StreamKey

fog_crypto::stream

Struct StreamKey 

Source 
pub struct StreamKey { /* private fields */ }
Expand description

Stream Key that allows encrypting data into a Lockbox and decrypting it later.

This acts as a wrapper for a specific cryptographic symmetric key, which can only be used with the corresponding symmetric encryption algorithm. The underlying key may be located in a hardware module or some other private keystore; in this case, it may be impossible to export the key.


// Make a new temporary key
let key = StreamKey::new();
let id = key.id().clone();

// Encrypt some data with the key, then turn it into a byte vector
let data = b"I am sensitive information, about to be encrypted";
let lockbox = key.encrypt_data(data.as_ref());
let mut encoded = Vec::new();
encoded.extend_from_slice(lockbox.as_bytes());

// Decrypt that data with the same key
let dec_lockbox = DataLockboxRef::from_bytes(encoded.as_ref())?;
let dec_data = key.decrypt_data(dec_lockbox)?;

Implementations§

Source§

impl StreamKey

Source

pub fn from_interface(interface: Arc<dyn StreamInterface>) -> Self

Create a new StreamKey to hold a StreamInterface implementation. Can be used by implementors of a vault when making new StreamKey instances.

Source

pub fn new() -> StreamKey

Generate a temporary StreamKey that exists only in program memory.

Source

pub fn with_rng<R>(csprng: &mut R) -> StreamKey
where R: CryptoRng + RngCore,

Generate a temporary StreamKey that exists only in program memory, using the provided cryptographic RNG.

Source

pub fn with_rng_and_version<R>( csprng: &mut R, version: u8, ) -> Result<StreamKey, CryptoError>
where R: CryptoRng + RngCore,

Generate a temporary StreamKey that exists only in program memory. Uses the specified version instead of the default, and fails if the version is unsupported.

Source

pub fn version(&self) -> u8

Version of symmetric encryption algorithm used by this key.

Source

pub fn id(&self) -> &StreamId

The publically shareable identifier for this key.

Source

pub fn encrypt_data(&self, content: &[u8]) -> DataLockbox

Encrypt a byte slice into a DataLockbox.

Source

pub fn encrypt_data_with_rng<R: CryptoRng + RngCore>( &self, csprng: &mut R, content: &[u8], ) -> DataLockbox

Encrypt a byte slice into a DataLockbox. Requires a cryptographic RNG to generate the needed nonce.

Source

pub fn decrypt_lock_key( &self, lockbox: &LockLockboxRef, ) -> Result<LockKey, CryptoError>

Attempt to decrypt a LockLockboxRef with this key. On success, the returned LockKey is temporary and not associated with any Vault.

Source

pub fn decrypt_identity_key( &self, lockbox: &IdentityLockboxRef, ) -> Result<IdentityKey, CryptoError>

Attempt to decrypt a IdentityLockboxRef with this key. On success, the returned IdentityKey is temporary and not associated with any Vault.

Source

pub fn decrypt_stream_key( &self, lockbox: &StreamLockboxRef, ) -> Result<StreamKey, CryptoError>

Attempt to decrypt a StreamLockboxRef with this key. On success, the returned StreamKey is temporary and not associated with any Vault.

Source

pub fn decrypt_data( &self, lockbox: &DataLockboxRef, ) -> Result<Vec<u8>, CryptoError>

Attempt to decrypt a DataLockboxRef with this key.

Source

pub fn export_for_lock(&self, lock: &LockId) -> Option<StreamLockbox>

Pack this secret into a StreamLockbox, meant for the recipient specified by id. Returns None if this key cannot be exported.

Source

pub fn export_for_lock_with_rng<R: CryptoRng + RngCore>( &self, csprng: &mut R, lock: &LockId, ) -> Option<StreamLockbox>

Pack this secret into a StreamLockbox, meant for the recipient specified by id. Returns None if this key cannot be exported.

Source

pub fn export_for_stream(&self, stream: &StreamKey) -> Option<StreamLockbox>

Pack this key into a StreamLockbox, meant for the recipient specified by stream. Returns None if this key cannot be exported for the given recipient. Generally, the recipient should be in the same Vault as the key being exported, or the exported key should be a temporary key.

Source

pub fn export_for_stream_with_rng<R: CryptoRng + RngCore>( &self, csprng: &mut R, stream: &StreamKey, ) -> Option<StreamLockbox>

Pack this key into a StreamLockbox, meant for the recipient specified by stream. Returns None if this key cannot be exported for the given recipient. Generally, the recipient should be in the same Vault as the key being exported, or the exported key should be a temporary key.

Trait Implementations§

Source§

impl Clone for StreamKey

Source§

fn clone(&self) -> StreamKey

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for StreamKey

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for StreamKey

Available on crate feature getrandom only.
Source§

fn default() -> Self

Returns the “default value” for a type. Read more
Source§

impl Display for StreamKey

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Display just the StreamId (never the underlying key).

Source§

impl<T: StreamInterface + 'static> From<T> for StreamKey

Source§

fn from(value: T) -> Self

Converts to this type from the input type.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T> ToString for T
where T: Display + ?Sized,

Source§

fn to_string(&self) -> String

Converts the given value to a String. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.