[][src]Function bronco::encode

pub fn encode(message: &str, key: &[u8]) -> Result<String, EncodeError>

Encodes an arbitrary message into a token, given a 256 bit (i.e. 32 byte) secret key.

message - data to be encoded as a Bronco token.

key - 32 byte secret key.

Encoding is done by performing the following steps, in order:

  1. Use the current UNIX timestamp as timestamp.
  2. Generate a 24 byte cryptographically secure nonce.
  3. Construct the header by concatenating a version byte (currently always 0x01), timestamp (big-endian), and nonce
  4. Encrypt the payload with IETF XChaCha20-Poly1305 AEAD with the secret key. Use header as the additional data for AEAD.
  5. Concatenate header, and the ciphertext|tag result of step 4.
  6. Base64 (URL-safe variant) encode the entire token, without padding.

Example

use bronco::encode;
use sodiumoxide::crypto::aead::xchacha20poly1305_ietf::gen_key;

let key = gen_key();
let message: &str = "hello, world!";
let token: String = encode(message, key.as_ref()).unwrap();

Errors

Returns WrongKeyLength if the key is not exactly 32 bytes.

Panics

Panics if the current system time is before UNIX epoch (due to anomalies such as the system clock being adjusted backwards).