Skip to main content

EnvelopeEncryptor

cortexai_encryption::envelope

Struct EnvelopeEncryptor 

Source 
pub struct EnvelopeEncryptor { /* private fields */ }
Expand description

Envelope encryptor with key rotation support.

§Ciphertext Format

[envelope_version: 1 byte][key_version: 4 bytes][cipher_data: variable]

The cipher_data contains the nonce, ciphertext, and authentication tag as produced by the underlying cipher.

Implementations§

Source§

impl EnvelopeEncryptor

Source

pub fn new(key: EncryptionKey) -> Self

Create a new envelope encryptor with a single key.

Source

pub fn with_key_ring(key_ring: KeyRing) -> Self

Create from an existing key ring.

Source

pub fn key_ring(&self) -> &KeyRing

Get a reference to the key ring.

Source

pub fn key_ring_mut(&mut self) -> &mut KeyRing

Get a mutable reference to the key ring.

Source

pub fn rotate_key(&mut self, new_key: EncryptionKey) -> u32

Rotate to a new key.

Source

pub fn encrypt( &self, plaintext: &[u8], associated_data: Option<&[u8]>, ) -> CryptoResult<Vec<u8>>

Encrypt data with the active key.

Source

pub fn decrypt( &self, ciphertext: &[u8], associated_data: Option<&[u8]>, ) -> CryptoResult<Vec<u8>>

Decrypt data using the key version from the envelope.

Source

pub fn re_encrypt( &self, ciphertext: &[u8], associated_data: Option<&[u8]>, ) -> CryptoResult<Vec<u8>>

Re-encrypt data with the current active key.

Useful during key rotation to migrate old data to new keys.

Source

pub fn uses_active_key(&self, ciphertext: &[u8]) -> CryptoResult<bool>

Check if ciphertext uses the active key.

Source

pub fn get_key_version(&self, ciphertext: &[u8]) -> CryptoResult<u32>

Get the key version from ciphertext.

Trait Implementations§

Source§

impl DataEncryptor for EnvelopeEncryptor

Available on crate feature aes only.
Source§

fn encrypt_data<T: Serialize>(&self, data: &T) -> CryptoResult<Vec<u8>>

Encrypt a serializable value.
Source§

fn decrypt_data<T: DeserializeOwned>( &self, ciphertext: &[u8], ) -> CryptoResult<T>

Decrypt to a deserializable value.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V