EncryptedKey

bc_components

Struct EncryptedKey 

Source 
pub struct EncryptedKey { /* private fields */ }
Expand description

§Overview

Provides symmetric encryption and decryption of content keys using various key derivation methods (HKDF, PBKDF2, Scrypt, Argon2id). This module implements types and traits to wrap the encryption mechanisms, and encodes methods and parameters in CBOR according to the defined CDDL schemas.

§Usage

  • Call EncryptedKey::lock with a chosen key derivation method, secret, and content key to produce an encrypted key.
  • Retrieve the original content key by calling EncryptedKey::unlock with the correct secret.

§Encoding

The form of an EncryptedKey is an EncryptedMessage that contains the encrypted content key, with its Additional Authenticated Data (AAD) being the CBOR encoding of the key derivation method and parameters used for key derivation. The same key derivation method and parameters must be used to unlock the content key.

CDDL:

EncryptedKey = #6.40027(EncryptedMessage) ; TAG_ENCRYPTED_KEY

EncryptedMessage =
    #6.40002([ ciphertext: bstr, nonce: bstr, auth: bstr, aad: bstr .cbor KeyDerivation ]) ; TAG_ENCRYPTED

KeyDerivation = HKDFParams / PBKDF2Params / ScryptParams / Argon2idParams / SSHAgentParams

HKDFParams = [HKDF, Salt, HashType]
PBKDF2Params = [PBKDF2, Salt, iterations: uint, HashType]
ScryptParams = [Scrypt, Salt, log_n: uint, r: uint, p: uint]
Argon2idParams = [Argon2id, Salt]
SSHAgentParams = [SSHAgent, Salt, id: tstr]

KeyDerivationMethod = HKDF / PBKDF2 / Scrypt / Argon2id / SSHAgent

HKDF = 0
PBKDF2 = 1
Scrypt = 2
Argon2id = 3
SSHAgent = 4

HashType = SHA256 / SHA512

SHA256 = 0
SHA512 = 1

Implementations§

Source§

impl EncryptedKey

Source

pub fn lock_opt( params: KeyDerivationParams, secret: impl AsRef<[u8]>, content_key: &SymmetricKey, ) -> Result<Self>

Source

pub fn lock( method: KeyDerivationMethod, secret: impl AsRef<[u8]>, content_key: &SymmetricKey, ) -> Result<Self>

Source

pub fn encrypted_message(&self) -> &EncryptedMessage

Source

pub fn aad_cbor(&self) -> Result<CBOR>

Source

pub fn unlock(&self, secret: impl AsRef<[u8]>) -> Result<SymmetricKey>

Source

pub fn is_password_based(&self) -> bool

Source

pub fn is_ssh_agent(&self) -> bool

Trait Implementations§

Source§

impl CBORTagged for EncryptedKey

Source§

fn cbor_tags() -> Vec<Tag>

Returns the CBOR tags associated with this type. Read more
Source§

impl CBORTaggedDecodable for EncryptedKey

Source§

fn from_untagged_cbor(untagged_cbor: CBOR) -> Result<Self>

Creates an instance of this type by decoding it from untagged CBOR. Read more
Source§

fn from_tagged_cbor(cbor: CBOR) -> Result<Self, Error>
where Self: Sized,

Creates an instance of this type by decoding it from tagged CBOR. Read more
Source§

fn from_tagged_cbor_data(data: impl AsRef<[u8]>) -> Result<Self, Error>
where Self: Sized,

Creates an instance of this type by decoding it from binary encoded tagged CBOR. Read more
Source§

fn from_untagged_cbor_data(data: impl AsRef<[u8]>) -> Result<Self, Error>
where Self: Sized,

Creates an instance of this type by decoding it from binary encoded untagged CBOR. Read more
Source§

impl CBORTaggedEncodable for EncryptedKey

Source§

fn untagged_cbor(&self) -> CBOR

Returns the untagged CBOR encoding of this instance. Read more
Source§

fn tagged_cbor(&self) -> CBOR

Returns the tagged CBOR encoding of this instance. Read more
Source§

fn tagged_cbor_data(&self) -> Vec<u8>

Returns the tagged value in CBOR binary representation. Read more
Source§

impl Clone for EncryptedKey

Source§

fn clone(&self) -> EncryptedKey

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for EncryptedKey

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Display for EncryptedKey

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl From<EncryptedKey> for CBOR

Source§

fn from(value: EncryptedKey) -> Self

Converts to this type from the input type.
Source§

impl PartialEq for EncryptedKey

Source§

fn eq(&self, other: &EncryptedKey) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl TryFrom<CBOR> for EncryptedKey

Source§

type Error = Error

The type returned in the event of a conversion error.
Source§

fn try_from(value: CBOR) -> Result<Self>

Performs the conversion.
Source§

impl Eq for EncryptedKey

Source§

impl StructuralPartialEq for EncryptedKey

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CBORDecodable for T
where T: TryFrom<CBOR, Error = Error>,

Source§

fn try_from_cbor(cbor: &CBOR) -> Result<Self, Error>

Source§

impl<T> CBOREncodable for T
where T: Into<CBOR> + Clone,

Source§

fn to_cbor(&self) -> CBOR

Converts this value to a CBOR object. Read more
Source§

fn to_cbor_data(&self) -> Vec<u8>

Converts this value directly to binary CBOR data. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T> ToString for T
where T: Display + ?Sized,

Source§

fn to_string(&self) -> String

Converts the given value to a String. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> URDecodable for T
where T: CBORTaggedDecodable,

Source§

fn from_ur(ur: impl AsRef<UR>) -> Result<Self, Error>
where Self: Sized,

Source§

fn from_ur_string(ur_string: impl Into<String>) -> Result<Self, Error>
where Self: Sized,

Source§

impl<T> UREncodable for T
where T: CBORTaggedEncodable,

Source§

fn ur(&self) -> UR

Returns the UR representation of the object.
Source§

fn ur_string(&self) -> String

Returns the UR string representation of the object.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> CBORCodable for T
where T: CBORDecodable + CBOREncodable,

Source§

impl<T> CBORTaggedCodable for T
where T: CBORTaggedEncodable + CBORTaggedDecodable,

Source§

impl<T> ErasedDestructor for T
where T: 'static,

Source§

impl<T> URCodable for T
where T: UREncodable + URDecodable,