secured 0.4.0

A lightweight, easy-to-use Rust package for file encryption and decryption, suitable for both CLI and library integration in Rust applications.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128

use clap::{Parser, Subcommand};
use rpassword::prompt_password;
use std::fs::{metadata, File};
use std::io::{Read, Write};

use cipher::Key;
use enclave::Enclave;

/// Defines command line subcommands for the application.
#[derive(Debug, Subcommand)]
enum Command {
  /// Encrypts a specified file.
  Encrypt {
    /// Path to the file to be encrypted.
    file: String,

    /// Optional password. If not provided, it will be prompted for.
    password: Option<String>,
  },
  /// Decrypts a specified file.
  Decrypt {
    /// Path to the file to be decrypted.
    file: String,

    /// Optional password. If not provided, it will be prompted for.
    password: Option<String>,
  },
}

/// Defines the command line arguments structure.
#[derive(Parser, Debug)]
struct Args {
  /// The specific subcommand to execute (either Encrypt or Decrypt).
  #[command(subcommand)]
  command: Command,
}

fn main() {
  let args = Args::parse();

  match args.command {
    Command::Encrypt { file, password } => {
      let password = get_password_or_prompt(password);
      encrypt_file(&password, &file);
    }
    Command::Decrypt { file, password } => {
      let password = get_password_or_prompt(password);
      decrypt_file(&password, &file);
    }
  }
}

/// Encrypts a file with a given password.
///
/// # Arguments
/// * `password` - The password used for encryption.
/// * `filename` - The name of the file to be encrypted.
fn encrypt_file(password: &String, filename: &String) {
  let encryption_key: Key<32, 16> = Key::new(password.as_bytes(), 900_000);
  let enclave = Enclave::from_plain_bytes(
    encryption_key.salt,
    encryption_key.pubk,
    get_file_as_byte_vec(filename),
  )
  .unwrap();
  let encrypted_bytes: Vec<u8> = enclave.into();

  File::create(format!("{}.secured", filename))
    .expect("Unable to create file")
    .write_all(&encrypted_bytes)
    .expect("Unable to write data");

  println!("Wrote encrypted file to {}.secured", filename);
}

/// Decrypts a file with a given password.
///
/// # Arguments
/// * `password` - The password used for decryption.
/// * `filename` - The name of the file to be decrypted.
fn decrypt_file(password: &String, filename: &String) {
  let encrypted_bytes = get_file_as_byte_vec(filename);
  let enclave = Enclave::try_from(encrypted_bytes).expect("Unable to deserialize enclave");
  let encryption_key: Key<32, 16> = Key::with_salt(password.as_bytes(), enclave.metadata, 900_000);
  let recovered_bytes = enclave
    .decrypt(encryption_key.pubk)
    .expect("Wrong password or corrupted enclave");

  File::create(filename.replace(".secured", ""))
    .expect("Unable to create file")
    .write_all(&recovered_bytes)
    .expect("Unable to write data");

  println!(
    "Wrote decrypted file to {}",
    filename.replace(".enclave", "")
  );
}

/// Reads a file and returns its contents as a byte vector.
///
/// # Arguments
/// * `filename` - The name of the file to read.
///
/// # Returns
/// A `Vec<u8>` containing the contents of the file.
fn get_file_as_byte_vec(filename: &String) -> Vec<u8> {
  let mut f = File::open(&filename).expect("no file found");
  let metadata = metadata(&filename).expect("unable to read metadata");
  let mut buffer = vec![0; metadata.len() as usize];
  f.read(&mut buffer).expect("buffer overflow");

  buffer
}

/// Retrieves a password, either from an `Option` or by prompting the user.
///
/// # Arguments
/// * `password` - An `Option<String>` that may already contain the password.
///
/// # Returns
/// A `String` containing the password.
fn get_password_or_prompt(password: Option<String>) -> String {
  match password {
    Some(password) => password,
    None => prompt_password("Enter password: ").expect("Unable to read password"),
  }
}