Expand description
This crate defines and implements the encrypted offline storage format used by the Stronghold ecosystem.
The format has a header with version and magic bytes to appease applications wishing to provide file-type detection.
The data stored within a snapshot is considered opaque and uses 256 bit keys. It provides recommended ways to derive the snapshot encryption key from a user provided password. The format also allows using an authenticated data bytestring to further protect the offline snapshot files (one might consider using a secondary user password strengthened by an HSM).
The current version of the format is using X25519 together with an ephemeral key to derive a shared key for the symmetric XChaCha20 cipher and uses the Poly1305 message authentication algorithm. Future versions, when the demands for larger snapshot sizes and/or random access is desired, might consider encrypting smaller chunks (B-trees?) or similar using per chunk derived ephemeral keys.
Modules
Structs
Enums
Constants
- Key size for the ephemeral key
- Magic bytes (bytes 0-4 in a snapshot file) aka PARTI
- Current version bytes (bytes 5-6 in a snapshot file)
Functions
- Compress data using an LZ4 Algorithm.
- Decompress data using an LZ4 Algorithm.
- Decrypt snapshot content with key using maximum work factor recommended for password-based (weak) keys.
- Decrypt snapshot content with key using custom maximum work factor.
- Check the file header,
decrypt_content
, and decompress the ciphertext from the specified path. - Encrypt snapshot content with key using work factor recommended for password-based (weak) keys.
- Encrypt snapshot content with key using custom work factor.
- Put magic and version bytes as file-header,
encrypt_content
the specified plaintext to the specified path.
Type Definitions
- Key type alias.