Crate privatebox[−][src]
Expand description
PrivateBox
PrivateBox provides a small and easy to use API to encrypt your data. It is meant to do one thing, be a simple wrapper and validator around the RustCrypto XChaCha20Poly1305 AEAD encryption algorithm.
PrivateBox is inspired/based off of Cocoon. PrivateBox is meant to be a smaller API, more flexible with associated data, and uses XChaCha for random nonces.
Generating a key
The examples just use array generation for the key to keep the code duplication down. However, keys should be random or pseudo-random (aka derived from something like a password).
Example:
use rand_core::{OsRng, RngCore}; let mut key = [0u8; 32]; OsRng.fill_bytes(&mut key);
Detached Encryption/Decryption
The PrivateBox::encrypt_detached
/PrivateBox::decrypt_detached
methods compute in place to avoid re-allocations.
It returns a prefix (the nonce and tag) that is used for decryption.
This is suitable for a no_std
build, when you want to avoid re-allocations of data,
and if you want to manage serialization yourself.
Example:
let mut privatebox = PrivateBox::new(&[1;32], OsRng); let mut message = *b"secret data"; let assoc_data = *b"plain text"; let detached_prefix = privatebox.encrypt_detached(&mut message, &assoc_data)?; assert_ne!(&message, b"secret data"); privatebox.decrypt_detached(&mut message, &assoc_data, &detached_prefix)?; assert_eq!(&message, b"secret data");
PrivateBox Container
The PrivateBox::encrypt
/PrivateBox::decrypt
methods handle serialization for you and returns a container.
It enables the use of both attached associated data and detached associated data.
It is much simpler to use than detached encryption/decryption.
It uses the alloc
feature (enabled by default).
Example:
let mut privatebox = PrivateBox::new(&[1; 32], OsRng); let header = &[5, 4, 3, 2]; let metadata = &[3, 3, 3]; let wrapped = privatebox.encrypt(b"secret data", header, metadata).expect("encrypt"); let (message, authenticated_header) = privatebox.decrypt(&wrapped, metadata).expect("decrypt"); assert_eq!(message, b"secret data"); assert_eq!(&authenticated_header, header);
Structs
PrivateBox | A wrapper around XChaChaPoly1305 for convenient encryption |
Enums
PrivateBoxError | Error variants provided by the PrivateBox API |
Constants
KEY_SIZE | Size of encryption key |
MAX_DATA_SIZE | Max size of message and header byte array |
NONCE_SIZE | Size of XChaCha nonce |
PREFIX_SIZE | Size of detached prefix |
TAG_SIZE | Size of authentication tag |