Expand description
IP address encryption and obfuscation methods.
This crate provides three encryption modes for IP addresses, allowing both deterministic and non-deterministic encryption.
§Features
ipcrypt-deterministic: A deterministic mode in which identical inputs always produce the same output—another IP address.ipcrypt-nd: A non-deterministic mode that uses an 8-byte tweakipcrypt-ndx: An extended non-deterministic mode that uses a 32-byte key and 16-byte tweak
§Examples
use ipcrypt_rs::{Ipcrypt, IpcryptNd, IpcryptNdx};
use std::net::IpAddr;
use std::str::FromStr;
// Deterministic encryption
let key = [42u8; 16];
let ip = IpAddr::from_str("192.168.1.1").unwrap();
let cipher = Ipcrypt::new(key);
let encrypted = cipher.encrypt_ipaddr(ip);
let decrypted = cipher.decrypt_ipaddr(encrypted);
assert_eq!(ip, decrypted);
// Non-deterministic encryption with automatic tweak generation
let cipher_nd = IpcryptNd::new(key);
let encrypted_bytes = cipher_nd.encrypt_ipaddr(ip, None);
let decrypted = cipher_nd.decrypt_ipaddr(&encrypted_bytes);
assert_eq!(ip, decrypted);§Security Considerations
- The deterministic mode is compact and facilitates integration, but allows correlation of encrypted addresses
- For general use cases, prefer the non-deterministic modes (
IpcryptNdorIpcryptNdx) - The extended mode (
IpcryptNdx) provides the strongest security with a larger key and tweak size
Modules§
Structs§
- Ipcrypt
- A structure representing the IPCrypt context for deterministic mode.
- Ipcrypt
Nd - A structure representing the IPCrypt context for non-deterministic mode.
- Ipcrypt
Ndx - A structure representing the IPCrypt context for non-deterministic XTS mode encryption.
Functions§
- bytes_
to_ ip - Converts a 16-byte representation back to an IP address.
- ip_
to_ bytes - Converts an IP address to its 16-byte representation.