Struct aws_sdk_manager::envelope::Envelope

pub struct Envelope { /* private fields */ }

Implements envelope encryption manager.

Implementations

impl Envelope

pub fn new(
    aws_kms_manager: Option<Manager>,
    aws_kms_key_id: Option<String>,
    aad_tag: String
) -> Self

pub async fn seal_aes_256(&self, d: &[u8]) -> Result<Vec<u8>>

Envelope-encrypts the data using AWS KMS data-encryption key (DEK) and “AES_256_GCM”, since kms:Encrypt can only encrypt 4 KiB). The encrypted data are aligned as below: [ Nonce bytes “length” ][ DEK.ciphertext “length” ][ Nonce bytes ][ DEK.ciphertext ][ data ciphertext ]

pub async fn unseal_aes_256(&self, d: &[u8]) -> Result<Vec<u8>>

Envelope-decrypts using KMS DEK and “AES_256_GCM”. Assume the input (ciphertext) data are packed in the order of: [ Nonce bytes “length” ][ DEK.ciphertext “length” ][ Nonce bytes ][ DEK.ciphertext ][ data ciphertext ]

pub async fn seal_aes_256_file(
    &self,
    src_file: Arc<String>,
    dst_file: Arc<String>
) -> Result<()>

Envelope-encrypts data from a file and save the ciphertext to the other file.

“If a single piece of data must be accessible from more than one task concurrently, then it must be shared using synchronization primitives such as Arc.” ref. https://tokio.rs/tokio/tutorial/spawning

pub async fn unseal_aes_256_file(
    &self,
    src_file: Arc<String>,
    dst_file: Arc<String>
) -> Result<()>

Envelope-decrypts data from a file and save the plaintext to the other file.

Trait Implementations

impl Clone for Envelope

fn clone(&self) -> Envelope

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.