strong_box/lib.rs
1//! Secure symmetric encryption using modern algorithms and affordances.
2//!
3//! If you want to encrypt something that only someone with the same key can decrypt, and you want
4//! the most up-to-date algorithms and security properties (such as Additional Data validation),
5//! then StrongBox is for you.
6//!
7//! A [`StrongBox`] exists to encrypt and decrypt data. It uses a single key to encrypt all
8//! data, and can decrypt data that was previously encrypted with any key in the list.
9//!
10//! The ability to specify a list of decryption keys allows for periodic key rotation, without
11//! losing the ability to decrypt old ciphertexts. This is important because *every* symmetric
12//! cipher scheme is weakened when many plaintexts (in the "billions" range, so it's *usually* OK)
13//! are encrypted with the same key, so it's worth rotating your keys now and then. You simply
14//! generate a new key, specify that as your encryption key, and make sure the list of decryption
15//! keys includes the new key and all the previous keys that any remaining valid ciphertexts may
16//! have been encrypted with.
17//!
18//! The encryption *context* is used to provide protection against attacks involving
19//! substituting one ciphertext for another. [This Security StackExchange
20//! answer](https://security.stackexchange.com/a/179279/167630) is an excellent explanation of
21//! why an encryption context is useful. If for whatever reason you don't have an appropriate
22//! context, you can use `b""` as the context, but remember that the same context must be specified
23//! for both encryption *and* decryption.
24//!
25//! # Other Kinds of StrongBoxes
26//!
27//! If you have multiple different *kinds* of data to encrypt (say, different fields of a
28//! database), it's safer (on many fronts) to encrypt the different kinds of data with different
29//! keys. To facilitate that, you can create a [`StemStrongBox`], and "derive" new StrongBoxes
30//! that use keys derived from the keys in the [`StemStrongBox`]. This keeps you from having to
31//! manage great masses of keys -- instead, just have one set of "root" keys, and derive all the
32//! other ones you need. Of course, you can derive another [`StemStrongBox`] from *that* one, and so
33//! on, creating a whole "tree" of [`StrongBox`]es.
34//!
35//! You can also create a [`RotatingStrongBox`], that automatically rotates its keys according to a
36//! fixed schedule, and maintains the ability to decrypt ciphertexts encrypted by keys from a
37//! bounded number of previous rotations.
38//!
39//! Finally, there is the [`SharedStrongBox`], which anyone with a public key can use to encrypt
40//! data that only someone with the corresponding private key can decrypt.
41mod error;
42mod rotating_strong_box;
43mod shared_strong_box;
44mod static_strong_box;
45mod stem_strong_box;
46mod strong_box;
47
48pub use ::ciborium;
49
50pub use error::Error;
51pub use rotating_strong_box::RotatingStrongBox;
52pub use shared_strong_box::{SharedStrongBox, SharedStrongBoxKey};
53pub use static_strong_box::StaticStrongBox;
54pub use stem_strong_box::StemStrongBox;
55pub use strong_box::StrongBox;
56
57use static_strong_box::Ciphertext;
58
59mod kdf;
60mod key;
61mod key_id;
62
63pub use key::{Key, generate_key};
64use key_id::{KeyId, key_id};