SealedMessage

bc_components

Struct SealedMessage 

Source 
pub struct SealedMessage { /* private fields */ }
Expand description

A sealed message that can only be decrypted by the intended recipient.

SealedMessage provides a public key encryption mechanism where a message is encrypted with a symmetric key, and that key is then encapsulated using the recipient’s public key. This ensures that only the recipient can decrypt the message by first decapsulating the shared secret using their private key.

Features:

  • Anonymous sender: The sender’s identity is not revealed in the sealed message
  • Authenticated encryption: Message integrity and authenticity are guaranteed
  • Forward secrecy: Each message uses a different ephemeral key
  • Post-quantum security options: Can use ML-KEM for quantum-resistant encryption

The structure internally contains:

  • An EncryptedMessage containing the actual encrypted data
  • An EncapsulationCiphertext containing the encapsulated shared secret

Implementations§

Source§

impl SealedMessage

Source

pub fn new(plaintext: impl AsRef<[u8]>, recipient: &dyn Encrypter) -> Self

Creates a new SealedMessage from the given plaintext and recipient.

This method performs the following steps:

  1. Generates a new shared secret key and encapsulates it for the recipient
  2. Encrypts the plaintext using that shared secret
§Parameters
  • plaintext - The message data to encrypt
  • recipient - The recipient who will be able to decrypt the message
§Returns

A new SealedMessage containing the encrypted message and encapsulated key

§Example
use bc_components::{EncapsulationScheme, SealedMessage};

// Generate a keypair for the recipient
let (recipient_private_key, recipient_public_key) =
    EncapsulationScheme::default().keypair();

// Create a sealed message for the recipient
let plaintext = b"For your eyes only";
let sealed_message = SealedMessage::new(plaintext, &recipient_public_key);

// The recipient can decrypt the message
let decrypted = sealed_message.decrypt(&recipient_private_key).unwrap();
assert_eq!(decrypted, plaintext);
Source

pub fn new_with_aad( plaintext: impl AsRef<[u8]>, recipient: &dyn Encrypter, aad: Option<impl AsRef<[u8]>>, ) -> Self

Creates a new SealedMessage with additional authenticated data (AAD).

AAD is data that is authenticated but not encrypted. It can be used to bind the encrypted message to some context.

§Parameters
  • plaintext - The message data to encrypt
  • recipient - The recipient who will be able to decrypt the message
  • aad - Additional authenticated data that will be bound to the encryption
§Returns

A new SealedMessage containing the encrypted message and encapsulated key

§Example
use bc_components::{EncapsulationScheme, SealedMessage};

// Generate a keypair for the recipient
let (recipient_private_key, recipient_public_key) =
    EncapsulationScheme::default().keypair();

// Create a sealed message with additional authenticated data
let plaintext = b"For your eyes only";
let aad = b"Message ID: 12345";
let sealed_message = SealedMessage::new_with_aad(
    plaintext,
    &recipient_public_key,
    Some(aad),
);

// The recipient can decrypt the message
let decrypted = sealed_message.decrypt(&recipient_private_key).unwrap();
assert_eq!(decrypted, plaintext);
Source

pub fn new_opt( plaintext: impl AsRef<[u8]>, recipient: &dyn Encrypter, aad: Option<impl AsRef<[u8]>>, test_nonce: Option<impl AsRef<Nonce>>, ) -> Self

Creates a new SealedMessage with options for testing.

This method is similar to new_with_aad but allows specifying a test nonce, which is useful for deterministic testing.

§Parameters
  • plaintext - The message data to encrypt
  • recipient - The recipient who will be able to decrypt the message
  • aad - Additional authenticated data that will be bound to the encryption
  • test_nonce - Optional nonce for deterministic encryption (testing only)
§Returns

A new SealedMessage containing the encrypted message and encapsulated key

Source

pub fn decrypt(&self, private_key: &dyn Decrypter) -> Result<Vec<u8>>

Decrypts the message using the recipient’s private key.

This method performs the following steps:

  1. Decapsulates the shared secret using the recipient’s private key
  2. Uses the shared secret to decrypt the message
§Parameters
  • private_key - The private key of the intended recipient
§Returns

A Result containing the decrypted message data if successful, or an error if decryption fails

§Errors

Returns an error if:

  • The private key doesn’t match the one used for encapsulation
  • The decapsulation process fails
  • The decryption process fails (e.g., message tampering)
§Example
use bc_components::{EncapsulationScheme, SealedMessage};

// Generate keypairs for different users
let (alice_private_key, _) = EncapsulationScheme::default().keypair();
let (bob_private_key, bob_public_key) =
    EncapsulationScheme::default().keypair();

// Alice sends a message to Bob
let plaintext = b"Secret message for Bob";
let sealed_message = SealedMessage::new(plaintext, &bob_public_key);

// Bob can decrypt the message
let decrypted = sealed_message.decrypt(&bob_private_key).unwrap();
assert_eq!(decrypted, plaintext);

// Alice cannot decrypt the message she sent
assert!(sealed_message.decrypt(&alice_private_key).is_err());
Source

pub fn encapsulation_scheme(&self) -> EncapsulationScheme

Returns the encapsulation scheme used for this sealed message.

