securetar
Rust reader primitives for SecureTar v3 encrypted streams.
This crate is an AI-assisted Rust port of the Python
home-assistant-libs/securetar
package.
Supported features
- SecureTar v3 header parsing and serialization
- password validation
- Argon2id + BLAKE2b key restoration
- XChaCha20-Poly1305 secretstream decryption
- validation behavior for truncated, missing-final-tag, and early-final-tag streams
- constants aligned with the Python package where useful for compatibility
Legacy SecureTar v1/v2 AES-CBC and archive writing helpers are intentionally not supported.
Example
use ;
use ;
let file = open?;
let context = new;
let mut stream = new?;
let mut plaintext = Vecnew;
stream.read_to_end?;
// Ok::<(), Box<dyn std::error::Error>>(())
If a caller has already consumed part of the SecureTar header while sniffing a
stream, use SecureTarDecryptStream::with_prefix.