveSecrets(
@@ -81,14 +83,11 @@ class _PasswordReentryPageState extends State<PasswordReentryPage> {
             await dialog.hide();
             final dialogUserChoice = await showChoiceDialog(
               context,
-              "Recreate password",
-              "The current device is not powerful enough to verify your "
-                  "password, so we need to regenerate it once in a way that "
-                  "works with all devices. \n\nPlease login using your "
-                  "recovery key and regenerate your password (you can use the same one again if you wish).",
-              firstAction: "Cancel",
+              l10n.recreatePassword,
+              l10n.recreatePasswordMessage,
+              firstAction: l10n.cancel,
               firstActionColor: Theme.of(context).colorScheme.primary,
-              secondAction: "Use recovery key",
+              secondAction: l10n.useRecoveryKeyAction,
               secondActionColor: Theme.of(context).colorScheme.primary,
             );
             if (dialogUserChoice == DialogUserChoice.secondChoice) {
@@ -107,17 +106,17 @@ class _PasswordReentryPageState extends State<PasswordReentryPage> {
 
             final dialogUserChoice = await showChoiceDialog(
               context,
-              "Incorrect password",
-              "Please try again",
-              firstAction: "Contact Support",
+              l10n.incorrectPassword,
+              l10n.tryAgainMessage,
+              firstAction: l10n.contactSupport,
               firstActionColor: Theme.of(context).colorScheme.primary,
-              secondAction: "Ok",
+              secondAction: l10n.ok,
               secondActionColor: Theme.of(context).colorScheme.primary,
             );
             if (dialogUserChoice == DialogUserChoice.firstChoice) {
               await sendLogs(
                 context,
-                "Contact support",
+                l10n.contactSupport,
                 "support@ente.io",
                 postShare: () {},
               );
@@ -141,6 +140,7 @@ class _PasswordReentryPageState extends State<PasswordReentryPage> {
   }
 
   Widget _getBody() {
+    final l10n = context.l10n;
     return Column(
       children: [
         Expanded(
@@ -151,7 +151,7 @@ class _PasswordReentryPageState extends State<PasswordReentryPage> {
                   padding:
                       const EdgeInsets.symmetric(vertical: 30, horizontal: 20),
                   child: Text(
-                    'Welcome back!',
+                    l10n.welcomeBackTitle,
                     style: Theme.of(context).textTheme.headline4,
                   ),
                 ),
@@ -174,7 +174,7 @@ class _PasswordReentryPageState extends State<PasswordReentryPage> {
                   child: TextFormField(
                     autofillHints: const [AutofillHints.password],
                     decoration: InputDecoration(
-                      hintText: "Enter your password",
+                      hintText: l10n.enterYourPasswordHint,
                       filled: true,
                       contentPadding: const EdgeInsets.all(20),
                       border: UnderlineInputBorder(
@@ -236,7 +236,7 @@ class _PasswordReentryPageState extends State<PasswordReentryPage> {
                         },
                         child: Center(
                           child: Text(
-                            "Forgot password",
+                            l10n.forgotPassword,
                             style:
                                 Theme.of(context).textTheme.subtitle1.copyWith(
                                       fontSize: 14,
@@ -248,8 +248,10 @@ class _PasswordReentryPageState extends State<PasswordReentryPage> {
                       GestureDetector(
                         behavior: HitTestBehavior.opaque,
                         onTap: () async {
-                          final dialog =
-                              createProgressDialog(context, "Please wait...");
+                          final dialog = createProgressDialog(
+                            context,
+                            l10n.pleaseWaitTitle,
+                          );
                           await dialog.show();
                           await Configuration.instance.logout();
                           await dialog.hide();
@@ -258,7 +260,7 @@ class _PasswordReentryPageState extends State<PasswordReentryPage> {
                         },
                         child: Center(
                           child: Text(
-                            "Change email",
+                            l10n.changeEmail,
                             style:
                                 Theme.of(context).textTheme.subtitle1.copyWith(
                                       fontSize: 14,

lib/ui/account/recovery_key_page.dart

@@ -208,9 +208,9 @@ class _RecoveryKeyPageState extends State<RecoveryKeyPage> {
   }
 
   List<Widget> _saveOptions(BuildContext context, String recoveryKey) {
-    final List<Widget> children = [];
+    final List<Widget> childrens = [];
     if (!_hasTriedToSave) {
-      children.add(
+      childrens.add(
         ElevatedButton(
           style: Theme.of(context).colorScheme.optionalActionButtonStyle,
           onPressed: () async {
@@ -219,10 +219,10 @@ class _RecoveryKeyPageState extends State<RecoveryKeyPage> {
           child: const Text('Do this later'),
         ),
       );
-      children.add(const SizedBox(height: 10));
+      childrens.add(const SizedBox(height: 10));
     }
 
-    children.add(
+    childrens.add(
       GradientButton(
         onTap: () async {
           await _shareRecoveryKey(recoveryKey);
@@ -231,8 +231,8 @@ class _RecoveryKeyPageState extends State<RecoveryKeyPage> {
       ),
     );
     if (_hasTriedToSave) {
-      children.add(const SizedBox(height: 10));
-      children.add(
+      childrens.add(const SizedBox(height: 10));
+      childrens.add(
         ElevatedButton(
           child: Text(widget.doneText),
           onPressed: () async {
@@ -241,8 +241,8 @@ class _RecoveryKeyPageState extends State<RecoveryKeyPage> {
         ),
       );
     }
-    children.add(const SizedBox(height: 12));
-    return children;
+    childrens.add(const SizedBox(height: 12));
+    return childrens;
   }
 
   Future _shareRecoveryKey(String recoveryKey) async {

lib/ui/account/sessions_page.dart

@@ -2,6 +2,7 @@
 
 import 'package:ente_auth/core/configuration.dart';
 import 'package:ente_auth/ente_theme_data.dart';
+import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/models/sessions.dart';
 import 'package:ente_auth/services/user_service.dart';
 import 'package:ente_auth/ui/common/loading_widget.dart';
@@ -111,7 +112,8 @@ class _SessionsPageState extends State<SessionsPage> {
   }
 
   Future<void> _terminateSession(Session session) async {
-    final dialog = createProgressDialog(context, "Please wait...");
+    final l10n = context.l10n;
+    final dialog = createProgressDialog(context, l10n.pleaseWaitTitle);
     await dialog.show();
     try {
       await UserService.instance.terminateSession(session.token);
@@ -122,8 +124,8 @@ class _SessionsPageState extends State<SessionsPage> {
       _logger.severe('failed to terminate', e, s);
       showErrorDialog(
         context,
-        'Oops',
-        "Something went wrong, please try again",
+        l10n.oops,
+        l10n.somethingWentWrongMessage,
       );
     }
   }

lib/ui/account/verify_recovery_page.dart

@@ -3,7 +3,6 @@
 import 'dart:ui';
 
 import 'package:bip39/bip39.dart' as bip39;
-import 'package:convert/convert.dart';
 import 'package:dio/dio.dart';
 import 'package:ente_auth/core/configuration.dart';
 import 'package:ente_auth/core/event_bus.dart';
@@ -17,6 +16,7 @@ import 'package:ente_auth/ui/common/gradient_button.dart';
 import 'package:ente_auth/utils/dialog_util.dart';
 import 'package:ente_auth/utils/navigation_util.dart';
 import 'package:flutter/material.dart';
+import 'package:flutter_sodium/flutter_sodium.dart';
 import 'package:logging/logging.dart';
 
 class VerifyRecoveryPage extends StatefulWidget {
@@ -36,7 +36,7 @@ class _VerifyRecoveryPageState extends State<VerifyRecoveryPage> {
     try {
       final String inputKey = _recoveryKey.text.trim();
       final String recoveryKey =
-          hex.encode(await Configuration.instance.getRecoveryKey());
+          Sodium.bin2hex(Configuration.instance.getRecoveryKey());
       final String recoveryKeyWords = bip39.entropyToMnemonic(recoveryKey);
       if (inputKey == recoveryKey || inputKey == recoveryKeyWords) {
         try {
@@ -97,7 +97,7 @@ class _VerifyRecoveryPageState extends State<VerifyRecoveryPage> {
     if (hasAuthenticated) {
       String recoveryKey;
       try {
-        recoveryKey = hex.encode(await Configuration.instance.getRecoveryKey());
+        recoveryKey = Sodium.bin2hex(Configuration.instance.getRecoveryKey());
         routeToPage(
           context,
           RecoveryKeyPage(

lib/ui/code_widget.dart

@@ -2,6 +2,7 @@ import 'dart:async';
 
 import 'package:clipboard/clipboard.dart';
 import 'package:ente_auth/ente_theme_data.dart';
+import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/models/code.dart';
 import 'package:ente_auth/onboarding/view/setup_enter_secret_key_page.dart';
 import 'package:ente_auth/store/code_store.dart';
@@ -49,6 +50,7 @@ class _CodeWidgetState extends State<CodeWidget> {
 
