Expand description
§AeroVault v2
Military-grade encrypted vault format with defense-in-depth cryptography.
AeroVault v2 provides a single-file encrypted container format designed for maximum security while maintaining practical usability. It combines multiple cryptographic primitives in a layered architecture that remains secure even if individual algorithms are compromised.
§Cryptographic Stack
| Layer | Algorithm | Purpose |
|---|---|---|
| KDF | Argon2id (128 MiB, t=4, p=4) | Password-based key derivation |
| Key Wrapping | AES-256-KW (RFC 3394) | Master key protection |
| Content Encryption | AES-256-GCM-SIV (RFC 8452) | Nonce misuse-resistant AEAD |
| Cascade Mode | ChaCha20-Poly1305 | Optional second encryption layer |
| Filename Encryption | AES-256-SIV | Deterministic authenticated encryption |
| Header Integrity | HMAC-SHA512 | Header tamper detection |
| Key Separation | HKDF-SHA256 | Domain separation for key purposes |
§Quick Start
use aerovault::{Vault, CreateOptions, EncryptionMode};
// Create a new vault
let opts = CreateOptions::new("my-vault.aerovault", "strong-password-here")
.with_mode(EncryptionMode::Standard);
let vault = Vault::create(opts)?;
// Add files
vault.add_files(&["document.pdf", "photo.jpg"])?;
// Open existing vault
let vault = Vault::open("my-vault.aerovault", "strong-password-here")?;
// List contents
for entry in vault.list()? {
println!("{} ({} bytes)", entry.name, entry.size);
}
// Extract a file
vault.extract("document.pdf", "/tmp/output/")?;§File Format
An .aerovault file consists of three sections:
┌──────────────────────────────────┐
│ Header (512 bytes) │
│ magic, version, flags, salt, │
│ wrapped keys, chunk size, MAC │
├──────────────────────────────────┤
│ Manifest Length (4 bytes) │
├──────────────────────────────────┤
│ AES-SIV Encrypted Manifest │
│ (JSON: entries, timestamps) │
├──────────────────────────────────┤
│ Encrypted Data Chunks │
│ [len:4][encrypted_chunk:len] │
│ [len:4][encrypted_chunk:len] │
│ ... │
└──────────────────────────────────┘See AEROVAULT-V2-SPEC.md
for the complete format specification.
Re-exports§
pub use error::Error;pub use format::EncryptionMode;pub use format::HeaderFlags;pub use format::ManifestEntry;pub use format::VaultHeader;pub use format::VaultManifest;pub use vault::CompactResult;pub use vault::CreateOptions;pub use vault::EntryInfo;pub use vault::PeekInfo;pub use vault::Vault;
Modules§
- error
- Error types for AeroVault operations.
- format
- Binary format definitions for the AeroVault v2 container.
- vault
- High-level vault operations.
Constants§
- ICON_
SVG - SVG icon for the
.aerovaultMIME type (shield with lock, emerald color scheme). - MIME_
TYPE - MIME type for
.aerovaultfiles.
Type Aliases§
- Result
- Result type alias for AeroVault operations.