§Returns

The encapsulation scheme (X25519, MLKEM512, MLKEM768, or MLKEM1024) that was used to create this sealed message.

§Example
use bc_components::{EncapsulationScheme, SealedMessage};

// Generate a keypair using ML-KEM768
let (_, public_key) = EncapsulationScheme::MLKEM768.keypair();

// Create a sealed message
let sealed_message =
    SealedMessage::new(b"Quantum-resistant message", &public_key);

// Check the encapsulation scheme
assert_eq!(
    sealed_message.encapsulation_scheme(),
    EncapsulationScheme::MLKEM768
);

Trait Implementations§

Source§

impl AsRef<SealedMessage> for SealedMessage

Implementation of AsRef trait for SealedMessage.

Source§

fn as_ref(&self) -> &SealedMessage

Converts this type into a shared reference of the (usually inferred) input type.
Source§

impl CBORTagged for SealedMessage

Implementation of CBOR tagging for SealedMessage.

Source§

fn cbor_tags() -> Vec<Tag>

Returns the CBOR tags associated with this type. Read more
Source§

impl CBORTaggedDecodable for SealedMessage

Implementation of CBOR decoding for SealedMessage.

Source§

fn from_untagged_cbor(cbor: CBOR) -> Result<Self>

Creates an instance of this type by decoding it from untagged CBOR. Read more
Source§

fn from_tagged_cbor(cbor: CBOR) -> Result<Self, Error>
where Self: Sized,

Creates an instance of this type by decoding it from tagged CBOR. Read more
Source§

fn from_tagged_cbor_data(data: impl AsRef<[u8]>) -> Result<Self, Error>
where Self: Sized,

Creates an instance of this type by decoding it from binary encoded tagged CBOR. Read more
Source§

fn from_untagged_cbor_data(data: impl AsRef<[u8]>) -> Result<Self, Error>
where Self: Sized,

Creates an instance of this type by decoding it from binary encoded untagged CBOR. Read more
Source§

impl CBORTaggedEncodable for SealedMessage

Implementation of CBOR encoding for SealedMessage.

Source§

fn untagged_cbor(&self) -> CBOR

Returns the untagged CBOR encoding of this instance. Read more
Source§

fn tagged_cbor(&self) -> CBOR

Returns the tagged CBOR encoding of this instance. Read more
Source§

fn tagged_cbor_data(&self) -> Vec<u8>

Returns the tagged value in CBOR binary representation. Read more
Source§

impl Clone for SealedMessage

Source§

fn clone(&self) -> SealedMessage

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for SealedMessage

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl From<SealedMessage> for CBOR

Conversion from SealedMessage to CBOR for serialization.

Source§

fn from(value: SealedMessage) -> Self

Converts to this type from the input type.
Source§

impl PartialEq for SealedMessage

Source§

fn eq(&self, other: &SealedMessage) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl TryFrom<CBOR> for SealedMessage

Conversion from CBOR to SealedMessage for deserialization.

Source§

type Error = Error

The type returned in the event of a conversion error.
Source§

fn try_from(cbor: CBOR) -> Result<Self>

Performs the conversion.
Source§

impl StructuralPartialEq for SealedMessage

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CBORDecodable for T
where T: TryFrom<CBOR, Error = Error>,

Source§

fn try_from_cbor(cbor: &CBOR) -> Result<Self, Error>

Source§

impl<T> CBOREncodable for T
where T: Into<CBOR> + Clone,

Source§

fn to_cbor(&self) -> CBOR

Converts this value to a CBOR object. Read more
Source§

fn to_cbor_data(&self) -> Vec<u8>

Converts this value directly to binary CBOR data. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> URDecodable for T
where T: CBORTaggedDecodable,

Source§

fn from_ur(ur: impl AsRef<UR>) -> Result<Self, Error>
where Self: Sized,

Source§

fn from_ur_string(ur_string: impl Into<String>) -> Result<Self, Error>
where Self: Sized,

Source§

impl<T> UREncodable for T
where T: CBORTaggedEncodable,

Source§

fn ur(&self) -> UR

Returns the UR representation of the object.
Source§

fn ur_string(&self) -> String

Returns the UR string representation of the object.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> CBORCodable for T
where T: CBORDecodable + CBOREncodable,

Source§

impl<T> CBORTaggedCodable for T
where T: CBORTaggedEncodable + CBORTaggedDecodable,

Source§

impl<T> ErasedDestructor for T
where T: 'static,

Source§

impl<T> URCodable for T
where T: UREncodable + URDecodable,