Function devolutions_crypto_wayk::bastion::key_exchange::encrypt_key [−][src]
pub fn encrypt_key(
shared_key: &SharedSecret,
csc_uuid: Uuid,
symmetric_key_to_share: &[u8]
) -> Result<String, Error>
Encrypts symmetric key to be sent over the wire using shared secret.
- Output is the encrypted key encoded in base64.
Internals
- AAD is the CSC UUID in big-endian binary format.
- A 24-byte nonce is randomly generated.
- Symmetric key (our plaintext) is encrypted using XChaCha2020-Poly1035.
- Output is a buffer such as
[AAD (16) | nonce (24) | Ciphertext (variable) | Tag (16)]
encoded in standard base64.