Expand description
Provides encryption of secret shares to specific recipients using crypto_box
Internally uses dark-crystal-secret-sharing-rust,
which uses sharks for Shamirs secret sharing and xsalsa20poly1305
for authenticated encryption.
This is part of a work-in-progress Rust implementation of the Dark Crystal Key Backup Protocol.
Structs§
- Encrypted
Share Set - A set of encrypted shares, together with the public key used for encryption and the encrypted secret
- Error
- Error type.
- Public
Key - A
crypto_boxpublic key. - Recovery
Error - Error created when recovery fails
- Secret
Key - A
crypto_boxsecret key. - Share
AndEncrypt Error - Error created when the share function fails
- Share
Error - Error created when share fn fails
Functions§
- combine_
authenticated - Combine a set of shares and ciphertext produced by share_authenticated
- decrypt
- Decrypt a given ciphertext using crypto_box
- decrypt_
with_ given_ nonce - Decrypt a given ciphertext using crypto_box using a given nonce rather than attaching one to the ciphertext
- default_
threshold - Give a recommended threshold value for a given number of shares
- encrypt
- Encrypt a given message using crypto_box
- encrypt_
with_ given_ nonce - Encrypt a given message using crypto_box using a given nonce rather than generating one
- share_
and_ encrypt - Create a set of shares and encrypt them to a given set of public keys
- share_
and_ encrypt_ detached_ nonce - Create a set of shares and encrypt them to a given set of public keys but make the shares shorted by using the nonce from the ciphertext when encrypting the shares
- share_
authenticated - Encrypt a secret and create shares of its key. This gives authentication so we know whether recovery was successful It also reduces duplication with long (> 32 bytes) secrets, and improves security when using non-uniformly random secrets such as passwords.
- thresold_
sanity - Gives a threshold ‘sanity’ factor, given a threshold and number of shares 0 is ideal. Positive values represent the level of danger of loosing access to the secret. Negative values represent the level of danger of an attacker gaining it.