Crate serde_encrypt[−][src]

Expand description

serde-encrypt encrypts/decrypts any strcts and enums that implements serde::{Serialize, Deserialize}.

Feature comparison

	`SerdeEncryptSharedKey`	`SerdeEncryptPublicKey`
(a)symmetric?	symmetric	asymmetric
deterministic? (1)*	no	no
performance	high	low

(*1) Deterministic encryptions always produce the same cipher-text from a given plain-text. Usable for equal-matching in cipher-text (e.g. RDBMS’s encrypted index eq-search).

Encryption algorithm

	`SerdeEncryptSharedKey`	`SerdeEncryptPublicKey`
key exchange	-	X25519
encryption	XChaCha20	XChaCha20
message auth	Poly1305	Poly1305
nonce (2)*	XSalsa20 (random 24-byte)	XSalsa20 (random 24-byte)
Rng (3)* for nonce	ChaCha20Rng	ChaCha20Rng

(*2) “Number used once”: to make encryption non-deterministic. Although nonce for each encryption is not secret, nonce among different encryption must be different in order for attackers to harder to guess plain-text. (*3) Random number generator.

Serialization

	`SerdeEncryptSharedKey`	`SerdeEncryptPublicKey`
serialization	CBOR	CBOR

Use cases

SerdeEncryptedSharedKey
- Both message sender and receiver already hold shared key.
- Needs shared-key exchange via any safe way but wants high-speed encryption/decryption (e.g. communicates large amounts of messages).
SerdeEncryptedSharedKey
- To exchange SharedKey.
- Quickly sends/receive small amounts of messages without secret shared key.

Examples

:woman-tipping-hand: Good first: encrypts with known shared key
:eyes: Encrypts struct with reference fields
:key: Generates shared-key and safely exchange it to your peer. And then, encrypt/decrypt messages using the shared-key.
:books: Encrypts/Decrypts complex serde types

Modules

error	Error type.
key
msg	Encrypted message structure.
traits	Traits to enable encrypted-serialization to your struct/enum.