Module encryption 

File encryption for room attachments.

Megolm advances its ratchet on every encrypted message. Chunk-wise Megolm would burn through key material; instead we encrypt each file body with a fresh ChaCha20-Poly1305 key, then Megolm-wrap that key once. The wrapped key + nonce travel inside the FileOffer.

Structs

EncryptedFileMeta

Metadata that lets the receiver decrypt an encrypted file: the Megolm session id used to wrap the file key, the wrapped file key itself, and the ChaCha20-Poly1305 nonce. All bytes base64-encoded.

Functions

decrypt_file

Inverse of encrypt_file. The caller supplies the sender’s fingerprint so we know which inbound Megolm session to use.

encrypt_file

Encrypt plaintext with a fresh ChaCha20-Poly1305 key, then Megolm- wrap that key via the room’s outbound session. The returned bytes are what gets chunked and sent on the wire; the meta travels in the FileOffer alongside the file_id.