Expand description
§df-share: Secret Sharing
This module provides a straightforward API to securely exchange a secret between two parties (a client and a server) using ephemeral Diffie-Hellman keys. The server encrypts the secret in such a way that only the requesting client can decrypt it, assuming both sides derive the same shared secret key.
§Basic Usage
- Client creates an ephemeral key pair via
EphemeralClient::new().- Call
EphemeralClient::sendable()to retrieve a tuple: a request object and adecryptor.
- Call
- Server receives the request, creates its own ephemeral key pair via
EphemeralServer::new(), and callsEphemeralServer::encrypt_secret()to produce a response containing the encrypted secret. - Client decrypts the response with the
decryptorit previously obtained.
§Example
use df_share::{EphemeralClient, EphemeralServer};
use df_share::error::Unspecified;
// Client side
let client = EphemeralClient::new()?;
let (req, decryptor) = client.sendable();
let res;
let secret = "MyVerySecretPrivateKey010101010";
// Server side
{
let server = EphemeralServer::new()?;
res = server.encrypt_secret(&req, secret.as_bytes())?;
}
// Client side again: decrypt the server's response
let decrypted_secret = decryptor.decrypt(&res)?;
assert_eq!(secret.as_bytes(), &decrypted_secret);Important Note: Because the server generates an ephemeral key pair each time, there’s no built-in guarantee of the server’s identity. If you need server authentication, you must maintain long-term server key material and pin the server public key on the client or use HTTPS/TLS with certificate validation.
Modules§
Structs§
- Client
Req - Ephemeral
Client - Generate per request. Do not reuse.
- Ephemeral
Server - Generate per request. Do not reuse.
- Response
Decryptor - Server
Encrypted Res
Functions§
- from_
hex_ str - generate_
ascii_ art - Generate a 32×32 ASCII art grid by “walking” around based on the hash
- to_
hex_ str