1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
//! # AeroVault v2
//!
//! Military-grade encrypted vault format with defense-in-depth cryptography.
//!
//! AeroVault v2 provides a single-file encrypted container format designed for
//! maximum security while maintaining practical usability. It combines multiple
//! cryptographic primitives in a layered architecture that remains secure even
//! if individual algorithms are compromised.
//!
//! ## Cryptographic Stack
//!
//! | Layer | Algorithm | Purpose |
//! |-------|-----------|---------|
//! | KDF | Argon2id (128 MiB, t=4, p=4) | Password-based key derivation |
//! | Key Wrapping | AES-256-KW (RFC 3394) | Master key protection |
//! | Content Encryption | AES-256-GCM-SIV (RFC 8452) | Nonce misuse-resistant AEAD |
//! | Cascade Mode | ChaCha20-Poly1305 | Optional second encryption layer |
//! | Filename Encryption | AES-256-SIV | Deterministic authenticated encryption |
//! | Header Integrity | HMAC-SHA512 | Header tamper detection |
//! | Key Separation | HKDF-SHA256 | Domain separation for key purposes |
//!
//! ## Quick Start
//!
//! ```no_run
//! use aerovault::{Vault, CreateOptions, EncryptionMode};
//!
//! // Create a new vault
//! let opts = CreateOptions::new("my-vault.aerovault", "strong-password-here")
//! .with_mode(EncryptionMode::Standard);
//! let vault = Vault::create(opts)?;
//!
//! // Add files
//! vault.add_files(&["document.pdf", "photo.jpg"])?;
//!
//! // Open existing vault
//! let vault = Vault::open("my-vault.aerovault", "strong-password-here")?;
//!
//! // List contents
//! for entry in vault.list()? {
//! println!("{} ({} bytes)", entry.name, entry.size);
//! }
//!
//! // Extract a file
//! vault.extract("document.pdf", "/tmp/output/")?;
//! # Ok::<(), aerovault::Error>(())
//! ```
//!
//! ## File Format
//!
//! An `.aerovault` file consists of three sections:
//!
//! ```text
//! ┌──────────────────────────────────┐
//! │ Header (512 bytes) │
//! │ magic, version, flags, salt, │
//! │ wrapped keys, chunk size, MAC │
//! ├──────────────────────────────────┤
//! │ Manifest Length (4 bytes) │
//! ├──────────────────────────────────┤
//! │ AES-SIV Encrypted Manifest │
//! │ (JSON: entries, timestamps) │
//! ├──────────────────────────────────┤
//! │ Encrypted Data Chunks │
//! │ [len:4][encrypted_chunk:len] │
//! │ [len:4][encrypted_chunk:len] │
//! │ ... │
//! └──────────────────────────────────┘
//! ```
//!
//! See [`AEROVAULT-V2-SPEC.md`](https://github.com/axpdev-lab/aerovault/blob/main/docs/AEROVAULT-V2-SPEC.md)
//! for the complete format specification.
pub
pub
// Re-export primary API
pub use Error;
pub use ;
pub use ;
/// Result type alias for AeroVault operations.
pub type Result<T> = Result;
/// MIME type for `.aerovault` files.
///
/// Register this in your OS integration (freedesktop shared-mime-info, Windows Registry, etc.).
pub const MIME_TYPE: &str = "application/x-aerovault";
/// SVG icon for the `.aerovault` MIME type (shield with lock, emerald color scheme).
///
/// Embedders can use this to register the file type icon without shipping separate assets.
/// The icon follows the freedesktop naming convention `application-x-aerovault`.
pub const ICON_SVG: &str = include_str!;