   @override
   Widget build(BuildContext context) {
+    final l10n = context.l10n;
     return Container(
       margin: const EdgeInsets.only(left: 16, right: 16, bottom: 8, top: 8),
       child: Slidable(
@@ -174,7 +176,7 @@ class _CodeWidgetState extends State<CodeWidget> {
                                 crossAxisAlignment: CrossAxisAlignment.end,
                                 children: [
                                   Text(
-                                    "next",
+                                    l10n.nextTotpTitle,
                                     style: Theme.of(context).textTheme.caption,
                                   ),
                                   Text(
@@ -224,20 +226,21 @@ class _CodeWidgetState extends State<CodeWidget> {
   }
 
   void _onDeletePressed(_) {
+    final l10n = context.l10n;
     final AlertDialog alert = AlertDialog(
       shape: RoundedRectangleBorder(borderRadius: BorderRadius.circular(10)),
       title: Text(
-        "Delete code?",
+        l10n.deleteCodeTitle,
         style: Theme.of(context).textTheme.headline6,
       ),
-      content: const Text(
-        "Are you sure you want to delete this code? This action is irreversible.",
+      content: Text(
+        l10n.deleteCodeMessage,
       ),
       actions: [
         TextButton(
-          child: const Text(
-            "Delete",
-            style: TextStyle(
+          child: Text(
+            l10n.delete,
+            style: const TextStyle(
               color: Colors.red,
             ),
           ),

lib/ui/home_page.dart

@@ -240,6 +240,7 @@ class _HomePageState extends State<HomePage> {
   }
 
   Widget _getCoachMarkWidget() {
+    final l10n = context.l10n;
     return GestureDetector(
       onTap: () async {
         await PreferenceService.instance.setHasShownCoachMark(true);
@@ -268,7 +269,7 @@ class _HomePageState extends State<HomePage> {
                           height: 24,
                         ),
                         Text(
-                          "Swipe left to edit or remove codes",
+                          l10n.swipeHint,
                           style: Theme.of(context).textTheme.headline6,
                         ),
                         const SizedBox(
@@ -282,7 +283,7 @@ class _HomePageState extends State<HomePage> {
                                   .setHasShownCoachMark(true);
                               setState(() {});
                             },
-                            child: const Text("OK"),
+                            child: Text(l10n.ok),
                           ),
                         )
                       ],

lib/ui/payment/child_subscription_widget.dart

@@ -1,6 +1,7 @@
 // @dart=2.9
 
 import 'package:ente_auth/ente_theme_data.dart';
+import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/models/user_details.dart';
 import 'package:ente_auth/services/user_service.dart';
 import 'package:ente_auth/ui/common/dialogs.dart';
@@ -17,6 +18,7 @@ class ChildSubscriptionWidget extends StatelessWidget {
 
   @override
   Widget build(BuildContext context) {
+    final l10n = context.l10n;
     final String familyAdmin = userDetails.familyData.members
         .firstWhere((element) => element.isAdmin)
         .email;
@@ -27,7 +29,7 @@ class ChildSubscriptionWidget extends StatelessWidget {
         children: [
           Center(
             child: Text(
-              "You are on a family plan!",
+              l10n.inFamilyPlanMessage,
               style: Theme.of(context).textTheme.bodyText1,
             ),
           ),
@@ -76,9 +78,9 @@ class ChildSubscriptionWidget extends StatelessWidget {
                     const EdgeInsets.symmetric(vertical: 18, horizontal: 100),
                 backgroundColor: Colors.red[500],
               ),
-              child: const Text(
-                "Leave Family",
-                style: TextStyle(
+              child: Text(
+                l10n.leaveFamily,
+                style: const TextStyle(
                   fontWeight: FontWeight.bold,
                   fontSize: 18,
                   color: Colors.white, // same for both themes
@@ -120,19 +122,20 @@ class ChildSubscriptionWidget extends StatelessWidget {
   }
 
   Future<void> _leaveFamilyPlan(BuildContext context) async {
+    final l10n = context.l10n;
     final choice = await showChoiceDialog(
       context,
-      'Leave family',
-      'Are you sure that you want to leave the family plan?',
-      firstAction: 'No',
-      secondAction: 'Yes',
+      l10n.leaveFamily,
+      l10n.leaveFamilyMessage,
+      firstAction: l10n.no,
+      secondAction: l10n.yes,
       firstActionColor: Theme.of(context).colorScheme.alternativeColor,
       secondActionColor: Theme.of(context).colorScheme.onSurface,
     );
     if (choice != DialogUserChoice.secondChoice) {
       return;
     }
-    final dialog = createProgressDialog(context, "Please wait...");
+    final dialog = createProgressDialog(context, l10n.pleaseWaitTitle);
     await dialog.show();
     try {
       await UserService.instance.leaveFamilyPlan();

lib/ui/payment/payment_web_page.dart

@@ -3,6 +3,7 @@
 import 'dart:io';
 
 import 'package:ente_auth/ente_theme_data.dart';
+import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/models/subscription.dart';
 import 'package:ente_auth/services/billing_service.dart';
 import 'package:ente_auth/services/user_service.dart';
@@ -49,7 +50,8 @@ class _PaymentWebPageState extends State<PaymentWebPage> {
 
   @override
   Widget build(BuildContext context) {
-    _dialog = createProgressDialog(context, "Please wait...");
+    final l10n = context.l10n;
+    _dialog = createProgressDialog(context, l10n.pleaseWaitTitle);
     if (initPaymentUrl == null) {
       return const EnteLoadingWidget();
     }

lib/ui/scanner_page.dart

@@ -1,5 +1,6 @@
 import 'dart:io';
 
+import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/models/code.dart';
 import 'package:flutter/material.dart';
 import 'package:qr_code_scanner/qr_code_scanner.dart';
@@ -30,9 +31,10 @@ class ScannerPageState extends State<ScannerPage> {
 
   @override
   Widget build(BuildContext context) {
+    final l10n = context.l10n;
     return Scaffold(
       appBar: AppBar(
-        title: const Text("Scan"),
+        title: Text(l10n.scan),
       ),
       body: Column(
         children: <Widget>[
@@ -47,7 +49,7 @@ class ScannerPageState extends State<ScannerPage> {
           Expanded(
             flex: 1,
             child: Center(
-              child: (totp != null) ? Text(totp!) : const Text('Scan a code'),
+              child: (totp != null) ? Text(totp!) : Text(l10n.scanACode),
             ),
           )
         ],

lib/ui/settings/account_section_widget.dart

@@ -1,6 +1,5 @@
 // @dart=2.9
 
-import 'package:convert/convert.dart';
 import 'package:ente_auth/core/configuration.dart';
 import 'package:ente_auth/services/local_authentication_service.dart';
 import 'package:ente_auth/theme/ente_theme.dart';
@@ -14,6 +13,7 @@ import 'package:ente_auth/ui/settings/common_settings.dart';
 import 'package:ente_auth/utils/dialog_util.dart';
 import 'package:ente_auth/utils/navigation_util.dart';
 import 'package:flutter/material.dart';
+import 'package:flutter_sodium/flutter_sodium.dart';
 
 class AccountSectionWidget extends StatelessWidget {
   AccountSectionWidget({Key key}) : super(key: key);
@@ -48,7 +48,7 @@ class AccountSectionWidget extends StatelessWidget {
             String recoveryKey;
             try {
               recoveryKey =
-                  hex.encode(await Configuration.instance.getRecoveryKey());
+                  Sodium.bin2hex(Configuration.instance.getRecoveryKey());
             } catch (e) {
               showGenericErrorDialog(context);
               return;

lib/ui/settings/app_update_dialog.dart

@@ -6,7 +6,7 @@ import 'package:ente_auth/ente_theme_data.dart';
 import 'package:ente_auth/services/update_service.dart';
 import 'package:flutter/material.dart';
 import 'package:logging/logging.dart';
-// import 'package:open_file/open_file.dart';
+import 'package:open_file/open_file.dart';
 
 class AppUpdateDialog extends StatefulWidget {
   final LatestVersionInfo latestVersionInfo;
@@ -157,7 +157,7 @@ class _ApkDownloaderDialogState extends State<ApkDownloaderDialog> {
         },
       );
       Navigator.of(context, rootNavigator: true).pop('dialog');
-      // OpenFile.open(_saveUrl);
+      OpenFile.open(_saveUrl);
     } catch (e) {
       Logger("ApkDownloader").severe(e);
       final AlertDialog alert = AlertDialog(

lib/ui/settings/data_section_widget.dart

@@ -6,6 +6,7 @@ import 'dart:ui';
 
 import 'package:ente_auth/core/configuration.dart';
 import 'package:ente_auth/ente_theme_data.dart';
+import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/models/code.dart';
 import 'package:ente_auth/services/authenticator_service.dart';
 import 'package:ente_auth/services/local_authentication_service.dart';
@@ -215,11 +216,12 @@ class DataSectionWidget extends StatelessWidget {
   }
 
