Crate serde_encrypt[−][src]
Expand description
serde-encrypt encrypts/decrypts any strct
s and enum
s that implements serde::{Serialize, Deserialize
}.
Feature comparison
SerdeEncryptSharedKey | SerdeEncryptPublicKey | |
---|---|---|
(a)symmetric? | symmetric | asymmetric |
deterministic? (*1) | no | no |
performance | high | low |
(*1) Deterministic encryptions always produce the same cipher-text from a given plain-text. Usable for equal-matching in cipher-text (e.g. RDBMS’s encrypted index eq-search).
Encryption algorithm
SerdeEncryptSharedKey | SerdeEncryptPublicKey | |
---|---|---|
key exchange | - | X25519 |
encryption | XChaCha20 | XChaCha20 |
message auth | Poly1305 | Poly1305 |
nonce (*2) | XSalsa20 (random 24-byte) | XSalsa20 (random 24-byte) |
Rng (*3) for nonce | ChaCha20Rng | ChaCha20Rng |
(*2) “Number used once”: to make encryption non-deterministic. Although nonce for each encryption is not secret, nonce among different encryption must be different in order for attackers to harder to guess plain-text. (*3) Random number generator.
Serialization
SerdeEncryptSharedKey | SerdeEncryptPublicKey | |
---|---|---|
serialization | CBOR | CBOR |
Use cases
SerdeEncryptedSharedKey
- Both message sender and receiver already hold shared key.
- Needs shared-key exchange via any safe way but wants high-speed encryption/decryption (e.g. communicates large amounts of messages).
SerdeEncryptedSharedKey
- To exchange
SharedKey
. - Quickly sends/receive small amounts of messages without secret shared key.
- To exchange
Examples
Modules
error | Error type. |
key | |
msg | Encrypted message structure. |
traits | Traits to enable encrypted-serialization to your struct/enum. |