Module fog_crypto::stream
source · Expand description
Symmetric-Key encryption.
This submodule provides a StreamKey
for symmetric encryption & decryption of any lockbox
type. Each StreamKey
has a corresponding StreamId
for easily identifying the key needed to
decrypt a lockbox.
Example
// Make a new temporary key
let key = StreamKey::new();
let id = key.id().clone();
println!("StreamId(Base58): {}", key.id());
// Encrypt some data with the key, then turn it into a byte vector
let data = b"I am sensitive information, about to be encrypted";
let lockbox = key.encrypt_data(data.as_ref());
let mut encoded = Vec::new();
encoded.extend_from_slice(lockbox.as_bytes());
// Decrypt that data with the same key
let dec_lockbox = DataLockboxRef::from_bytes(encoded.as_ref())?;
let dec_data = key.decrypt_data(&dec_lockbox)?;
Algorithms
The current (and only) algorithm for symmetric encryption is XChaCha20 with a Poly1305 AEAD construction (XChaCha20Poly1305).
The StreamId
is computed by taking the 32-byte secret key and hashing it with BLAKE2b, with
the parameters: no key, no salt, and a persona set to “fog-crypto-sid”. 32 bytes of the output
hash are used to create the StreamId
.
Format
A StreamId
is encoded as a version byte followed by the key itself, whose length is dependant
on the version. For XChaCha20Poly1305, it is 32 bytes plus the version byte.
A StreamKey
is also encoded as a version byte followed by the key itself, whose length is
dependant on the version. For XChaCha20Poly1305, it is 32 bytes plus the version byte. This
encoding is only ever used for the payload of a StreamLockbox
.
See the lockbox
module for documentation on the encoding format for
encrypted payloads.
Structs
- A self-contained implementor of
StreamInterface
. It’s expected this will be used unless the symmetric key is being managed by the OS or a hardware module. - An identifier for a corresponding
StreamKey
. It is primarily used to indicate lockboxes are meant for that particular key. - Stream Key that allows encrypting data into a
Lockbox
and decrypting it later.
Constants
- Default symmetric-key encryption algorithm version.
- Maximum accepted symmetric-key encryption algorithm version.
- Minimum accepted symmetric-key encryption algorithm version.
Traits
- A symmetric encryption/decryption interface, implemented by anything that can hold a symmetric encryption key.
Functions
- Compute the corresponding StreamId for a given raw key.
- Encrypt data with a
StreamKey
, returning a raw byte vector. Implementors of the StreamInterface can use this when building various lockboxes without it showing up in the regular StreamKey interface.