Struct dco3_crypto::DracoonCrypto
source · pub struct DracoonCrypto;
Expand description
Implements symmetric and asymmetric encryption for DRACOON by implementing traits using the openssl crate
Trait Implementations§
source§impl Decrypt for DracoonCrypto
impl Decrypt for DracoonCrypto
Implements decryption based on AES256 GCM. Provides function to decrypt on the fly and another one to create a Crypter in order to decrypt in chunks.
source§fn decrypt(
data: &impl AsRef<[u8]>,
plain_file_key: PlainFileKey
) -> Result<Vec<u8>, DracoonCryptoError>
fn decrypt( data: &impl AsRef<[u8]>, plain_file_key: PlainFileKey ) -> Result<Vec<u8>, DracoonCryptoError>
Decrypts bytes on the fly - full message is expected and passed as data.
§Example
use dco3_crypto::{DracoonCrypto, Decrypt, Encrypt};
let message = b"Encrypt me please";
let (enc_message, plain_file_key) = DracoonCrypto::encrypt(message.to_vec()).unwrap();
let plain_message = DracoonCrypto::decrypt(&enc_message, plain_file_key);
source§impl Decrypter<Crypter> for DracoonCrypto
impl Decrypter<Crypter> for DracoonCrypto
source§fn decrypter(
plain_file_key: PlainFileKey,
buffer: &mut Vec<u8>
) -> Result<Crypter<'_, OpenSslCrypter>, DracoonCryptoError>
fn decrypter( plain_file_key: PlainFileKey, buffer: &mut Vec<u8> ) -> Result<Crypter<'_, OpenSslCrypter>, DracoonCryptoError>
Returns a Crypter for chunked decryption
Accepts a buffer to store the decrypted message to. In order to decrypt in chunks, you need to
- get a decrypter and pass a buffer and the plain file key
- update the decrypter by passing the chunks
- finalize the decryption once all chunks were read
- get the message (as bytes) from the encrypter
§Example
use dco3_crypto::{DracoonCrypto, Encrypt, Decrypter, ChunkedEncryption};
use openssl::symm::Cipher;
let message = b"Encrypt this very long message in chunks and decrypt it";
/// returns a tuple containing the message and the plain file key
let (message, plain_file_key) = DracoonCrypto::encrypt(message.to_vec()).unwrap();
let buff_len = message.len() + Cipher::aes_256_gcm().block_size();
/// chunks of 5
let mut chunks = message.chunks(5);
let mut buf = vec![0u8; buff_len];
let mut decrypter = DracoonCrypto::decrypter(plain_file_key, &mut buf).unwrap();
let mut count: usize = 0;
while let Some(chunk) = chunks.next() {
count += decrypter.update(&chunk).unwrap();
}
count += decrypter.finalize().unwrap();
let plain_message = std::str::from_utf8(decrypter.get_message()).unwrap();
source§impl DracoonRSACrypto for DracoonCrypto
impl DracoonRSACrypto for DracoonCrypto
source§fn create_plain_user_keypair(
version: UserKeyPairVersion
) -> Result<PlainUserKeyPairContainer, DracoonCryptoError>
fn create_plain_user_keypair( version: UserKeyPairVersion ) -> Result<PlainUserKeyPairContainer, DracoonCryptoError>
Creates a plain RSA keypair required for DRACOON to encrypt and decrypt file keys. Using a 4096 bit keypair is recommended - 2048 bit is for legacy support and usage is discouraged.
§Example
use dco3_crypto::{DracoonCrypto, DracoonRSACrypto, UserKeyPairVersion};
let plain_4096_keypair =
DracoonCrypto::create_plain_user_keypair(UserKeyPairVersion::RSA4096).unwrap();
source§fn encrypt_private_key(
secret: &str,
plain_keypair: PlainUserKeyPairContainer
) -> Result<UserKeyPairContainer, DracoonCryptoError>
fn encrypt_private_key( secret: &str, plain_keypair: PlainUserKeyPairContainer ) -> Result<UserKeyPairContainer, DracoonCryptoError>
Encrypts a plain keypair container - specifically the private key - using a secret provided as parameter.
§Example
use dco3_crypto::{DracoonCrypto, DracoonRSACrypto, UserKeyPairVersion};
let secret = "VerySecret123!";
let plain_4096_keypair =
DracoonCrypto::create_plain_user_keypair(UserKeyPairVersion::RSA4096).unwrap();
let enc_4096_keypair = DracoonCrypto::encrypt_private_key(secret, plain_4096_keypair).unwrap();
source§fn decrypt_keypair(
secret: &str,
keypair: UserKeyPairContainer
) -> Result<PlainUserKeyPairContainer, DracoonCryptoError>
fn decrypt_keypair( secret: &str, keypair: UserKeyPairContainer ) -> Result<PlainUserKeyPairContainer, DracoonCryptoError>
Decrypts an encrypted keypair container - specifically the private key - using a secret provided as parameter.
