Trait ironoxide::document::advanced::DocumentAdvancedOps

source · []
pub trait DocumentAdvancedOps {
    fn document_encrypt_unmanaged<'life0, 'life1, 'async_trait>(
        &'life0 self, 
        data: Vec<u8>, 
        encrypt_opts: &'life1 DocumentEncryptOpts
    ) -> Pin<Box<dyn Future<Output = Result<DocumentEncryptUnmanagedResult>> + Send + 'async_trait>>
    where
        'life0: 'async_trait,
        'life1: 'async_trait,
        Self: 'async_trait;
    fn document_decrypt_unmanaged<'life0, 'life1, 'life2, 'async_trait>(
        &'life0 self, 
        encrypted_data: &'life1 [u8], 
        encrypted_deks: &'life2 [u8]
    ) -> Pin<Box<dyn Future<Output = Result<DocumentDecryptUnmanagedResult>> + Send + 'async_trait>>
    where
        'life0: 'async_trait,
        'life1: 'async_trait,
        'life2: 'async_trait,
        Self: 'async_trait;
}
Expand description

IronOxide Advanced Document Operations

Key Terms

  • EDEKs - Encrypted document encryption keys produced by unmanaged document encryption and required for unmanaged document decryption.

Required Methods

Encrypts the provided document bytes without being managed by the IronCore service.

The webservice is still needed for looking up public keys and evaluating policies, but no document is created and the EDEKs are not stored. An additional burden is put on the caller in that both the encrypted data and the EDEKs must be provided for decryption.

Arguments
  • data - Bytes of the document to encrypt
  • encrypt_opts - Document encryption parameters. Default values are provided with DocumentEncryptOpts::default().

Decrypts a document not managed by the IronCore service.

Requires the encrypted data and EDEKs returned from document_encrypt_unmanaged.

The webservice is still needed to transform a chosen EDEK so it can be decrypted by the caller’s private key.

Arguments
  • encrypted_data - Bytes of the encrypted document
  • encrypted_deks - EDEKs associated with the encrypted document

Implementors