Struct fernet::Fernet

pub struct Fernet { /* fields omitted */ }

Implementations

impl Fernet

Fernet encapsulates encrypt and decrypt operations for a particular synchronous key.

pub fn new(key: &str) -> Option<Fernet>

Returns a new fernet instance with the provided key. The key should be 32-bytes, url-safe base64-encoded. Generating keys with Fernet::generate_key is recommended. DO NOT USE A HUMAN READABLE PASSWORD AS A KEY. Returns None if the key is not 32-bytes base64 encoded.

pub fn generate_key() -> String

Generates a new, random, key. Can be safely passed to Fernet::new(). Store this somewhere safe!

pub fn encrypt(&self, data: &[u8]) -> String

Encrypts data into a token. Returns a value (which is base64-encoded) that can be passed to Fernet::decrypt for decryption and verification..

pub fn encrypt_at_time(&self, data: &[u8], current_time: u64) -> String

Encrypts data with the current_time. Returns a value (which is base64-encoded) that can be passed to Fernet::decrypt.

This function has the capacity to be used incorrectly or insecurely due to to the “current_time” parameter. current_time must be the systems time::SystemTime::now() with duraction_since(time::UNIX_EPOCH) as seconds.

The motivation for a function like this is for your application to be able to test ttl expiry of tokens in your API. This allows you to pass in mock time data to assert correct behaviour of your application. Care should be taken to ensure you always pass in correct current_time values for deployments.

pub fn decrypt(&self, token: &str) -> Result<Vec<u8>, DecryptionError>

Decrypts a ciphertext. Returns either Ok(plaintext) if decryption is successful or Err(DecryptionError) if there are any errors. Errors could include incorrect key or tampering with the data.

pub fn decrypt_with_ttl(
    &self,
    token: &str,
    ttl_secs: u64
) -> Result<Vec<u8>, DecryptionError>

Decrypts a ciphertext with a time-to-live. Returns either Ok(plaintext) if decryption is successful or Err(DecryptionError) if there are any errors. Note if the token timestamp + ttl > current time, then this will also yield a DecryptionError. The ttl is measured in seconds. This is a relative time, not the absolute time of expiry. IE you would use 60 as a ttl_secs if you wanted tokens to be considered invalid after that time.

pub fn decrypt_at_time(
    &self,
    token: &str,
    ttl: Option<u64>,
    current_time: u64
) -> Result<Vec<u8>, DecryptionError>

Decrypt a ciphertext with a time-to-live, and the current time. Returns either Ok(plaintext) if decryption is successful or Err(DecryptionError) if there are any errors.

This function has the capacity to be used incorrectly or insecurely due to to the “current_time” parameter. current_time must be the systems time::SystemTime::now() with duraction_since(time::UNIX_EPOCH) as seconds.

The motivation for a function like this is for your application to be able to test ttl expiry of tokens in your API. This allows you to pass in mock time data to assert correct behaviour of your application. Care should be taken to ensure you always pass in correct current_time values for deployments.

Trait Implementations

impl Clone for Fernet

fn clone(&self) -> Fernet

Returns a copy of the value.

pub fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Drop for Fernet

fn drop(&mut self)

Executes the destructor for this type.

impl Zeroize for Fernet

fn zeroize(&mut self)

Zero out this object from memory using Rust intrinsics which ensure the zeroization operation is not “optimized away” by the compiler.