   Future<void> _pickImportFile(BuildContext context) async {
+    final l10n = context.l10n;
     FilePickerResult result = await FilePicker.platform.pickFiles();
     if (result == null) {
       return;
     }
-    final dialog = createProgressDialog(context, "Please wait...");
+    final dialog = createProgressDialog(context, l10n.pleaseWaitTitle);
     await dialog.show();
     try {
       File file = File(result.files.single.path);
@@ -257,7 +259,7 @@ class DataSectionWidget extends StatelessWidget {
             actions: [
               TextButton(
                 child: Text(
-                  "Okay",
+                  l10n.ok,
                   style: TextStyle(
                     color: Theme.of(context).colorScheme.onSurface,
                   ),

lib/ui/settings/debug_section_widget.dart

@@ -1,18 +1,20 @@
 // @dart=2.9
 
-import 'dart:convert';
-
 import 'package:ente_auth/core/configuration.dart';
+import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/ui/settings/common_settings.dart';
 import 'package:ente_auth/ui/settings/settings_section_title.dart';
 import 'package:ente_auth/ui/settings/settings_text_item.dart';
 import 'package:expandable/expandable.dart';
 import 'package:flutter/material.dart';
+import 'package:flutter_sodium/flutter_sodium.dart';
 
 class DebugSectionWidget extends StatelessWidget {
   const DebugSectionWidget({Key key}) : super(key: key);
   @override
   Widget build(BuildContext context) {
+    // This is a debug only section not shown to end users, so these strings are
+    // not translated.
     return ExpandablePanel(
       header: const SettingsSectionTitle("Debug"),
       collapsed: Container(),
@@ -39,6 +41,7 @@ class DebugSectionWidget extends StatelessWidget {
   }
 
   void _showKeyAttributesDialog(BuildContext context) {
+    final l10n = context.l10n;
     final keyAttributes = Configuration.instance.getKeyAttributes();
     final AlertDialog alert = AlertDialog(
       title: const Text("key attributes"),
@@ -49,7 +52,7 @@ class DebugSectionWidget extends StatelessWidget {
               "Key",
               style: TextStyle(fontWeight: FontWeight.bold),
             ),
-            Text(base64Encode(Configuration.instance.getKey())),
+            Text(Sodium.bin2base64(Configuration.instance.getKey())),
             const Padding(padding: EdgeInsets.all(12)),
             const Text(
               "Encrypted Key",
@@ -74,7 +77,7 @@ class DebugSectionWidget extends StatelessWidget {
       ),
       actions: [
         TextButton(
-          child: const Text("OK"),
+          child: Text(l10n.ok),
           onPressed: () {
             Navigator.of(context, rootNavigator: true).pop('dialog');
           },

lib/ui/settings/made_with_love_widget.dart

@@ -1,3 +1,4 @@
+import 'package:ente_auth/l10n/l10n.dart';
 import 'package:flutter/material.dart';
 import 'package:url_launcher/url_launcher.dart';
 
@@ -8,13 +9,14 @@ class MadeWithLoveWidget extends StatelessWidget {
 
   @override
   Widget build(BuildContext context) {
+    final l10n = context.l10n;
     return GestureDetector(
       onTap: () {
         launchUrl(Uri.parse("https://ente.io"));
       },
       child: RichText(
         text: TextSpan(
-          text: "made with ❤️ at ",
+          text: l10n.madeWithLoveAtPrefix,
           style: DefaultTextStyle.of(context).style,
           children: const <TextSpan>[
             TextSpan(

lib/ui/settings/security_section_widget.dart

@@ -4,6 +4,7 @@ import 'dart:io';
 
 import 'package:ente_auth/core/configuration.dart';
 import 'package:ente_auth/ente_theme_data.dart';
+import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/services/local_authentication_service.dart';
 import 'package:ente_auth/theme/ente_theme.dart';
 import 'package:ente_auth/ui/account/sessions_page.dart';
@@ -45,6 +46,7 @@ class _SecuritySectionWidgetState extends State<SecuritySectionWidget> {
   }
 
   Widget _getSectionOptions(BuildContext context) {
+    final l10n = context.l10n;
     final List<Widget> children = [];
     children.addAll([
       MenuItemWidget(
@@ -106,7 +108,7 @@ class _SecuritySectionWidgetState extends State<SecuritySectionWidget> {
                     actions: [
                       TextButton(
                         child: Text(
-                          "No",
+                          l10n.no,
                           style: TextStyle(
                             color:
                                 Theme.of(context).colorScheme.defaultTextColor,
@@ -119,7 +121,7 @@ class _SecuritySectionWidgetState extends State<SecuritySectionWidget> {
                       ),
                       TextButton(
                         child: Text(
-                          "Yes",
+                          l10n.yes,
                           style: TextStyle(
                             color:
                                 Theme.of(context).colorScheme.defaultTextColor,

lib/ui/settings/support_section_widget.dart

@@ -2,6 +2,7 @@
 
 import 'package:ente_auth/core/constants.dart';
 import 'package:ente_auth/core/logging/super_logging.dart';
+import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/theme/ente_theme.dart';
 import 'package:ente_auth/ui/components/captioned_text_widget.dart';
 import 'package:ente_auth/ui/components/expandable_menu_item_widget.dart';
@@ -21,20 +22,22 @@ class SupportSectionWidget extends StatefulWidget {
 class _SupportSectionWidgetState extends State<SupportSectionWidget> {
   @override
   Widget build(BuildContext context) {
+    final l10n = context.l10n;
     return ExpandableMenuItemWidget(
-      title: "Support",
+      title: l10n.support,
       selectionOptionsWidget: _getSectionOptions(context),
       leadingIcon: Icons.help_outline_outlined,
     );
   }
 
   Widget _getSectionOptions(BuildContext context) {
+    final l10n = context.l10n;
     return Column(
       children: [
         sectionOptionSpacing,
         MenuItemWidget(
-          captionedTextWidget: const CaptionedTextWidget(
-            title: "Email",
+          captionedTextWidget: CaptionedTextWidget(
+            title: l10n.email,
           ),
           pressedColor: getEnteColorScheme(context).fillFaint,
           trailingIcon: Icons.chevron_right_outlined,
@@ -45,14 +48,14 @@ class _SupportSectionWidgetState extends State<SupportSectionWidget> {
         ),
         sectionOptionSpacing,
         MenuItemWidget(
-          captionedTextWidget: const CaptionedTextWidget(
-            title: "Report a bug",
+          captionedTextWidget: CaptionedTextWidget(
+            title: l10n.reportABug,
           ),
           pressedColor: getEnteColorScheme(context).fillFaint,
           trailingIcon: Icons.chevron_right_outlined,
           trailingIconIsMuted: true,
           onTap: () async {
-            await sendLogs(context, "Report bug", "auth@ente.io");
+            await sendLogs(context, l10n.reportBug, "auth@ente.io");
           },
           onDoubleTap: () async {
             final zipFilePath = await getZippedLogsFile(context);
@@ -61,8 +64,8 @@ class _SupportSectionWidgetState extends State<SupportSectionWidget> {
         ),
         sectionOptionSpacing,
         MenuItemWidget(
-          captionedTextWidget: const CaptionedTextWidget(
-            title: "Crash & error reporting",
+          captionedTextWidget: CaptionedTextWidget(
+            title: l10n.crashAndErrorReporting,
           ),
           trailingSwitch: ToggleSwitchWidget(
             value: SuperLogging.shouldReportErrors(),

lib/ui/settings/title_bar_widget.dart

@@ -1,3 +1,4 @@
+import 'package:ente_auth/l10n/l10n.dart';
 import 'package:flutter/material.dart';
 
 class SettingsTitleBarWidget extends StatelessWidget {
@@ -5,6 +6,7 @@ class SettingsTitleBarWidget extends StatelessWidget {
 
   @override
   Widget build(BuildContext context) {
+    final l10n = context.l10n;
     return Container(
       padding: const EdgeInsets.symmetric(vertical: 4),
       child: Padding(
@@ -19,7 +21,7 @@ class SettingsTitleBarWidget extends StatelessWidget {
               },
               icon: const Icon(Icons.keyboard_double_arrow_left_outlined),
             ),
-            const Text("Settings"),
+            Text(l10n.settings),
           ],
         ),
       ),

lib/ui/two_factor_authentication_page.dart

@@ -1,5 +1,6 @@
 // @dart=2.9
 
+import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/services/user_service.dart';
 import 'package:ente_auth/ui/lifecycle_event_handler.dart';
 import 'package:flutter/material.dart';
@@ -47,10 +48,11 @@ class _TwoFactorAuthenticationPageState
 
   @override
   Widget build(BuildContext context) {
+    final l10n = context.l10n;
     return Scaffold(
       appBar: AppBar(
-        title: const Text(
-          "Two-factor authentication",
+        title: Text(
+          l10n.twoFactorAuthTitle,
         ),
       ),
       body: _getBody(),
@@ -58,6 +60,7 @@ class _TwoFactorAuthenticationPageState
   }
 
   Widget _getBody() {
+    final l10n = context.l10n;
     final pinPutDecoration = BoxDecoration(
       border: Border.all(
         color: Theme.of(context)
@@ -73,9 +76,9 @@ class _TwoFactorAuthenticationPageState
       mainAxisAlignment: MainAxisAlignment.center,
       mainAxisSize: MainAxisSize.max,
       children: [
-        const Text(
-          "Enter the 6-digit code from\nyour authenticator app",
-          style: TextStyle(
+        Text(
+          l10n.enterCodeHint,
+          style: const TextStyle(
             height: 1.4,
             fontSize: 16,
           ),
@@ -121,7 +124,7 @@ class _TwoFactorAuthenticationPageState
                     _verifyTwoFactorCode(_code);
                   }
                 : null,
-            child: const Text("Verify"),
+            child: Text(l10n.verify),
           ),
         ),
         const Padding(padding: EdgeInsets.all(30)),
@@ -132,10 +135,10 @@ class _TwoFactorAuthenticationPageState
           },
           child: Container(
             padding: const EdgeInsets.all(10),
-            child: const Center(
+            child: Center(
               child: Text(
-                "Lost device?",
-                style: TextStyle(
+                l10n.lostDeviceTitle,
+                style: const TextStyle(
                   decoration: TextDecoration.underline,
                   fontSize: 12,
                 ),

lib/ui/two_factor_recovery_page.dart

@@ -2,6 +2,7 @@
 
 import 'dart:ui';
 
