Expand description
FireCloud Crypto - Encryption and key management
Implements the key hierarchy:
- Master Key (derived from password via Argon2id)
- Key Encryption Key (KEK) - encrypts per-file DEKs
- Data Encryption Key (DEK) - per-file symmetric key
Structs§
- Derived
Keys - Keys derived from master key using HKDF
- Encrypted
Dek - Encrypted DEK stored in file manifest
- Kek
- Key Encryption Key derived from user password
- KeyPair
- Ed25519 key pair for signing and identity
- Master
Key - Master key derived from user password
Enums§
Constants§
- KEK_
NONCE_ SIZE - Size of nonce for XChaCha20 (192-bit)
- KEK_
SIZE - Size of KEK in bytes (256-bit)
- KEY_
SIZE - Key size (256 bits)
- NONCE_
SIZE - Nonce size for XChaCha20-Poly1305 (24 bytes)
- SALT_
SIZE - Size of salt for password hashing (128-bit)
- TAG_
SIZE - Authentication tag size for Poly1305
Functions§
- decrypt
- Decrypt data encrypted with XChaCha20-Poly1305
- encrypt
- Encrypt data using XChaCha20-Poly1305
- generate_
dek - Generate a random Data Encryption Key (DEK) for a file
- generate_
salt - Generate a random salt for password hashing
- hash_
password - Hash a password for storage (verification only, not for encryption)
- verify_
password - Verify a password against a stored hash