# enigma-media-e2ee
`enigma-media-e2ee` provides pipeline-agnostic media frame encryption for audio and video frames by building on the `enigma-aead` raw seal/open API.
The crate exposes a light symmetric ratchet per direction and authenticates a stable header before sealing frames with XChaCha20-Poly1305. It intentionally avoids signaling, capture, codecs, transport, or storage so it can slot into any pipeline that hands it a byte slice.
## What it is
- Media frame encryption/decryption with deterministic nonces.
- Directional send/receive chains derived from a shared secret.
- Header authentication, replay detection, and bounded out-of-order acceptance.
## What it is not
- No WebRTC signaling or peer connections.
- No codec or capture logic.
- No networking/storage features.
## Quick start (pseudo)
```rust
let session = MediaSession::new_initiator(shared_secret, stream_id)?;
let packet = session.encrypt_frame(frame_bytes, user_ad)?;
let plain = session.decrypt_frame(&packet, user_ad)?;
```
Use `new_responder` with the same shared secret and stream id on the remote end.