Expand description
§Cryptographic Operations
This module provides core encryption and decryption functionality using AES-256-GCM.
§Algorithm
- Cipher: AES-256-GCM (Galois/Counter Mode)
- Key size: 256 bits (32 bytes)
- Nonce size: 96 bits (12 bytes)
- Authentication: Built into GCM mode (16-byte tag)
§Encrypted Data Format
[GITCRYPT][12-byte nonce][variable-length ciphertext + 16-byte GCM tag]The magic header ensures reliable detection of encrypted data and provides versioning capability for future format changes.
§Security Properties
- Confidentiality: AES-256 provides strong encryption
- Authentication: GCM mode ensures tamper detection
- Nonce uniqueness: Random nonces prevent pattern detection
- Key derivation: Keys generated from OS random number generator
§Unit Tests
Run crypto module tests:
cargo test crypto::Tests cover:
- Basic encryption/decryption round-trips
- Empty and large data handling
- Binary data with all byte values
- Unicode content
- Key uniqueness and nonce randomness
- Authentication with wrong keys
- Tamper detection on corrupted data
- Invalid key size rejection