Function devolutions_crypto_wayk::bastion::key_exchange::encrypt_key[−][src]

pub fn encrypt_key(
    shared_key: &SharedSecret, 
    csc_uuid: Uuid, 
    symmetric_key_to_share: &[u8]
) -> Result<String, Error>

Encrypts symmetric key to be sent over the wire using shared secret.

Output is the encrypted key encoded in base64.

Internals

AAD is the CSC UUID in big-endian binary format.
A 24-byte nonce is randomly generated.
Symmetric key (our plaintext) is encrypted using XChaCha2020-Poly1035.
Output is a buffer such as [AAD (16) | nonce (24) | Ciphertext (variable) | Tag (16)] encoded in standard base64.