[−][src]Module devolutions_crypto::key
Module for dealing with wrapped keys and key exchange.
For now, this module only deal with keypairs, as the symmetric keys are not wrapped yet.
Generation/Derivation
You have two ways to generate a KeyPair
: Using generate_keypair
will generate a random one, using derive_keypair
will derive one from another password or key along with derivation parameters(including salt). Except in specific circumstances, you should use generate_keypair
.
Asymmetric keys have two uses. They can be used to encrypt and decrypt data and to perform a key exchange.
generate_keypair
use devolutions_crypto::key::{generate_keypair, KeyVersion, KeyPair}; let keypair: KeyPair = generate_keypair(KeyVersion::Latest);
derive_keypair
use devolutions_crypto::Argon2Parameters; use devolutions_crypto::key::{KeyVersion, KeyPair, derive_keypair}; let parameters: Argon2Parameters = Default::default(); let keypair: KeyPair = derive_keypair(b"thisisapassword", ¶meters, KeyVersion::Latest).expect("derivation should not fail");
Key Exchange
The goal of using a key exchange is to get a shared secret key between two parties without making it possible for users listening on the conversation to guess that shared key.
- Alice and Bob generates a
KeyPair
each. - Alice and Bob exchanges their
PublicKey
. - Alice mix her
PrivateKey
with Bob'sPublicKey
. This gives her the shared key. - Bob mixes his
PrivateKey
with Alice'sPublicKey
. This gives him the shared key. - Both Bob and Alice has the same shared key, which they can use for symmetric encryption for further communications.
use devolutions_crypto::key::{generate_keypair, mix_key_exchange, KeyVersion, KeyPair}; let bob_keypair: KeyPair = generate_keypair(KeyVersion::Latest); let alice_keypair: KeyPair = generate_keypair(KeyVersion::Latest); let bob_shared = mix_key_exchange(&bob_keypair.private_key, &alice_keypair.public_key).expect("key exchange should not fail"); let alice_shared = mix_key_exchange(&alice_keypair.private_key, &bob_keypair.public_key).expect("key exchange should not fail"); // They now have a shared secret! assert_eq!(bob_shared, alice_shared);
Structs
KeyPair | An asymmetric keypair. |
PrivateKey | A private key. This key should never be sent over an insecure channel or stored unsecurely. |
PublicKey | A public key. This key can be sent in clear on unsecured channels and stored publicly. |
Enums
KeyVersion | The versions of the key scheme to use. |
Functions
derive_keypair | Derive a |
generate_keypair | Generates a |
mix_key_exchange | Mix a |