Struct aws_manager::kms::envelope::Manager

source · [−]

pub struct Manager {
    pub kms_manager: Manager,
    pub kms_key_id: String,
    /* private fields */
}

Expand description

Implements envelope encryption manager.

Fields

kms_manager: Managerkms_key_id: String

Implementations

impl Manager

pub fn new(kms_manager: Manager, kms_key_id: String, aad_tag: String) -> Self

Creates a new envelope encryption manager.

pub async fn seal_aes_256(&self, d: &[u8]) -> Result<Vec<u8>>

Envelope-encrypts the data using AWS KMS data-encryption key (DEK) and “AES_256_GCM” because kms:Encrypt can only encrypt 4 KiB.

The encrypted data are aligned as below: [ Nonce bytes “length” ][ DEK.ciphertext “length” ][ Nonce bytes ][ DEK.ciphertext ][ data ciphertext ]

ref. https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html

pub async fn unseal_aes_256(&self, d: &[u8]) -> Result<Vec<u8>>

Envelope-decrypts using KMS DEK and “AES_256_GCM”.

Assume the input (ciphertext) data are packed in the order of: [ Nonce bytes “length” ][ DEK.ciphertext “length” ][ Nonce bytes ][ DEK.ciphertext ][ data ciphertext ]

ref. https://docs.aws.amazon.com/kms/latest/APIReference/API_Encrypt.html ref. https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKey.html

pub async fn seal_aes_256_file(
    &self,
    src_file: Arc<String>,
    dst_file: Arc<String>
) -> Result<()>

Envelope-encrypts data from a file and save the ciphertext to the other file.

“If a single piece of data must be accessible from more than one task concurrently, then it must be shared using synchronization primitives such as Arc.” ref. https://tokio.rs/tokio/tutorial/spawning

pub async fn unseal_aes_256_file(
    &self,
    src_file: Arc<String>,
    dst_file: Arc<String>
) -> Result<()>

Envelope-decrypts data from a file and save the plaintext to the other file.

pub async fn compress_seal(
    &self,
    src_file: Arc<String>,
    dst_file: Arc<String>
) -> Result<()>

Compresses the source file (“src_file”) and envelope-encrypts to “dst_file”. The compression uses “zstd”. The encryption uses AES 256.

pub async fn unseal_decompress(
    &self,
    src_file: Arc<String>,
    dst_file: Arc<String>
) -> Result<()>

Reverse of “compress_seal”. The decompression uses “zstd”. The decryption uses AES 256.

Trait Implementations

impl Clone for Manager

fn clone(&self) -> Manager

Returns a copy of the value. Read more

1.0.0 · source

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

Auto Trait Implementations

impl !RefUnwindSafe for Manager

impl Send for Manager

impl Sync for Manager

impl Unpin for Manager

impl !UnwindSafe for Manager

Blanket Implementations

impl<T> Any for Twhere
T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for Twhere
T: ?Sized,

const: unstable · source

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for Twhere
T: ?Sized,

const: unstable · source

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

const: unstable · source

fn from(t: T) -> T

Returns the argument unchanged.

impl<T> Instrument for T

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

impl<T, U> Into<U> for Twhere
U: From<T>,

const: unstable · source

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> Same<T> for T

type Output = T

Should always be Self

impl<T> ToOwned for Twhere
T: Clone,

type Owned = T

The resulting type after obtaining ownership.

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T, U> TryFrom<U> for Twhere
U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

const: unstable · source

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for Twhere
U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

const: unstable · source

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<V, T> VZip<V> for Twhere
V: MultiLane<T>,

fn vzip(self) -> V

impl<T> WithSubscriber for T

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>where
S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more