Snapper Box

About

snapper-box provides the CryptoBox type, a LSM backed, encrypted, namespaced document store, for the snapper ecosystem.

CryptoBox uses one file per namespace, with each namespace using its own key, derived from a shared root key.

The root key is randomly generated, and is stored at rest encrypted with the argon2 derivation of a user supplied password. Derived keys are derived using Blake3's key derivation mode.

XChaCha20 is used as the cipher, with Blake3 in HMAC mode used to provide integrity. The author intentionally does not use poly1305, as he has a deep distrust of polynomial MACs, and very much loves defense in depth.

Getting Started

TODO

Prerequisites

This project uses nix for development. While it does use a nix flake, the repository makes use of compatibility shims to allow development and building without needing to be on unstableNix.

Once you have nix installed, simply run, if you have flakes and nix-command enabled:

nix develop

or

nix-shell

if you do not.

This project also has a .evnrc file, for use with direnv.

Usage

TODO

Contributing

Take a look at CONTRIBUTING.md

Documentation

Please take a look at the CHANEGLOG.md and the rustdoc.