Crate enc_file

Expand description

enc_file — password-based authenticated encryption for files.

Highlights

Passwords are never stored; keys are derived with Argon2id (salt + stored params).
Authenticated encryption via XChaCha20-Poly1305 (default) or AES-256-GCM-SIV.
Versioned binary header + CBOR payload. Optional ASCII armor for transport.
Streaming mode for very large files (constant memory; configurable chunk size).
Library API is pure (no prompts/logging). CLI sits on top.

Safety notes

The crate is not audited or reviewed! Protects data at rest. Does not defend against compromised hosts/side channels.

Structs§

decrypt_bytes: Decrypt full file bytes into plaintext.
decrypt_file: Decrypt a file from disk. If output is None, strips “.enc” or uses “.dec”.
encrypt_bytes: Encrypt a whole buffer and return the full file bytes (header + ciphertext).
encrypt_file: Encrypt a file to disk. If output is None, appends “.enc”. Use opts.stream = true to enable streaming mode (see encrypt_file_streaming).
encrypt_file_streaming: Encrypt a file in streaming mode (constant memory).
hash_bytes: Hash a byte slice and return the raw digest bytes.
hash_bytes_keyed_blake3: Keyed BLAKE3 hash (32-byte key). Only for BLAKE3 — other algorithms ignore keys or use HMACs.
hash_file: Hash a file (streaming) and return the raw digest bytes.
hash_file_keyed_blake3: Keyed BLAKE3 file hash (streaming).
load_keymap: Load a key map using a password.
looks_armored
save_keymap: Save a key map using a password (0600 perms on Unix).
to_hex_lower: Helper to hex-encode (lower-case) for display or logs.