+import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/services/user_service.dart';
 import 'package:ente_auth/utils/dialog_util.dart';
 import 'package:flutter/material.dart';
@@ -27,11 +28,12 @@ class _TwoFactorRecoveryPageState extends State<TwoFactorRecoveryPage> {
 
   @override
   Widget build(BuildContext context) {
+    final l10n = context.l10n;
     return Scaffold(
       appBar: AppBar(
-        title: const Text(
-          "Recover account",
-          style: TextStyle(
+        title: Text(
+          l10n.recoverAccount,
+          style: const TextStyle(
             fontSize: 18,
           ),
         ),
@@ -44,9 +46,9 @@ class _TwoFactorRecoveryPageState extends State<TwoFactorRecoveryPage> {
           Padding(
             padding: const EdgeInsets.fromLTRB(60, 0, 60, 0),
             child: TextFormField(
-              decoration: const InputDecoration(
-                hintText: "Enter your recovery key",
-                contentPadding: EdgeInsets.all(20),
+              decoration: InputDecoration(
+                hintText: l10n.enterRecoveryKeyHint,
+                contentPadding: const EdgeInsets.all(20),
               ),
               style: const TextStyle(
                 fontSize: 14,
@@ -79,7 +81,7 @@ class _TwoFactorRecoveryPageState extends State<TwoFactorRecoveryPage> {
                       );
                     }
                   : null,
-              child: const Text("Recover"),
+              child: Text(l10n.recover),
             ),
           ),
           GestureDetector(
@@ -87,15 +89,15 @@ class _TwoFactorRecoveryPageState extends State<TwoFactorRecoveryPage> {
             onTap: () {
               showErrorDialog(
                 context,
-                "Contact support",
-                "Please drop an email to support@ente.io from your registered email address",
+                l10n.contactSupport,
+                l10n.contactSupportViaEmailMessage("support@ente.io"),
               );
             },
             child: Container(
               padding: const EdgeInsets.all(40),
               child: Center(
                 child: Text(
-                  "No recovery key?",
+                  l10n.noRecoveryKeyTitle,
                   style: TextStyle(
                     decoration: TextDecoration.underline,
                     fontSize: 12,

lib/utils/crypto_util.dart

@@ -1,106 +1,183 @@
+import 'dart:io' as io;
 import 'dart:typed_data';
 
 import 'package:computer/computer.dart';
 import 'package:ente_auth/models/derived_key_result.dart';
 import 'package:ente_auth/models/encryption_result.dart';
+import 'package:flutter_sodium/flutter_sodium.dart';
 import 'package:logging/logging.dart';
-import 'package:sodium_libs/sodium_libs.dart';
 
-Future<Uint8List> cryptoSecretboxEasy(Map<String, dynamic> args) async {
-  final sodium = await SodiumInit.init();
-  return sodium.crypto.secretBox
-      .easy(message: args["source"], nonce: args["nonce"], key: args["key"]);
+const int encryptionChunkSize = 4 * 1024 * 1024;
+final int decryptionChunkSize =
+    encryptionChunkSize + Sodium.cryptoSecretstreamXchacha20poly1305Abytes;
+
+Uint8List cryptoSecretboxEasy(Map<String, dynamic> args) {
+  return Sodium.cryptoSecretboxEasy(args["source"], args["nonce"], args["key"]);
 }
 
-Future<Uint8List> cryptoSecretboxOpenEasy(Map<String, dynamic> args) async {
-  final sodium = await SodiumInit.init();
-  return sodium.crypto.secretBox.openEasy(
-    cipherText: args["cipher"],
-    nonce: args["nonce"],
-    key: SecureKey.fromList(sodium, args["key"]),
+Uint8List cryptoSecretboxOpenEasy(Map<String, dynamic> args) {
+  return Sodium.cryptoSecretboxOpenEasy(
+    args["cipher"],
+    args["nonce"],
+    args["key"],
   );
 }
 
-Future<Uint8List> cryptoPwHash(Map<String, dynamic> args) async {
-  final sodium = await SodiumInit.init();
-  Logger("CryptoUtil").info("Sodium initialized: " + sodium.version.toString());
-  return CryptoUtil.sodium.crypto.pwhash
-      .call(
-        outLen: CryptoUtil.sodium.crypto.secretBox.keyBytes,
-        password: args["password"],
-        salt: args["salt"],
-        opsLimit: args["opsLimit"],
-        memLimit: args["memLimit"],
-      )
-      .extractBytes();
+Uint8List cryptoPwHash(Map<String, dynamic> args) {
+  return Sodium.cryptoPwhash(
+    Sodium.cryptoSecretboxKeybytes,
+    args["password"],
+    args["salt"],
+    args["opsLimit"],
+    args["memLimit"],
+    Sodium.cryptoPwhashAlgDefault,
+  );
 }
 
-Future<EncryptionResult> chachaEncryptData(Map<String, dynamic> args) async {
-  final sodium = await SodiumInit.init();
-
-  Stream<SecretStreamPlainMessage> getStream(Uint8List data) async* {
-    yield SecretStreamPlainMessage(data, tag: SecretStreamMessageTag.finalPush);
-  }
-
-  final resultStream = sodium.crypto.secretStream.pushEx(
-    key: SecureKey.fromList(sodium, args["key"]),
-    messageStream: getStream(args["source"]),
-  );
-  Uint8List? header, encryptedData;
-  await for (final value in resultStream) {
-    if (header == null) {
-      header = value.message;
-      continue;
-    } else {
-      encryptedData = value.message;
+Uint8List cryptoGenericHash(Map<String, dynamic> args) {
+  final sourceFile = io.File(args["sourceFilePath"]);
+  final sourceFileLength = sourceFile.lengthSync();
+  final inputFile = sourceFile.openSync(mode: io.FileMode.read);
+  final state =
+      Sodium.cryptoGenerichashInit(null, Sodium.cryptoGenerichashBytesMax);
+  var bytesRead = 0;
+  bool isDone = false;
+  while (!isDone) {
+    var chunkSize = encryptionChunkSize;
+    if (bytesRead + chunkSize >= sourceFileLength) {
+      chunkSize = sourceFileLength - bytesRead;
+      isDone = true;
     }
+    final buffer = inputFile.readSync(chunkSize);
+    bytesRead += chunkSize;
+    Sodium.cryptoGenerichashUpdate(state, buffer);
   }
-  return EncryptionResult(encryptedData: encryptedData, header: header);
+  inputFile.closeSync();
+  return Sodium.cryptoGenerichashFinal(state, Sodium.cryptoGenerichashBytesMax);
 }
 
-Future<Uint8List> chachaDecryptData(Map<String, dynamic> args) async {
-  final sodium = await SodiumInit.init();
+EncryptionResult chachaEncryptData(Map<String, dynamic> args) {
+  final initPushResult =
+      Sodium.cryptoSecretstreamXchacha20poly1305InitPush(args["key"]);
+  final encryptedData = Sodium.cryptoSecretstreamXchacha20poly1305Push(
+    initPushResult.state,
+    args["source"],
+    null,
+    Sodium.cryptoSecretstreamXchacha20poly1305TagFinal,
+  );
+  return EncryptionResult(
+    encryptedData: encryptedData,
+    header: initPushResult.header,
+  );
+}
 
-  Stream<SecretStreamCipherMessage> getStream() async* {
-    yield SecretStreamCipherMessage(args["header"]);
-    yield SecretStreamCipherMessage(args["source"]);
+Future<EncryptionResult> chachaEncryptFile(Map<String, dynamic> args) async {
+  final encryptionStartTime = DateTime.now().millisecondsSinceEpoch;
+  final logger = Logger("ChaChaEncrypt");
+  final sourceFile = io.File(args["sourceFilePath"]);
+  final destinationFile = io.File(args["destinationFilePath"]);
+  final sourceFileLength = await sourceFile.length();
+  logger.info("Encrypting file of size " + sourceFileLength.toString());
+
+  final inputFile = sourceFile.openSync(mode: io.FileMode.read);
+  final key = args["key"] ?? Sodium.cryptoSecretstreamXchacha20poly1305Keygen();
+  final initPushResult =
+      Sodium.cryptoSecretstreamXchacha20poly1305InitPush(key);
+  var bytesRead = 0;
+  var tag = Sodium.cryptoSecretstreamXchacha20poly1305TagMessage;
+  while (tag != Sodium.cryptoSecretstreamXchacha20poly1305TagFinal) {
+    var chunkSize = encryptionChunkSize;
+    if (bytesRead + chunkSize >= sourceFileLength) {
+      chunkSize = sourceFileLength - bytesRead;
+      tag = Sodium.cryptoSecretstreamXchacha20poly1305TagFinal;
+    }
+    final buffer = inputFile.readSync(chunkSize);
+    bytesRead += chunkSize;
+    final encryptedData = Sodium.cryptoSecretstreamXchacha20poly1305Push(
+      initPushResult.state,
+      buffer,
+      null,
+      tag,
+    );
+    await destinationFile.writeAsBytes(encryptedData, mode: io.FileMode.append);
   }
+  inputFile.closeSync();
 
