Skip to main content

EncryptionProvider

xtax_encryption

Trait EncryptionProvider 

Source 
pub trait EncryptionProvider: Send + Sync {
    // Required methods
    fn encrypt_stream<'life0, 'life1, 'life2, 'async_trait>(
        &'life0 self,
        input: &'life1 mut (dyn AsyncRead + Send + Unpin),
        output: &'life2 mut (dyn AsyncWrite + Send + Unpin),
    ) -> Pin<Box<dyn Future<Output = EncryptionResult<Vec<u8>>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait,
             'life2: 'async_trait;
    fn decrypt_stream<'life0, 'life1, 'life2, 'life3, 'async_trait>(
        &'life0 self,
        input: &'life1 mut (dyn AsyncRead + Send + Unpin),
        output: &'life2 mut (dyn AsyncWrite + Send + Unpin),
        header_bytes: &'life3 [u8],
    ) -> Pin<Box<dyn Future<Output = EncryptionResult<()>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait,
             'life2: 'async_trait,
             'life3: 'async_trait;
    fn rekey_header<'life0, 'life1, 'async_trait>(
        &'life0 self,
        header_bytes: &'life1 [u8],
    ) -> Pin<Box<dyn Future<Output = EncryptionResult<Option<Vec<u8>>>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait;
}
Expand description

Encryption provider — abstracts the encryption operations needed by encrypted storage layers.

This trait allows any crate to work with a pluggable encryption backend that supports detached-header stream encryption.

§Implementations

  • Must be Send + Sync (required by async storage layers).
  • The encrypt_stream method must flush the output stream before returning.
  • The returned header bytes are stored separately from the encrypted data and later passed back to decrypt_stream.

Required Methods§

Source

fn encrypt_stream<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, input: &'life1 mut (dyn AsyncRead + Send + Unpin), output: &'life2 mut (dyn AsyncWrite + Send + Unpin), ) -> Pin<Box<dyn Future<Output = EncryptionResult<Vec<u8>>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Encrypt data from input and write the encrypted stream to output.

Returns the serialisable encryption header that must be stored alongside the data (e.g. as a separate blob).

Source

fn decrypt_stream<'life0, 'life1, 'life2, 'life3, 'async_trait>( &'life0 self, input: &'life1 mut (dyn AsyncRead + Send + Unpin), output: &'life2 mut (dyn AsyncWrite + Send + Unpin), header_bytes: &'life3 [u8], ) -> Pin<Box<dyn Future<Output = EncryptionResult<()>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait, 'life3: 'async_trait,

Decrypt data from input using the previously stored header_bytes and write plaintext to output.

Source

fn rekey_header<'life0, 'life1, 'async_trait>( &'life0 self, header_bytes: &'life1 [u8], ) -> Pin<Box<dyn Future<Output = EncryptionResult<Option<Vec<u8>>>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Try to re-key (re-wrap) an existing encryption header with the current master key.

  • Returns None if the header is already using the current key.
  • Returns Some(new_header_bytes) if the header was re-wrapped.

Dyn Compatibility§

This trait is dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety".

Implementors§