§Example
use dco3_crypto::{DracoonCrypto, DracoonRSACrypto, UserKeyPairVersion};
let secret = "VerySecret123!";
let plain_4096_keypair =
DracoonCrypto::create_plain_user_keypair(UserKeyPairVersion::RSA4096).unwrap();
let enc_4096_keypair = DracoonCrypto::encrypt_private_key(secret, plain_4096_keypair).unwrap();
let plain_keypair = DracoonCrypto::decrypt_keypair(secret, enc_4096_keypair).unwrap();
source§fn decrypt_private_key(
secret: &str,
private_key: &PrivateKeyContainer
) -> Result<PrivateKeyContainer, DracoonCryptoError>
fn decrypt_private_key( secret: &str, private_key: &PrivateKeyContainer ) -> Result<PrivateKeyContainer, DracoonCryptoError>
Decrypts a private key container - specifically required for public shares - using a secret provided as parameter.
§Example
use dco3_crypto::{DracoonCrypto, DracoonRSACrypto, UserKeyPairVersion};
let secret = "VerySecret123!";
let plain_4096_keypair =
DracoonCrypto::create_plain_user_keypair(UserKeyPairVersion::RSA4096).unwrap();
let enc_4096_keypair = DracoonCrypto::encrypt_private_key(secret, plain_4096_keypair).unwrap();
let plain_private_key = DracoonCrypto::decrypt_private_key(secret, &enc_4096_keypair.private_key_container).unwrap();
source§fn encrypt_file_key(
plain_file_key: PlainFileKey,
public_key: impl PublicKey
) -> Result<FileKey, DracoonCryptoError>
fn encrypt_file_key( plain_file_key: PlainFileKey, public_key: impl PublicKey ) -> Result<FileKey, DracoonCryptoError>
Encrypts a file key used for file encryption using either the public key or a plain keypair container.
§Example
use dco3_crypto::{DracoonCrypto, DracoonRSACrypto, PlainFileKey, UserKeyPairVersion};
let plain_4096_keypair =
DracoonCrypto::create_plain_user_keypair(UserKeyPairVersion::RSA4096).unwrap();
let plain_file_key = PlainFileKey::try_new_for_encryption().unwrap();
let enc_file_key = DracoonCrypto::encrypt_file_key(plain_file_key, plain_4096_keypair).unwrap();
source§fn decrypt_file_key(
file_key: FileKey,
private_key: impl PrivateKey
) -> Result<PlainFileKey, DracoonCryptoError>
fn decrypt_file_key( file_key: FileKey, private_key: impl PrivateKey ) -> Result<PlainFileKey, DracoonCryptoError>
Decrypts a file key used for file encryption using a plain keypair container.
§Example
use dco3_crypto::{DracoonCrypto, DracoonRSACrypto, PlainFileKey, UserKeyPairVersion, PublicKeyContainer};
let plain_4096_keypair =
DracoonCrypto::create_plain_user_keypair(UserKeyPairVersion::RSA4096).unwrap();
let public_key_container = PublicKeyContainer {
public_key: plain_4096_keypair.public_key_container.public_key.clone(),
version: UserKeyPairVersion::RSA4096,
created_at: None,
created_by: None,
expire_at: None,
};
let plain_file_key = PlainFileKey::try_new_for_encryption().unwrap();
let enc_file_key = DracoonCrypto::encrypt_file_key(plain_file_key, public_key_container).unwrap();
let plain_file_key = DracoonCrypto::decrypt_file_key(enc_file_key, plain_4096_keypair).unwrap();
source§impl Encrypt for DracoonCrypto
impl Encrypt for DracoonCrypto
Implements encryption based on AES256 GCM. Provides function to encrypt on the fly and another one to create a Crypter in order to encrypt in chunks.
source§fn encrypt(
data: impl AsRef<[u8]>
) -> Result<EncryptionResult, DracoonCryptoError>
fn encrypt( data: impl AsRef<[u8]> ) -> Result<EncryptionResult, DracoonCryptoError>
Encrypts bytes on the fly - full message is expected and passed as data.
§Example
use dco3_crypto::{DracoonCrypto, Encrypt};
let message = b"Encrypt me please";
let enc_message = DracoonCrypto::encrypt(message.to_vec()).unwrap();
source§impl Encrypter<Crypter> for DracoonCrypto
impl Encrypter<Crypter> for DracoonCrypto
source§fn encrypter(
buffer: &mut Vec<u8>
) -> Result<Crypter<'_, OpenSslCrypter>, DracoonCryptoError>
fn encrypter( buffer: &mut Vec<u8> ) -> Result<Crypter<'_, OpenSslCrypter>, DracoonCryptoError>
Returns a Crypter for chunked encryption
Accepts a buffer to store the encrypted message to. In order to encrypt in chunks, you need to
- get an encrypter and pass a buffer
- update the encrypter by passing the chunks
- finalize the encryption once all chunks were read
- get the message (as bytes) from the encrypter
- get the plain file key from the encrypter
§Example
use dco3_crypto::{DracoonCrypto, Encrypter, ChunkedEncryption};
use openssl::symm::Cipher;
let mut message = b"Encrypt this very long message in chunks and decrypt it";
let buff_len = message.len() + Cipher::aes_256_gcm().block_size();
let mut buf = vec![0u8; buff_len];
let mut encrypter =
DracoonCrypto::encrypter(&mut buf).unwrap();
let mut count: usize = 0;
const CHUNKSIZE: usize = 8;
let mut chunks = message.chunks(CHUNKSIZE);
while let Some(chunk) = chunks.next() {
count += encrypter.update(&chunk).unwrap();
}
count += encrypter.finalize().unwrap();
let enc_message = encrypter.get_message();
let plain_file_key = encrypter.get_plain_file_key();