-  final resultStream = sodium.crypto.secretStream.pullEx(
-    key: SecureKey.fromList(sodium, args["key"]),
-    cipherStream: getStream(),
+  logger.info(
+    "Encryption time: " +
+        (DateTime.now().millisecondsSinceEpoch - encryptionStartTime)
+            .toString(),
   );
 
-  await for (final result in resultStream) {
-    return result.message;
+  return EncryptionResult(key: key, header: initPushResult.header);
+}
+
+Future<void> chachaDecryptFile(Map<String, dynamic> args) async {
+  final logger = Logger("ChaChaDecrypt");
+  final decryptionStartTime = DateTime.now().millisecondsSinceEpoch;
+  final sourceFile = io.File(args["sourceFilePath"]);
+  final destinationFile = io.File(args["destinationFilePath"]);
+  final sourceFileLength = await sourceFile.length();
+  logger.info("Decrypting file of size " + sourceFileLength.toString());
+
+  final inputFile = sourceFile.openSync(mode: io.FileMode.read);
+  final pullState = Sodium.cryptoSecretstreamXchacha20poly1305InitPull(
+    args["header"],
+    args["key"],
+  );
+
+  var bytesRead = 0;
+  var tag = Sodium.cryptoSecretstreamXchacha20poly1305TagMessage;
+  while (tag != Sodium.cryptoSecretstreamXchacha20poly1305TagFinal) {
+    var chunkSize = decryptionChunkSize;
+    if (bytesRead + chunkSize >= sourceFileLength) {
+      chunkSize = sourceFileLength - bytesRead;
+    }
+    final buffer = inputFile.readSync(chunkSize);
+    bytesRead += chunkSize;
+    final pullResult =
+        Sodium.cryptoSecretstreamXchacha20poly1305Pull(pullState, buffer, null);
+    await destinationFile.writeAsBytes(pullResult.m, mode: io.FileMode.append);
+    tag = pullResult.tag;
   }
-    return Uint8List(0);
+  inputFile.closeSync();
+
+  logger.info(
+    "ChaCha20 Decryption time: " +
+        (DateTime.now().millisecondsSinceEpoch - decryptionStartTime)
+            .toString(),
+  );
+}
+
+Uint8List chachaDecryptData(Map<String, dynamic> args) {
+  final pullState = Sodium.cryptoSecretstreamXchacha20poly1305InitPull(
+    args["header"],
+    args["key"],
+  );
+  final pullResult = Sodium.cryptoSecretstreamXchacha20poly1305Pull(
+    pullState,
+    args["source"],
+    null,
+  );
+  return pullResult.m;
 }
 
 class CryptoUtil {
   static final Computer _computer = Computer();
-  static late Sodium sodium;
 
-  static init() async {
+  static init() {
     _computer.turnOn(workersCount: 4);
     // Sodium.init();
-    sodium = await SodiumInit.init();
-    Logger("CryptoUtil")
-        .info("Sodium initialized: " + sodium.version.toString());
   }
 
-  static Future<EncryptionResult> encrypt(
-    Uint8List source,
-    Uint8List key,
-  ) async {
-    final nonce = sodium.randombytes.buf(sodium.crypto.secretBox.nonceBytes);
+  static EncryptionResult encryptSync(Uint8List source, Uint8List key) {
+    final nonce = Sodium.randombytesBuf(Sodium.cryptoSecretboxNoncebytes);
 
     final args = <String, dynamic>{};
     args["source"] = source;
     args["nonce"] = nonce;
     args["key"] = key;
-    final encryptedData = await cryptoSecretboxEasy(args);
-
+    final encryptedData = cryptoSecretboxEasy(args);
     return EncryptionResult(
       key: key,
       nonce: nonce,
@@ -113,12 +190,24 @@ class CryptoUtil {
     Uint8List key,
     Uint8List nonce,
   ) async {
-    final sodium = await SodiumInit.init();
-    return sodium.crypto.secretBox.openEasy(
-      cipherText: cipher,
-      nonce: nonce,
-      key: SecureKey.fromList(sodium, key),
-    );
+    final args = <String, dynamic>{};
+    args["cipher"] = cipher;
+    args["nonce"] = nonce;
+    args["key"] = key;
+    return _computer.compute(cryptoSecretboxOpenEasy, param: args);
+  }
+
+  static Uint8List decryptSync(
+    Uint8List cipher,
+    Uint8List? key,
+    Uint8List nonce,
+  ) {
+    assert(key != null, "key can not be null");
+    final args = <String, dynamic>{};
+    args["cipher"] = cipher;
+    args["nonce"] = nonce;
+    args["key"] = key;
+    return cryptoSecretboxOpenEasy(args);
   }
 
   static Future<EncryptionResult> encryptChaCha(
@@ -140,19 +229,45 @@ class CryptoUtil {
     args["source"] = source;
     args["key"] = key;
     args["header"] = header;
-    return chachaDecryptData(args);
+    return _computer.compute(chachaDecryptData, param: args);
+  }
+
+  static Future<EncryptionResult> encryptFile(
+    String sourceFilePath,
+    String destinationFilePath, {
+    Uint8List? key,
+  }) {
+    final args = <String, dynamic>{};
+    args["sourceFilePath"] = sourceFilePath;
+    args["destinationFilePath"] = destinationFilePath;
+    args["key"] = key;
+    return _computer.compute(chachaEncryptFile, param: args);
+  }
+
+  static Future<void> decryptFile(
+    String sourceFilePath,
+    String destinationFilePath,
+    Uint8List header,
+    Uint8List key,
+  ) {
+    final args = <String, dynamic>{};
+    args["sourceFilePath"] = sourceFilePath;
+    args["destinationFilePath"] = destinationFilePath;
+    args["header"] = header;
+    args["key"] = key;
+    return _computer.compute(chachaDecryptFile, param: args);
   }
 
   static Uint8List generateKey() {
-    return sodium.crypto.secretBox.keygen().extractBytes();
+    return Sodium.cryptoSecretboxKeygen();
   }
 
   static Uint8List getSaltToDeriveKey() {
-    return sodium.randombytes.buf(sodium.crypto.pwhash.saltBytes);
+    return Sodium.randombytesBuf(Sodium.cryptoPwhashSaltbytes);
   }
 
   static Future<KeyPair> generateKeyPair() async {
-    return sodium.crypto.box.keyPair();
+    return Sodium.cryptoBoxKeypair();
   }
 
   static Uint8List openSealSync(
@@ -160,15 +275,11 @@ class CryptoUtil {
     Uint8List publicKey,
     Uint8List secretKey,
   ) {
-    return sodium.crypto.box.sealOpen(
-      cipherText: input,
-      publicKey: publicKey,
-      secretKey: SecureKey.fromList(sodium, secretKey),
-    );
+    return Sodium.cryptoBoxSealOpen(input, publicKey, secretKey);
   }
 
   static Uint8List sealSync(Uint8List input, Uint8List publicKey) {
-    return sodium.crypto.box.seal(message: input, publicKey: publicKey);
+    return Sodium.cryptoBoxSeal(input, publicKey);
   }
 
   static Future<DerivedKeyResult> deriveSensitiveKey(
@@ -176,11 +287,11 @@ class CryptoUtil {
     Uint8List salt,
   ) async {
     final logger = Logger("pwhash");
-    int memLimit = sodium.crypto.pwhash.memLimitSensitive;
-    int opsLimit = sodium.crypto.pwhash.opsLimitSensitive;
+    int memLimit = Sodium.cryptoPwhashMemlimitSensitive;
+    int opsLimit = Sodium.cryptoPwhashOpslimitSensitive;
     Uint8List key;
-    while (memLimit > sodium.crypto.pwhash.memLimitMin &&
-        opsLimit < sodium.crypto.pwhash.opsLimitMax) {
+    while (memLimit > Sodium.cryptoPwhashMemlimitMin &&
+        opsLimit < Sodium.cryptoPwhashOpslimitMax) {
       try {
         key = await deriveKey(password, salt, memLimit, opsLimit);
         return DerivedKeyResult(key, memLimit, opsLimit);
@@ -198,27 +309,24 @@ class CryptoUtil {
     Uint8List salt,
     int memLimit,
     int opsLimit,
-  ) async {
-    final sodium = await SodiumInit.init();
-    Logger("CryptoUtil")
-        .info("Sodium initialized: " + sodium.version.toString());
-    return sodium.crypto.pwhash
-        .call(
-          outLen: CryptoUtil.sodium.crypto.secretBox.keyBytes,
-          password: Int8List.fromList(password),
-          salt: salt,
-          opsLimit: opsLimit,
-          memLimit: memLimit,
-        )
-        .extractBytes();
-    // return _computer.compute(
-    //   cryptoPwHash,
-    //   param: {
-    //     "password": password,
-    //     "salt": salt,
-    //     "memLimit": memLimit,
-    //     "opsLimit": opsLimit,
-    //   },
-    // );
+  ) {
+    return _computer.compute(
+      cryptoPwHash,
+      param: {
+        "password": password,
+        "salt": salt,
+        "memLimit": memLimit,
+        "opsLimit": opsLimit,
+      },
+    );
+  }
+
+  static Future<Uint8List> getHash(io.File source) {
+    return _computer.compute(
+      cryptoGenericHash,
+      param: {
+        "sourceFilePath": source.path,
+      },
+    );
   }
 }

lib/utils/dialog_util.dart

@@ -3,6 +3,7 @@
 import 'dart:math';
 
