[−][src]Module dup_crypto::private_message
Private message encryption/decryption
Encrypt a private message (sender side)
Warning: Take the time to study which is the authentication policy adapted to your specific use case. Choosing an unsuitable authentication policy can be dramatic for your end users. Read the documentation of AuthenticationPolicy.
use dup_crypto::keys::{ KeyPair, PublicKey, ed25519::{KeyPairFromSaltedPasswordGenerator, PublicKey as Ed25519PublicKey, SaltedPassword} }; use dup_crypto::private_message::{Aad, Algorithm, AuthenticationPolicy, METADATA_LEN}; use dup_crypto::seeds::Seed32; // Take the time to study which is the authentication policy adapted // to your specific use case. // Read `dup_crypto::private_message::AuthenticationPolicy` documentation. let authentication_policy = AuthenticationPolicy::PrivateAuthentication; // Regardless of the authentication policy chosen, the sender's key-pair is required. let sender_key_pair = KeyPairFromSaltedPasswordGenerator::with_default_parameters() .generate(SaltedPassword::new("sender salt".to_owned(), "sender password".to_owned())); // Choose an encryption algorithm adapted to your specific use case. // Read `dup_crypto::private_message::Algorithm` documentation. let encryption_algo = Algorithm::Chacha20Poly1305; // Aad value must be known by the software that will decipher the message, it can be the // name of the service followed by the name of the network (name of the currency for example). // This field is only used to ensure that there is no interference between different services // and/or networks. let aad = Aad::from(b"service name - currency name"); // Define receiver and message content // The message must be mutable because for performance reasons the encryption is applied // directly to the bytes of the message (the message is never copied). let receiver_public_key = Ed25519PublicKey::from_base58( "8hgzaeFnjkNCsemcaL4rmhB2999B79BydtE8xow4etB7" ).expect("invalid public key"); let message = b"This is a secret message, which can only be read by the recipient."; // It is up to you to create the buffer that will contain the encrypted message. // This gives you the freedom to choose how to allocate the memory space and in // which type of "container" to store the bytes of the encrypted message. // Metadata needed for decryption and authentication will be added to your message, // you must make sure that your buffer has enough capacity to hold this metadata. let mut buffer: Vec<u8> = Vec::with_capacity(message.len() + METADATA_LEN); buffer.extend(&message[..]); // Finally, authenticate and encrypt the message. dup_crypto::private_message::encrypt_private_message( aad, encryption_algo, authentication_policy, &mut buffer, &receiver_public_key, &sender_key_pair, )?; // Send message to the recipient by any way..
Decrypt a private message (receiver side)
use dup_crypto::keys::{KeyPair, ed25519::KeyPairFromSeed32Generator}; use dup_crypto::private_message::{Aad, Algorithm, DecryptedMessage}; use dup_crypto::seeds::Seed32; let receiver_key_pair = KeyPairFromSeed32Generator::generate( Seed32::from_base58("7nY1fYmCXL1vF86ptneeg8r7M6C7G93M8MCfzBCaCtiJ").expect("invalid seed") ); let mut encrypted_message = vec![221u8, 252, 176, 127, 197, // ... several bytes hidden let DecryptedMessage { message, sender_public_key, signature_opt } = dup_crypto::private_message::decrypt_private_message( Aad::from(b"service name - currency name"), Algorithm::Chacha20Poly1305, &mut encrypted_message, &receiver_key_pair, )?; assert_eq!( message, &b"This is a secret message, which can only be read by the recipient."[..], ); assert_eq!{ "4HbjoXtWu9C2Q5LMu1RcWHS66k4dnvHspBxKWagFG5rJ", &sender_public_key.to_string(), } assert_eq!( signature_opt, None );
Structs
Aad | The additionally authenticated data (AAD) for an opening or sealing operation. This data is authenticated but is not encrypted. |
DecryptedMessage | Decrypted message |
Enums
Algorithm | Private message encryption algorithm
If your program is susceptible to running on machines that do not provide hardware
acceleration for AES (some phones, embedded devices, old computers, etc) then you
should choose |
AuthenticationPolicy | Authentication policy. |
PrivateMessageError | Error at encryption/decryption of a private message |
Constants
METADATA_LEN | Metadata length |
Functions
decrypt_private_message | Decrypt private message.
Return a reference to decrypted bytes and an optional signature.
If the authentication method chosen by the sender is |
encrypt_private_message | Encrypt private message |