void-crypto 0.0.2

Cryptographic primitives for void — KeyVault, AES-256-GCM, HKDF, envelope encryption

Coverage
86.08%
167 out of 194 items documented0 out of 77 items with examples
Size
Source code size: 178.59 kB This is the summed size of all the files inside the crates.io package for this release.
Documentation size: 4.25 MB This is the summed size of all files generated by rustdoc for all configured targets
Ø build duration
this release: 49s Average build duration of successful builds.
all releases: 1m 3s Average build duration of successful builds in releases after 2024-10-23.
Links
Repository
crates.io
Dependencies
Versions
Owners

void-crypto: Cryptographic primitives and key management for void.

This crate is the sole custodian of repository encryption key material. It provides:

AES-256-GCM authenticated encryption with AAD
HKDF-SHA256 key derivation with purpose separation
Per-commit envelope encryption (VD01 format)
KeyVault: an opaque vault that holds the root key and provides operations
CommitReader: a per-commit handle for decrypting metadata and shards
Scoped access tokens for limited read access

Security Architecture

The root key never leaves this crate. External crates interact with key material only through:

KeyVault methods (open_commit, seal_commit, derived key accessors)
CommitReader methods (decrypt_metadata, decrypt_shard)
SecretKey references (derived keys for index/stash/staged)

Raw [u8; 32] key parameters are pub(crate) only — the crate boundary is the enforcement mechanism.