rudric 0.1.7

CLI tool for managing secrets in a secure way
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

use anyhow::{Context, Result};
use orion::{
    aead,
    kdf::{self, Salt},
    pwhash::{self, hash_password_verify},
};

pub fn derive_key(password: &str, salt: &[u8]) -> Result<aead::SecretKey> {
    let password = kdf::Password::from_slice(password.as_bytes())?;
    let salt = kdf::Salt::from_slice(salt)?;
    kdf::derive_key(&password, &salt, 3, 1 << 16, 32).context("Failed to derive key")
}

pub fn generate_salt() -> Result<Salt> {
    Ok(orion::kdf::Salt::default())
}

pub fn hash_password(password: &str) -> Result<pwhash::PasswordHash> {
    let password = pwhash::Password::from_slice(password.as_bytes())?;
    pwhash::hash_password(&password, 3, 1 << 16).context("Failed to hash password")
}

/// Verifies the given password aginst the given hash string
pub fn verify_hash(password: &str, hash: &str) -> bool {
    let hash = match pwhash::PasswordHash::from_encoded(hash) {
        Ok(p) => p,
        Err(_) => return false,
    };
    let input_password = pwhash::Password::from_slice(password.as_bytes()).unwrap_or_default();
    hash_password_verify(&hash, &input_password).is_ok()
}

pub fn encrypt(key: &aead::SecretKey, bytes: &[u8]) -> Result<Vec<u8>> {
    orion::aead::seal(key, bytes).context("Failed to seal input value")
}

pub fn decrypt(key: &aead::SecretKey, bytes: &[u8]) -> Result<Vec<u8>> {
    orion::aead::open(key, bytes).context("Failed to open encrypted value")
}