Expand description
§encryptor
Encrypt a Web3 wallet secret phrase with an easy-to-remember password and store only the resulting ciphertext string.
- **KDF **
Argon2id— password → 256-bit key - **AEAD **
AES-256-GCM— key + nonce → authenticated ciphertext - Blob
[salt | nonce | ciphertext]Base64URL-encoded (no padding)
use encryptor::{encrypt, decrypt};
let phrase = "satoshi doll mercy …"; // wallet seed phrase
let pass = "Fr33dom-2025!"; // memorable password
let blob = encrypt(phrase, pass)?; // store this string
assert_eq!(phrase, decrypt(&blob, pass)?);§Threat model
| ✅ Protects against | ❌ Does not protect against |
|---|---|
| Lost / stolen disk or backup | Very weak or leaked passwords |
| Curious cloud operator | Attackers who can key-log or phish your pass |
Security disclaimer: No formal audit yet. Use at your own risk.
§API overview
encrypt– passphrase → ciphertext stringdecrypt– ciphertext string → original secret phraseCryptoError– unified error enum
Re-exports§
pub use error::CryptoError;
Modules§
- error
- Cryptographic errors returned by this crate.
Constants§
- KEY_LEN
- Number of bytes in the derived symmetric key (
256 bits). - NONCE_
LEN - Length in bytes of the AES-GCM nonce.
- SALT_
LEN - Length in bytes of the random salt prepended to the ciphertext blob.
Functions§
- decrypt
- Decrypt a ciphertext produced by
encrypt. - encrypt
- Encrypt UTF-8 data with a password, returning a single Base64URL
string (
no = padding) that embeds salt, nonce, and ciphertext.
Type Aliases§
- Key
- The key is automatically zeroed.