Expand description
The core of this program. Encrypt/decrypt, compress/decompress files.
§Module Structure
| Module | Contents |
|---|---|
[header] | Constants (MAGIC, VERSION, SALT_LEN, …) and FileHeader |
[key] | Key derivation (Argon2, key splitting, nonce derivation) + key cache |
[stream] | Streaming Read → Write encrypt/decrypt primitives |
file | File-to-file encrypt/decrypt with atomic writes & metadata preservation |
[batch] | Parallel batch operations with shared key cache |
[repo] | Repository-level encrypt/decrypt with salt cache integration |
See the module-level docs of each submodule for details.
§Nonce Derivation (Content-Based with File ID)
Per-chunk nonces are derived from the file’s random File_ID and the
chunk’s own plaintext content using keyed Blake3:
- A random 16-byte
File_IDis generated once per file and stored in the header. This ensures that even if two different files have identical plaintext at chunk 0, they produce different nonces and ciphertexts. - The Argon2-derived master key is split via
blake3::derive_keyintoKey_ENC(for XChaCha20-Poly1305 encryption) andKey_MAC(for nonce generation). - For each chunk
i:Nonce_i = Blake3_keyed(Key_MAC, File_ID || M_i || chunk_idx_le)[0..24] - The 24-byte nonce is stored in plaintext at the head of each encrypted chunk.
Different plaintext always produces a different nonce (within the same
file). The File_ID ensures cross-file uniqueness. The chunk index prevents
reordering attacks on identical 64 KB blocks.
§Authenticated Additional Data (AAD)
Each chunk’s AAD binds the ciphertext to the full file header so that any
tampering with header fields (version, compression flag, salt, file_id,
reserved) is detected via Poly1305 authentication failure:
AAD = HEADER (64B) || chunk_idx (8B LE) || is_last_chunk (1B) // 73 bytesEach encrypted chunk layout: [NONCE (24B)] [CIPHERTEXT] [TAG (16B)]
Structs§
- Batch
Summary - Summary of a batch encrypt/decrypt run.
- File
Header
Constants§
Functions§
- cache_
key - Compute a repo-relative cache key from a file path.
- decrypt_
file - Decrypt a single file in place.
- decrypt_
file_ to - Decrypt
srcintodst. - decrypt_
file_ with_ cache - Decrypt a single file with a thread-safe Argon2 key cache and optional
salt/
file_idcache. - decrypt_
into - Decrypt data from
readerintowriter. - decrypt_
repo - Decrypt given files in the repo.
- derive_
key - encrypt_
file - Encrypt a single file in place.
- encrypt_
file_ to - Encrypt
srcintodst. - encrypt_
into - Encrypt data from
readerintowriterusing streaming chunked encryption. - encrypt_
repo - Encrypt given files in the repo.
- is_
encrypted_ version