 import 'package:confetti/confetti.dart';
+import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/ui/common/loading_widget.dart';
 import 'package:ente_auth/ui/common/progress_dialog.dart';
 import 'package:flutter/material.dart';
@@ -32,6 +33,7 @@ Future<dynamic> showErrorDialog(
   String title,
   String content,
 ) {
+  final l10n = context.l10n;
   final AlertDialog alert = AlertDialog(
     shape: RoundedRectangleBorder(borderRadius: BorderRadius.circular(10)),
     title: title.isEmpty
@@ -44,7 +46,7 @@ Future<dynamic> showErrorDialog(
     actions: [
       TextButton(
         child: Text(
-          "Ok",
+          l10n.ok,
           style: TextStyle(
             color: Theme.of(context).colorScheme.onSurface,
           ),

lib/utils/email_util.dart

@@ -7,6 +7,7 @@ import 'package:email_validator/email_validator.dart';
 import 'package:ente_auth/core/configuration.dart';
 import 'package:ente_auth/core/logging/super_logging.dart';
 import 'package:ente_auth/ente_theme_data.dart';
+import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/ui/common/dialogs.dart';
 import 'package:ente_auth/ui/tools/debug/log_file_viewer.dart';
 // import 'package:ente_auth/ui/tools/debug/log_file_viewer.dart';
@@ -37,6 +38,7 @@ Future<void> sendLogs(
   String subject,
   String body,
 }) async {
+  final l10n = context.l10n;
   final List<Widget> actions = [
     TextButton(
       child: Row(
@@ -48,7 +50,7 @@ Future<void> sendLogs(
           ),
           const Padding(padding: EdgeInsets.all(4)),
           Text(
-            "View logs",
+            l10n.viewLogsAction,
             style: TextStyle(
               color: Theme.of(context)
                   .colorScheme
@@ -88,11 +90,9 @@ Future<void> sendLogs(
   final List<Widget> content = [];
   content.addAll(
     [
-      const Text(
-        "This will send across logs to help us debug your issue. "
-        "While we take precautions to ensure that sensitive information is not "
-        "logged, we encourage you to view these logs before sharing them.",
-        style: TextStyle(
+      Text(
+        l10n.sendLogsDescription,
+        style: const TextStyle(
           height: 1.5,
           fontSize: 16,
         ),
@@ -148,7 +148,8 @@ Future<void> _sendLogs(
 }
 
 Future<String> getZippedLogsFile(BuildContext context) async {
-  final dialog = createProgressDialog(context, "Preparing logs...");
+  final l10n = context.l10n;
+  final dialog = createProgressDialog(context, l10n.preparingLogsTitle);
   await dialog.show();
   final logsPath = (await getApplicationSupportDirectory()).path;
   final logsDirectory = Directory(logsPath + "/logs");
@@ -168,12 +169,13 @@ Future<void> shareLogs(
   String toEmail,
   String zipFilePath,
 ) async {
+  final l10n = context.l10n;
   final result = await showChoiceDialog(
     context,
-    "Email logs",
-    "Please send the logs to $toEmail",
-    firstAction: "Copy email",
-    secondAction: "Export logs",
+    l10n.emailLogsTitle,
+    l10n.emailLogsMessage(toEmail),
+    firstAction: l10n.copyEmailAction,
+    secondAction: l10n.exportLogsAction,
   );
   if (result != null && result == DialogUserChoice.firstChoice) {
     await Clipboard.setData(ClipboardData(text: toEmail));
@@ -237,21 +239,22 @@ Future<String> _clientInfo() async {
 }
 
 void _showNoMailAppsDialog(BuildContext context, String toEmail) {
+  final l10n = context.l10n;
   showDialog(
     context: context,
     builder: (context) {
       return AlertDialog(
-        title: Text('Please email us at $toEmail'),
+        title: Text(l10n.emailUsMessage(toEmail)),
         actions: <Widget>[
           TextButton(
-            child: const Text("Copy email"),
+            child: Text(l10n.copyEmailAction),
             onPressed: () async {
               await Clipboard.setData(ClipboardData(text: toEmail));
-              showShortToast(context, 'Copied');
+              showShortToast(context, l10n.copied);
             },
           ),
           TextButton(
-            child: const Text("OK"),
+            child: Text(l10n.ok),
             onPressed: () {
               Navigator.pop(context);
             },

linux/flutter/generated_plugin_registrant.cc

@@ -8,9 +8,7 @@
 
 #include <flutter_secure_storage_linux/flutter_secure_storage_linux_plugin.h>
 #include <sentry_flutter/sentry_flutter_plugin.h>
-#include <sodium_libs/sodium_libs_plugin.h>
 #include <url_launcher_linux/url_launcher_plugin.h>
-#include <window_size/window_size_plugin.h>
 
 void fl_register_plugins(FlPluginRegistry* registry) {
   g_autoptr(FlPluginRegistrar) flutter_secure_storage_linux_registrar =
@@ -19,13 +17,7 @@ void fl_register_plugins(FlPluginRegistry* registry) {
   g_autoptr(FlPluginRegistrar) sentry_flutter_registrar =
       fl_plugin_registry_get_registrar_for_plugin(registry, "SentryFlutterPlugin");
   sentry_flutter_plugin_register_with_registrar(sentry_flutter_registrar);
-  g_autoptr(FlPluginRegistrar) sodium_libs_registrar =
-      fl_plugin_registry_get_registrar_for_plugin(registry, "SodiumLibsPlugin");
-  sodium_libs_plugin_register_with_registrar(sodium_libs_registrar);
   g_autoptr(FlPluginRegistrar) url_launcher_linux_registrar =
       fl_plugin_registry_get_registrar_for_plugin(registry, "UrlLauncherPlugin");
   url_launcher_plugin_register_with_registrar(url_launcher_linux_registrar);
-  g_autoptr(FlPluginRegistrar) window_size_registrar =
-      fl_plugin_registry_get_registrar_for_plugin(registry, "WindowSizePlugin");
-  window_size_plugin_register_with_registrar(window_size_registrar);
 }

linux/flutter/generated_plugins.cmake

@@ -5,9 +5,7 @@
 list(APPEND FLUTTER_PLUGIN_LIST
   flutter_secure_storage_linux
   sentry_flutter
-  sodium_libs
   url_launcher_linux
-  window_size
 )
 
 list(APPEND FLUTTER_FFI_PLUGIN_LIST

macos/Flutter/GeneratedPluginRegistrant.swift

@@ -13,10 +13,8 @@ import path_provider_macos
 import sentry_flutter
 import share_plus_macos
 import shared_preferences_macos
-import sodium_libs
 import sqflite
 import url_launcher_macos
-import window_size
 
 func RegisterGeneratedPlugins(registry: FlutterPluginRegistry) {
   ConnectivityPlugin.register(with: registry.registrar(forPlugin: "ConnectivityPlugin"))
@@ -27,8 +25,6 @@ func RegisterGeneratedPlugins(registry: FlutterPluginRegistry) {
   SentryFlutterPlugin.register(with: registry.registrar(forPlugin: "SentryFlutterPlugin"))
   SharePlusMacosPlugin.register(with: registry.registrar(forPlugin: "SharePlusMacosPlugin"))
   SharedPreferencesPlugin.register(with: registry.registrar(forPlugin: "SharedPreferencesPlugin"))
-  SodiumLibsPlugin.register(with: registry.registrar(forPlugin: "SodiumLibsPlugin"))
   SqflitePlugin.register(with: registry.registrar(forPlugin: "SqflitePlugin"))
   UrlLauncherPlugin.register(with: registry.registrar(forPlugin: "UrlLauncherPlugin"))
-  WindowSizePlugin.register(with: registry.registrar(forPlugin: "WindowSizePlugin"))
 }

macos/Podfile.lock

@@ -2,8 +2,6 @@ PODS:
   - connectivity_macos (0.0.1):
     - FlutterMacOS
     - Reachability
-  - flutter_local_notifications (0.0.1):
-    - FlutterMacOS
   - flutter_secure_storage_macos (3.3.1):
     - FlutterMacOS
   - FlutterMacOS (1.0.0)
@@ -15,54 +13,35 @@ PODS:
   - path_provider_macos (0.0.1):
     - FlutterMacOS
   - Reachability (3.2)
-  - Sentry/HybridSDK (7.30.2)
-  - sentry_flutter (0.0.1):
-    - Flutter
-    - FlutterMacOS
-    - Sentry/HybridSDK (= 7.30.2)
   - share_plus_macos (0.0.1):
     - FlutterMacOS
   - shared_preferences_macos (0.0.1):
     - FlutterMacOS
-  - Sodium (0.9.1)
-  - sodium_libs (1.2.0):
-    - FlutterMacOS
-    - Sodium
   - sqflite (0.0.2):
     - FlutterMacOS
     - FMDB (>= 2.7.5)
   - url_launcher_macos (0.0.1):
     - FlutterMacOS
-  - window_size (0.0.2):
-    - FlutterMacOS
 
