Struct fog_crypto::stream::StreamKey

pub struct StreamKey { /* fields omitted */ }

Stream Key that allows encrypting data into a Lockbox and decrypting it later.

This acts as a wrapper for a specific cryptographic symmetric key, which can only be used with the corresponding symmetric encryption algorithm. The underlying key may be located in a hardware module or some other private keystore; in this case, it may be impossible to export the key.

// Make a new temporary key
let mut csprng = rand::rngs::OsRng {};
let key = StreamKey::new_temp(&mut csprng);
let id = key.id().clone();

// Encrypt some data with the key, then turn it into a byte vector
let data = b"I am sensitive information, about to be encrypted";
let lockbox = key.encrypt_data(&mut csprng, data.as_ref());
let mut encoded = Vec::new();
encoded.extend_from_slice(lockbox.as_bytes());

// Decrypt that data with the same key
let dec_lockbox = DataLockboxRef::from_bytes(encoded.as_ref())?;
let dec_data = key.decrypt_data(dec_lockbox)?;

Implementations

impl StreamKey

pub fn new_temp<R>(csprng: &mut R) -> StreamKey where
    R: CryptoRng + RngCore, 

Generate a temporary StreamKey that exists only in program memory.

pub fn new_temp_with_version<R>(
    csprng: &mut R,
    version: u8
) -> Result<StreamKey, CryptoError> where
    R: CryptoRng + RngCore, 

Generate a temporary StreamKey that exists only in program memory. Uses the specified version instead of the default, and fails if the version is unsupported.

pub fn version(&self) -> u8

Version of symmetric encryption algorithm used by this key.

pub fn id(&self) -> &StreamId

The publically shareable identifier for this key.

pub fn encrypt_data<R: CryptoRng + RngCore>(
    &self,
    csprng: &mut R,
    content: &[u8]
) -> DataLockbox

Encrypt a byte slice into a DataLockbox. Requires a cryptographic RNG to generate the needed nonce.

pub fn decrypt_lock_key(
    &self,
    lockbox: &LockLockboxRef
) -> Result<LockKey, CryptoError>

Attempt to decrypt a LockLockboxRef with this key. On success, the returned LockKey is temporary and not associated with any Vault.

pub fn decrypt_identity_key(
    &self,
    lockbox: &IdentityLockboxRef
) -> Result<IdentityKey, CryptoError>

Attempt to decrypt a IdentityLockboxRef with this key. On success, the returned IdentityKey is temporary and not associated with any Vault.

pub fn decrypt_stream_key(
    &self,
    lockbox: &StreamLockboxRef
) -> Result<StreamKey, CryptoError>

Attempt to decrypt a StreamLockboxRef with this key. On success, the returned StreamKey is temporary and not associated with any Vault.

pub fn decrypt_data(
    &self,
    lockbox: &DataLockboxRef
) -> Result<Vec<u8>, CryptoError>

Attempt to decrypt a DataLockboxRef with this key.

pub fn export_for_lock<R: CryptoRng + RngCore>(
    &self,
    csprng: &mut R,
    lock: &LockId
) -> Option<StreamLockbox>

Pack this secret into a StreamLockbox, meant for the recipient specified by id. Returns None if this key cannot be exported.

pub fn export_for_stream<R: CryptoRng + RngCore>(
    &self,
    csprng: &mut R,
    stream: &StreamKey
) -> Option<StreamLockbox>

Pack this key into a StreamLockbox, meant for the recipient specified by stream. Returns None if this key cannot be exported for the given recipient. Generally, the recipient should be in the same Vault as the key being exported, or the exported key should be a temporary key.

Trait Implementations

impl Clone for StreamKey

fn clone(&self) -> StreamKey

Returns a copy of the value.

pub fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for StreamKey

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Display for StreamKey

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Display just the StreamId (never the underlying key).