Skip to main content

Crate aerovault

Crate aerovault 

Source
Expand description

§AeroVault v2

Military-grade encrypted vault format with defense-in-depth cryptography.

AeroVault v2 provides a single-file encrypted container format designed for maximum security while maintaining practical usability. It combines multiple cryptographic primitives in a layered architecture that remains secure even if individual algorithms are compromised.

§Cryptographic Stack

LayerAlgorithmPurpose
KDFArgon2id (128 MiB, t=4, p=4)Password-based key derivation
Key WrappingAES-256-KW (RFC 3394)Master key protection
Content EncryptionAES-256-GCM-SIV (RFC 8452)Nonce misuse-resistant AEAD
Cascade ModeChaCha20-Poly1305Optional second encryption layer
Filename EncryptionAES-256-SIVDeterministic authenticated encryption
Header IntegrityHMAC-SHA512Header tamper detection
Key SeparationHKDF-SHA256Domain separation for key purposes

§Quick Start

use aerovault::{Vault, CreateOptions, EncryptionMode};

// Create a new vault
let opts = CreateOptions::new("my-vault.aerovault", "strong-password-here")
    .with_mode(EncryptionMode::Standard);
let vault = Vault::create(opts)?;

// Add files
vault.add_files(&["document.pdf", "photo.jpg"])?;

// Open existing vault
let vault = Vault::open("my-vault.aerovault", "strong-password-here")?;

// List contents
for entry in vault.list()? {
    println!("{} ({} bytes)", entry.name, entry.size);
}

// Extract a file
vault.extract("document.pdf", "/tmp/output/")?;

§File Format

An .aerovault file consists of three sections:

┌──────────────────────────────────┐
│          Header (512 bytes)      │
│  magic, version, flags, salt,    │
│  wrapped keys, chunk size, MAC   │
├──────────────────────────────────┤
│     Manifest Length (4 bytes)    │
├──────────────────────────────────┤
│   AES-SIV Encrypted Manifest    │
│  (JSON: entries, timestamps)    │
├──────────────────────────────────┤
│       Encrypted Data Chunks     │
│  [len:4][encrypted_chunk:len]   │
│  [len:4][encrypted_chunk:len]   │
│            ...                  │
└──────────────────────────────────┘

See AEROVAULT-V2-SPEC.md for the complete format specification.

Re-exports§

pub use error::Error;
pub use error_correction::aerocorrect_sidecar_path_for;
pub use error_correction::correct_generate;
pub use error_correction::correct_generate_with_progress;
pub use error_correction::correct_repair;
pub use error_correction::correct_repair_anchored;
pub use error_correction::correct_repair_anchored_with_progress;
pub use error_correction::correct_verify;
pub use error_correction::correct_verify_with_progress;
pub use error_correction::AeroCorrectSegment;
pub use error_correction::AeroCorrectSidecar;
pub use error_correction::CorrectGenerateReport;
pub use error_correction::CorrectRepairReport;
pub use error_correction::CorrectVerifyReport;
pub use error_correction::ShardHealth;
pub use error_correction::AEROCORRECT_EXTENSION;
pub use error_correction::AEROCORRECT_MAGIC;
pub use error_correction::AEROCORRECT_VERSION;
pub use error_correction::sync::estimate_aerorec_sidecar_len;
pub use error_correction::sync::generate_sync_sidecar_for_bytes;
pub use error_correction::sync::generate_sync_sidecar_for_bytes_capped;
pub use error_correction::sync::generate_sync_sidecar_for_file_capped;
pub use error_correction::sync::parse_sha256_hex;
pub use error_correction::sync::sync_error_correction_sidecar_path;
pub use error_correction::sync::verify_repair_sync_bytes;
pub use error_correction::sync::verify_repair_sync_file;
pub use error_correction::sync::verify_repair_sync_file_streamed;
pub use error_correction::sync::SyncEcGenerateResult;
pub use error_correction::sync::SyncEcGeneratedSidecar;
pub use error_correction::sync::SyncEcRepairResult;
pub use error_correction::sync::AEROSYNC_EC_MAX_FILE_SIZE;
pub use error_correction::ERROR_CORRECTION_DEFAULT_PCT;
pub use error_correction::ERROR_CORRECTION_MAX_PCT;
pub use error_correction::ERROR_CORRECTION_MIN_PCT;
pub use format::EncryptionMode;
pub use format::HeaderFlags;
pub use format::ManifestEntry;
pub use format::VaultHeader;
pub use format::VaultManifest;
pub use vault::CompactResult;
pub use vault::CreateOptions;
pub use vault::EntryInfo;
pub use vault::PeekInfo;
pub use vault::Vault;

Modules§

aerocrypt
Shared AeroCrypt codec primitives (AEROVAULT3 / rev. 4 container).
error
Error types for AeroVault operations.
error_correction
format
Binary format definitions for the AeroVault v2 container.
v3
AEROVAULT3 container (product revision 3, and revision 4 with the .aerocorrect Error Correction extension).
vault
High-level vault operations.

Constants§

ICON_SVG
SVG icon for the .aerovault MIME type (shield with lock, emerald color scheme).
MIME_TYPE
MIME type for .aerovault files.

Type Aliases§

Result
Result type alias for AeroVault operations.