Module key

devolutions_crypto

Module key 

Source
Expand description

Module for dealing with wrapped keys and key exchange.

For now, this module only deal with keypairs, as the symmetric keys are not wrapped yet.

§Generation/Derivation

Using generate_keypair will generate a random keypair.

Asymmetric keys have two uses. They can be used to encrypt and decrypt data and to perform a key exchange.

§generate_keypair
use devolutions_crypto::key::{generate_keypair, KeyVersion, KeyPair};

let keypair: KeyPair = generate_keypair(KeyVersion::Latest);

§Key Exchange

The goal of using a key exchange is to get a shared secret key between two parties without making it possible for users listening on the conversation to guess that shared key.

  1. Alice and Bob generates a KeyPair each.
  2. Alice and Bob exchanges their PublicKey.
  3. Alice mix her PrivateKey with Bob’s PublicKey. This gives her the shared key.
  4. Bob mixes his PrivateKey with Alice’s PublicKey. This gives him the shared key.
  5. Both Bob and Alice has the same shared key, which they can use for symmetric encryption for further communications.
use devolutions_crypto::key::{generate_keypair, mix_key_exchange, KeyVersion, KeyPair};

let bob_keypair: KeyPair = generate_keypair(KeyVersion::Latest);
let alice_keypair: KeyPair = generate_keypair(KeyVersion::Latest);

let bob_shared = mix_key_exchange(&bob_keypair.private_key, &alice_keypair.public_key).expect("key exchange should not fail");

let alice_shared = mix_key_exchange(&alice_keypair.private_key, &bob_keypair.public_key).expect("key exchange should not fail");

// They now have a shared secret!
assert_eq!(bob_shared, alice_shared);

Re-exports§

pub use super::KeyVersion;

Structs§

KeyPair
An asymmetric keypair.
PrivateKey
A private key. This key should never be sent over an insecure channel or stored unsecurely.
PublicKey
A public key. This key can be sent in clear on unsecured channels and stored publicly.

Functions§

generate_keypair
Generates a KeyPair to use in a key exchange or to encrypt data.
mix_key_exchange
Mix a PrivateKey with another client PublicKey to get a secret shared between the two parties.