 DEPENDENCIES:
   - connectivity_macos (from `Flutter/ephemeral/.symlinks/plugins/connectivity_macos/macos`)
-  - flutter_local_notifications (from `Flutter/ephemeral/.symlinks/plugins/flutter_local_notifications/macos`)
   - flutter_secure_storage_macos (from `Flutter/ephemeral/.symlinks/plugins/flutter_secure_storage_macos/macos`)
   - FlutterMacOS (from `Flutter/ephemeral`)
   - package_info_plus_macos (from `Flutter/ephemeral/.symlinks/plugins/package_info_plus_macos/macos`)
   - path_provider_macos (from `Flutter/ephemeral/.symlinks/plugins/path_provider_macos/macos`)
-  - sentry_flutter (from `Flutter/ephemeral/.symlinks/plugins/sentry_flutter/macos`)
   - share_plus_macos (from `Flutter/ephemeral/.symlinks/plugins/share_plus_macos/macos`)
   - shared_preferences_macos (from `Flutter/ephemeral/.symlinks/plugins/shared_preferences_macos/macos`)
-  - sodium_libs (from `Flutter/ephemeral/.symlinks/plugins/sodium_libs/macos`)
   - sqflite (from `Flutter/ephemeral/.symlinks/plugins/sqflite/macos`)
   - url_launcher_macos (from `Flutter/ephemeral/.symlinks/plugins/url_launcher_macos/macos`)
-  - window_size (from `Flutter/ephemeral/.symlinks/plugins/window_size/macos`)
 
 SPEC REPOS:
   trunk:
     - FMDB
     - Reachability
-    - Sentry
-    - Sodium
 
 EXTERNAL SOURCES:
   connectivity_macos:
     :path: Flutter/ephemeral/.symlinks/plugins/connectivity_macos/macos
-  flutter_local_notifications:
-    :path: Flutter/ephemeral/.symlinks/plugins/flutter_local_notifications/macos
   flutter_secure_storage_macos:
     :path: Flutter/ephemeral/.symlinks/plugins/flutter_secure_storage_macos/macos
   FlutterMacOS:
@@ -71,39 +50,27 @@ EXTERNAL SOURCES:
     :path: Flutter/ephemeral/.symlinks/plugins/package_info_plus_macos/macos
   path_provider_macos:
     :path: Flutter/ephemeral/.symlinks/plugins/path_provider_macos/macos
-  sentry_flutter:
-    :path: Flutter/ephemeral/.symlinks/plugins/sentry_flutter/macos
   share_plus_macos:
     :path: Flutter/ephemeral/.symlinks/plugins/share_plus_macos/macos
   shared_preferences_macos:
     :path: Flutter/ephemeral/.symlinks/plugins/shared_preferences_macos/macos
-  sodium_libs:
-    :path: Flutter/ephemeral/.symlinks/plugins/sodium_libs/macos
   sqflite:
     :path: Flutter/ephemeral/.symlinks/plugins/sqflite/macos
   url_launcher_macos:
     :path: Flutter/ephemeral/.symlinks/plugins/url_launcher_macos/macos
-  window_size:
-    :path: Flutter/ephemeral/.symlinks/plugins/window_size/macos
 
 SPEC CHECKSUMS:
   connectivity_macos: 5dae6ee11d320fac7c05f0d08bd08fc32b5514d9
-  flutter_local_notifications: 3805ca215b2fb7f397d78b66db91f6a747af52e4
   flutter_secure_storage_macos: 6ceee8fbc7f484553ad17f79361b556259df89aa
   FlutterMacOS: ae6af50a8ea7d6103d888583d46bd8328a7e9811
   FMDB: 2ce00b547f966261cd18927a3ddb07cb6f3db82a
   package_info_plus_macos: f010621b07802a241d96d01876d6705f15e77c1c
   path_provider_macos: 3c0c3b4b0d4a76d2bf989a913c2de869c5641a19
   Reachability: 33e18b67625424e47b6cde6d202dce689ad7af96
-  Sentry: 9be48e341494bc976c963b05aa4a8ca48308c684
-  sentry_flutter: 544e6376e35b00eef9f0864f8bb7f10a0e204993
   share_plus_macos: 853ee48e7dce06b633998ca0735d482dd671ade4
   shared_preferences_macos: a64dc611287ed6cbe28fd1297898db1336975727
-  Sodium: 23d11554ecd556196d313cf6130d406dfe7ac6da
-  sodium_libs: f6ceec5c5f48fb59fc88a8513e9d3f92a7ae92f7
   sqflite: a5789cceda41d54d23f31d6de539d65bb14100ea
   url_launcher_macos: 597e05b8e514239626bcf4a850fcf9ef5c856ec3
-  window_size: 339dafa0b27a95a62a843042038fa6c3c48de195
 
 PODFILE CHECKSUM: 6eac6b3292e5142cfc23bdeb71848a40ec51c14c
 

macos/Runner.xcodeproj/project.pbxproj

@@ -55,7 +55,7 @@
 /* Begin PBXFileReference section */
 		333000ED22D3DE5D00554162 /* Warnings.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = Warnings.xcconfig; sourceTree = "<group>"; };
 		335BBD1A22A9A15E00E9071D /* GeneratedPluginRegistrant.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = GeneratedPluginRegistrant.swift; sourceTree = "<group>"; };
-		33CC10ED2044A3C60003C045 /* auth.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = auth.app; sourceTree = BUILT_PRODUCTS_DIR; };
+		33CC10ED2044A3C60003C045 /* authenticator.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = authenticator.app; sourceTree = BUILT_PRODUCTS_DIR; };
 		33CC10F02044A3C60003C045 /* AppDelegate.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppDelegate.swift; sourceTree = "<group>"; };
 		33CC10F22044A3C60003C045 /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; name = Assets.xcassets; path = Runner/Assets.xcassets; sourceTree = "<group>"; };
 		33CC10F52044A3C60003C045 /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = Base; path = Base.lproj/MainMenu.xib; sourceTree = "<group>"; };
@@ -94,6 +94,7 @@
 				4F2F733D93DB4D2D82767271 /* Pods-Runner.release.xcconfig */,
 				B347CC163E4E13C897729F91 /* Pods-Runner.profile.xcconfig */,
 			);
+			name = Pods;
 			path = Pods;
 			sourceTree = "<group>";
 		};
@@ -122,7 +123,7 @@
 		33CC10EE2044A3C60003C045 /* Products */ = {
 			isa = PBXGroup;
 			children = (
-				33CC10ED2044A3C60003C045 /* auth.app */,
+				33CC10ED2044A3C60003C045 /* authenticator.app */,
 			);
 			name = Products;
 			sourceTree = "<group>";
@@ -192,7 +193,7 @@
 			);
 			name = Runner;
 			productName = Runner;
-			productReference = 33CC10ED2044A3C60003C045 /* auth.app */;
+			productReference = 33CC10ED2044A3C60003C045 /* authenticator.app */;
 			productType = "com.apple.product-type.application";
 		};
 /* End PBXNativeTarget section */
@@ -418,10 +419,8 @@
 				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
 				CLANG_ENABLE_MODULES = YES;
 				CODE_SIGN_ENTITLEMENTS = Runner/DebugProfile.entitlements;
-				"CODE_SIGN_IDENTITY[sdk=macosx*]" = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				DEVELOPMENT_TEAM = 6Z68YJY9Q2;
 				INFOPLIST_FILE = Runner/Info.plist;
 				LD_RUNPATH_SEARCH_PATHS = (
 					"$(inherited)",
@@ -546,10 +545,8 @@
 				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
 				CLANG_ENABLE_MODULES = YES;
 				CODE_SIGN_ENTITLEMENTS = Runner/DebugProfile.entitlements;
-				"CODE_SIGN_IDENTITY[sdk=macosx*]" = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				DEVELOPMENT_TEAM = 6Z68YJY9Q2;
 				INFOPLIST_FILE = Runner/Info.plist;
 				LD_RUNPATH_SEARCH_PATHS = (
 					"$(inherited)",
@@ -568,10 +565,8 @@
 				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
 				CLANG_ENABLE_MODULES = YES;
 				CODE_SIGN_ENTITLEMENTS = Runner/Release.entitlements;
-				"CODE_SIGN_IDENTITY[sdk=macosx*]" = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				DEVELOPMENT_TEAM = 6Z68YJY9Q2;
 				INFOPLIST_FILE = Runner/Info.plist;
 				LD_RUNPATH_SEARCH_PATHS = (
 					"$(inherited)",

macos/Runner.xcodeproj/xcshareddata/xcschemes/Runner.xcscheme

@@ -15,7 +15,7 @@
             <BuildableReference
                BuildableIdentifier = "primary"
                BlueprintIdentifier = "33CC10EC2044A3C60003C045"
-               BuildableName = "auth.app"
+               BuildableName = "authenticator.app"
                BlueprintName = "Runner"
                ReferencedContainer = "container:Runner.xcodeproj">
             </BuildableReference>
@@ -31,7 +31,7 @@
          <BuildableReference
             BuildableIdentifier = "primary"
             BlueprintIdentifier = "33CC10EC2044A3C60003C045"
-            BuildableName = "auth.app"
+            BuildableName = "authenticator.app"
             BlueprintName = "Runner"
             ReferencedContainer = "container:Runner.xcodeproj">
          </BuildableReference>
@@ -54,7 +54,7 @@
          <BuildableReference
             BuildableIdentifier = "primary"
             BlueprintIdentifier = "33CC10EC2044A3C60003C045"
-            BuildableName = "auth.app"
+            BuildableName = "authenticator.app"
             BlueprintName = "Runner"
             ReferencedContainer = "container:Runner.xcodeproj">
          </BuildableReference>
@@ -71,7 +71,7 @@
          <BuildableReference
             BuildableIdentifier = "primary"
             BlueprintIdentifier = "33CC10EC2044A3C60003C045"
-            BuildableName = "auth.app"
+            BuildableName = "authenticator.app"
             BlueprintName = "Runner"
             ReferencedContainer = "container:Runner.xcodeproj">
          </BuildableReference>

