Crate self_encryption
source · [−]Expand description
A file content self_encryptor.
This library provides convergent encryption on file-based data and produces a DataMap
type and
several chunks of encrypted data. Each chunk is up to 1MB in size and has an index and a name. This name is the
SHA3-256 hash of the content, which allows the chunks to be self-validating. If size and hash
checks are utilised, a high degree of certainty in the validity of the data can be expected.
Examples
A working implementation can be found in the “examples” folder of this project.
use self_encryption::{encrypt, test_helpers::random_bytes};
#[tokio::main]
async fn main() {
let file_size = 10_000_000;
let bytes = random_bytes(file_size);
if let Ok((_data_map, _encrypted_chunks)) = encrypt(bytes) {
// .. then persist the `encrypted_chunks`.
// Remember to keep `data_map` somewhere safe..!
}
}
Storage of the Vec<EncryptedChunk>
or DataMap
is outwith the scope of this
library and must be implemented by the user.
Re-exports
Structs
This is - in effect - a partial decryption key for an encrypted chunk of data.
Holds the information that is required to recover the content of the encrypted file.
This is held as a vector of ChunkInfo
, i.e. a list of the file’s chunk hashes.
Only files larger than 3072 bytes (3 * MIN_CHUNK_SIZE) can be self-encrypted.
Smaller files will have to be batched together.
The actual encrypted content of the chunk, and its key index.
Helper struct for seeking original file bytes from chunks.
Enums
Errors which can arise during self_encryption or -decryption.
Constants
Controls the compression-speed vs compression-density tradeoffs. The higher the quality, the slower the compression. Range is 0 to 11.
The maximum size (before compression) of an individual chunk of the file, defined as 1MB.
The minimum size (before compression) of an individual chunk of the file, defined as 1kB.
The minimum size (before compression) of data to be self-encrypted, defined as 3kB.
Functions
Decrypts what is expected to be the full set of chunks covered by the data map.
Decrypts a range, used when seeking.
Encrypts a set of bytes and returns the encrypted data together with the data map that is derived from the input data, and is used to later decrypt the encrypted data. Returns an error if the size is too small for self-encryption. Only files larger than 3072 bytes (3 * MIN_CHUNK_SIZE) can be self-encrypted. Smaller files will have to be batched together for self-encryption to work.
Helper function for getting info needed to seek original file bytes from chunks.
Type Definitions
Specialisation of std::Result
for crate.