Expand description
Encryption at rest for model files (spec §3.3)
Provides authenticated encryption for model distribution using:
- ChaCha20-Poly1305 AEAD (RFC 8439)
- Argon2id for password-based key derivation (RFC 9106)
- BLAKE3 for content verification
§Security
- 256-bit key encryption (ChaCha20-Poly1305)
- Memory-hard password hashing (Argon2id)
- Authenticated encryption prevents tampering
§Example
use pacha::crypto::{encrypt_model, decrypt_model};
// Encrypt a model file
let model_data = std::fs::read("model.gguf")?;
let encrypted = encrypt_model(&model_data, "my-secret-key")?;
std::fs::write("model.gguf.enc", &encrypted)?;
// Decrypt at load time
let encrypted = std::fs::read("model.gguf.enc")?;
let decrypted = decrypt_model(&encrypted, "my-secret-key")?;Structs§
- Encrypted
Header - Encrypted file header
- Encryption
Config - Encryption configuration for Argon2id
Functions§
- decrypt_
model - Decrypt model data with password
- decrypt_
model_ with_ config - Decrypt model data with password and custom config
- encrypt_
model - Encrypt model data with password
- encrypt_
model_ with_ config - Encrypt model data with password and custom config
- get_
version - Get encryption format version from encrypted data
- is_
encrypted - Check if data appears to be encrypted