enigma-media-e2ee

enigma-media-e2ee provides pipeline-agnostic media frame encryption for audio and video frames by building on the enigma-aead raw seal/open API.

The crate exposes a light symmetric ratchet per direction and authenticates a stable header before sealing frames with XChaCha20-Poly1305. It intentionally avoids signaling, capture, codecs, transport, or storage so it can slot into any pipeline that hands it a byte slice.

What it is

• Media frame encryption/decryption with deterministic nonces.
• Directional send/receive chains derived from a shared secret.
• Header authentication, replay detection, and bounded out-of-order acceptance.

What it is not

• No WebRTC signaling or peer connections.
• No codec or capture logic.
• No networking/storage features.

Quick start (pseudo)

let session = MediaSession::new_initiator(shared_secret, stream_id)?;
let packet = session.encrypt_frame(frame_bytes, user_ad)?;
let plain = session.decrypt_frame(&packet, user_ad)?;

Use new_responder with the same shared secret and stream id on the remote end.