macos/Runner/DebugProfile.entitlements

@@ -6,14 +6,9 @@
 	<true/>
 	<key>com.apple.security.cs.allow-jit</key>
 	<true/>
-	<key>com.apple.security.network.client</key>
-	<true/>
 	<key>com.apple.security.network.server</key>
 	<true/>
-	<key>keychain-access-groups</key>
-	<array>
-		<string>$(AppIdentifierPrefix)io.ente.auth</string>
-		<string>$(AppIdentifierPrefix)io.ente.photos</string>
-	</array>
+	<key>com.apple.security.network.client</key>
+    <true/>
 </dict>
 </plist>

macos/Runner/Release.entitlements

@@ -5,11 +5,6 @@
 	<key>com.apple.security.app-sandbox</key>
 	<true/>
 	<key>com.apple.security.network.client</key>
-	<true/>
-	<key>keychain-access-groups</key>
-	<array>
-		<string>$(AppIdentifierPrefix)io.ente.auth</string>
-		<string>$(AppIdentifierPrefix)io.ente.photos</string>
-	</array>
+    <true/>
 </dict>
 </plist>

pubspec.lock

@@ -219,12 +219,12 @@ packages:
     source: hosted
     version: "2.0.1"
   convert:
-    dependency: "direct main"
+    dependency: transitive
     description:
       name: convert
       url: "https://pub.dartlang.org"
     source: hosted
-    version: "3.1.1"
+    version: "3.0.2"
   coverage:
     dependency: transitive
     description:
@@ -266,7 +266,7 @@ packages:
       name: dbus
       url: "https://pub.dartlang.org"
     source: hosted
-    version: "0.7.4"
+    version: "0.7.8"
   device_info:
     dependency: "direct main"
     description:
@@ -343,7 +343,7 @@ packages:
       name: ffi
       url: "https://pub.dartlang.org"
     source: hosted
-    version: "1.2.1"
+    version: "2.0.1"
   file:
     dependency: transitive
     description:
@@ -357,7 +357,7 @@ packages:
       name: file_picker
       url: "https://pub.dartlang.org"
     source: hosted
-    version: "4.6.1"
+    version: "5.2.4"
   fixnum:
     dependency: transitive
     description:
@@ -501,6 +501,15 @@ packages:
       url: "https://pub.dartlang.org"
     source: hosted
     version: "2.0.0"
+  flutter_sodium:
+    dependency: "direct main"
+    description:
+      path: "."
+      ref: HEAD
+      resolved-ref: "267435eaf07af60b94406adf14bedf21e08a6b4f"
+      url: "https://github.com/ente-io/flutter_sodium.git"
+    source: git
+    version: "0.2.0"
   flutter_speed_dial:
     dependency: "direct main"
     description:
@@ -532,13 +541,6 @@ packages:
       url: "https://pub.dartlang.org"
     source: hosted
     version: "8.1.1"
-  freezed_annotation:
-    dependency: transitive
-    description:
-      name: freezed_annotation
-      url: "https://pub.dartlang.org"
-    source: hosted
-    version: "2.1.0"
   frontend_server_client:
     dependency: transitive
     description:
@@ -721,6 +723,13 @@ packages:
       url: "https://pub.dartlang.org"
     source: hosted
     version: "2.0.1"
+  open_file:
+    dependency: "direct main"
+    description:
+      name: open_file
+      url: "https://pub.dartlang.org"
+    source: hosted
+    version: "3.2.1"
   otp:
     dependency: "direct main"
     description:
@@ -741,7 +750,7 @@ packages:
       name: package_info_plus
       url: "https://pub.dartlang.org"
     source: hosted
-    version: "1.4.2"
+    version: "1.4.3+1"
   package_info_plus_linux:
     dependency: transitive
     description:
@@ -776,7 +785,7 @@ packages:
       name: package_info_plus_windows
       url: "https://pub.dartlang.org"
     source: hosted
-    version: "1.0.5"
+    version: "2.1.0"
   password_strength:
     dependency: "direct main"
     description:
@@ -853,7 +862,7 @@ packages:
       name: path_provider_windows
       url: "https://pub.dartlang.org"
     source: hosted
-    version: "2.0.7"
+    version: "2.1.3"
   petitparser:
     dependency: transitive
     description:
@@ -1076,20 +1085,6 @@ packages:
     description: flutter
     source: sdk
     version: "0.0.99"
-  sodium:
-    dependency: "direct main"
-    description:
-      name: sodium
-      url: "https://pub.dartlang.org"
-    source: hosted
-    version: "1.2.2"
-  sodium_libs:
-    dependency: "direct main"
-    description:
-      name: sodium_libs
-      url: "https://pub.dartlang.org"
-    source: hosted
-    version: "1.2.3"
   source_gen:
     dependency: transitive
     description:
@@ -1341,16 +1336,7 @@ packages:
       name: win32
       url: "https://pub.dartlang.org"
     source: hosted
-    version: "2.6.1"
-  window_size:
-    dependency: "direct main"
-    description:
-      path: "plugins/window_size"
-      ref: a738913c8ce2c9f47515382d40827e794a334274
-      resolved-ref: a738913c8ce2c9f47515382d40827e794a334274
-      url: "https://github.com/google/flutter-desktop-embedding.git"
-    source: git
-    version: "0.1.0"
+    version: "3.1.2"
   xdg_directories:
     dependency: transitive
     description:

pubspec.yaml

@@ -1,6 +1,6 @@
 name: ente_auth
 description: ente two-factor authenticator
-version: 1.0.21+21
+version: 1.0.22+22
 publish_to: none
 
 environment:
@@ -15,7 +15,6 @@ dependencies:
   computer: ^2.0.0
   confetti: ^0.7.0
   connectivity: ^3.0.3
-  convert: ^3.1.1
   cupertino_icons: ^1.0.0
   device_info: ^2.0.2
   dio: ^4.0.6
@@ -24,7 +23,7 @@ dependencies:
   event_bus: ^2.0.0
   expandable: ^5.0.1
   expansion_tile_card: ^2.0.0
-  file_picker: ^4.6.1
+  file_picker: ^5.2.4
   fk_user_agent: ^2.1.0
   flutter:
     sdk: flutter
@@ -39,6 +38,9 @@ dependencies:
   flutter_native_splash: ^2.2.13
   flutter_secure_storage: ^6.0.0
   flutter_slidable: ^2.0.0
+  flutter_sodium:
+    git:
+      url: https://github.com/ente-io/flutter_sodium.git
   flutter_speed_dial: ^6.2.0
   flutter_windowmanager: ^0.2.0
   fluttertoast: ^8.1.1
@@ -49,7 +51,7 @@ dependencies:
   local_auth: ^1.1.5
   logging: ^1.0.1
   move_to_background: ^1.0.2
-  # open_file: ^3.2.1 Disabled to please PlayStore overlords
+  open_file: ^3.2.1
   otp: ^3.1.1
   package_info_plus: ^1.0.1
   password_strength: ^0.2.0
@@ -60,17 +62,10 @@ dependencies:
   sentry_flutter: ^6.12.1
   share_plus: ^4.4.0
   shared_preferences: ^2.0.5
-  sodium: ^1.2.2
-  sodium_libs: ^1.2.3
   sqflite: ^2.1.0
   step_progress_indicator: ^1.0.2
   url_launcher: ^6.1.5
   uuid: ^3.0.4
-  window_size:
-    git:
-      url: https://github.com/google/flutter-desktop-embedding.git
-      path: plugins/window_size
-      ref: a738913c8ce2c9f47515382d40827e794a334274
 
 dev_dependencies:
   bloc_test: ^9.0.3

windows/flutter/generated_plugin_registrant.cc

@@ -8,19 +8,13 @@
 
 #include <flutter_secure_storage_windows/flutter_secure_storage_windows_plugin.h>
 #include <sentry_flutter/sentry_flutter_plugin.h>
-#include <sodium_libs/sodium_libs_plugin.h>
 #include <url_launcher_windows/url_launcher_windows.h>
-#include <window_size/window_size_plugin.h>
 
 void RegisterPlugins(flutter::PluginRegistry* registry) {
   FlutterSecureStorageWindowsPluginRegisterWithRegistrar(
       registry->GetRegistrarForPlugin("FlutterSecureStorageWindowsPlugin"));
   SentryFlutterPluginRegisterWithRegistrar(
       registry->GetRegistrarForPlugin("SentryFlutterPlugin"));
-  SodiumLibsPluginRegisterWithRegistrar(
-      registry->GetRegistrarForPlugin("SodiumLibsPlugin"));
   UrlLauncherWindowsRegisterWithRegistrar(
       registry->GetRegistrarForPlugin("UrlLauncherWindows"));
-  WindowSizePluginRegisterWithRegistrar(
-      registry->GetRegistrarForPlugin("WindowSizePlugin"));
 }

windows/flutter/generated_plugins.cmake

@@ -5,9 +5,7 @@
 list(APPEND FLUTTER_PLUGIN_LIST
   flutter_secure_storage_windows
   sentry_flutter
-  sodium_libs
   url_launcher_windows
-  window_size
 )
 
 list(APPEND FLUTTER_FFI_PLUGIN_LIST