Trait recrypt::api::CryptoOps

pub trait CryptoOps {
    fn gen_plaintext(&self) -> Plaintext;
    fn derive_symmetric_key(
        &self, 
        decrypted_value: &Plaintext
    ) -> DerivedSymmetricKey;
    fn derive_private_key(&self, plaintext: &Plaintext) -> PrivateKey;
    fn encrypt(
        &self, 
        plaintext: &Plaintext, 
        to_public_key: &PublicKey, 
        signing_keypair: &SigningKeypair
    ) -> Result<EncryptedValue, RecryptErr>;
    fn decrypt(
        &self, 
        encrypted_value: EncryptedValue, 
        private_key: &PrivateKey
    ) -> Result<Plaintext, RecryptErr>;
    fn transform(
        &self, 
        encrypted_value: EncryptedValue, 
        transform_key: TransformKey, 
        signing_keypair: &SigningKeypair
    ) -> Result<EncryptedValue, RecryptErr>;
}

Encrypt, Decrypt, Transform, and supporting operations.

Required methods

fn gen_plaintext(&self) -> Plaintext

Using the random_bytes, generate a random element of G_T, which is one of the rth roots of unity in FP12.

What it means to be an rth root (for Fp256): let curve_order = 6500054969564660373279643874235990574257040605390378638988106296904416679996; (this is “r” – also defined as the prime for Fr256) let rth_pow = plaintext.pow(curve_order); assert_eq!(rth_pow, Fp12Elem::one()); Note that this cannot be implemented here as we do not define a way to do: Fp12.pow(Fp256)

fn derive_symmetric_key(
    &self,
    decrypted_value: &Plaintext
) -> DerivedSymmetricKey

Convert our plaintext into a DecryptedSymmetricKey by hashing it. Typically you either use derive_private_key or derive_symmetric_key but not both.

fn derive_private_key(&self, plaintext: &Plaintext) -> PrivateKey

Derive a private key for a plaintext by hashing it and modding it by the prime. Typically you either use derive_private_key or derive_symmetric_key but not both.

fn encrypt(
    &self,
    plaintext: &Plaintext,
    to_public_key: &PublicKey,
    signing_keypair: &SigningKeypair
) -> Result<EncryptedValue, RecryptErr>

Encrypt the plaintext to the to_public_key.

Arguments

• plaintext - value to encrypt.
• to_public_key - identity to encrypt to.
• signing_keypair - signing keypair of the person (or device) who is encrypting this value

Return

EncryptedValue which can be decrypted by the matching private key of to_public_key or RecryptErr.

fn decrypt(
    &self,
    encrypted_value: EncryptedValue,
    private_key: &PrivateKey
) -> Result<Plaintext, RecryptErr>

Decrypt the value using private_key.

Arguments

• encrypted_value - value we want to decrypt.
• private_key - PrivateKey which we want to use to decrypt the EncryptedValue.

Return

An error if the key didn’t match or something was corrupted in the EncryptedValue, otherwise the recovered plaintext.

fn transform(
    &self,
    encrypted_value: EncryptedValue,
    transform_key: TransformKey,
    signing_keypair: &SigningKeypair
) -> Result<EncryptedValue, RecryptErr>

Transform the value encrypted_value using the transform_key. The returned value can be decrypted by the private key associated to the to_public_key in the transform_key.

The transformed value will be signed using the private_signing_key and will embed the public_signing_key into the returned value.

Implementors

impl<R: RandomBytesGen, H: Sha256Hashing, S: Ed25519Signing> CryptoOps for Recrypt<H, S, R>