pub trait DocumentFileAdvancedOps {
// Required methods
fn document_file_encrypt_unmanaged(
&self,
source_path: &str,
destination_path: &str,
opts: &DocumentEncryptOpts,
) -> impl Future<Output = Result<DocumentFileEncryptUnmanagedResult>> + Send;
fn document_file_decrypt_unmanaged(
&self,
source_path: &str,
destination_path: &str,
encrypted_deks: &[u8],
) -> impl Future<Output = Result<DocumentFileDecryptUnmanagedResult>> + Send;
}Expand description
IronOxide Unmanaged File-Based Document Operations
These unmanaged versions allow the API consumer to manage the encrypted document encryption keys (EDEKs) themselves, enabling offline encryption when public keys are pre-cached.
Required Methods§
Sourcefn document_file_encrypt_unmanaged(
&self,
source_path: &str,
destination_path: &str,
opts: &DocumentEncryptOpts,
) -> impl Future<Output = Result<DocumentFileEncryptUnmanagedResult>> + Send
fn document_file_encrypt_unmanaged( &self, source_path: &str, destination_path: &str, opts: &DocumentEncryptOpts, ) -> impl Future<Output = Result<DocumentFileEncryptUnmanagedResult>> + Send
Encrypts a file without storing metadata in the IronCore service.
Uses streaming I/O with constant memory. The caller must store the returned EDEKs alongside the encrypted file for later decryption.
§Arguments
source_path- Path to the plaintext file to encryptdestination_path- Path where the encrypted file will be writtenopts- Encryption options
§Examples
let opts = DocumentEncryptOpts::default();
let result = sdk.document_file_encrypt_unmanaged("/path/to/plaintext.dat", "/path/to/encrypted.iron", &opts).await?;
// Store encrypted_deks alongside the encrypted file
let edeks = result.encrypted_deks();Sourcefn document_file_decrypt_unmanaged(
&self,
source_path: &str,
destination_path: &str,
encrypted_deks: &[u8],
) -> impl Future<Output = Result<DocumentFileDecryptUnmanagedResult>> + Send
fn document_file_decrypt_unmanaged( &self, source_path: &str, destination_path: &str, encrypted_deks: &[u8], ) -> impl Future<Output = Result<DocumentFileDecryptUnmanagedResult>> + Send
Decrypts an unmanaged encrypted file to destination path.
Uses streaming I/O with constant memory. Requires the EDEKs that were returned when the file was encrypted.
§Arguments
source_path- Path to the encrypted filedestination_path- Path where the decrypted file will be writtenencrypted_deks- EDEKs associated with the encrypted file
§Examples
let result = sdk.document_file_decrypt_unmanaged("/path/to/encrypted.iron", "/path/to/decrypted.dat", &edeks).await?;§Security
During decryption, plaintext is written to the destination file before authentication completes. The file is created with restrictive permissions (0600 on Unix) and is automatically deleted if authentication fails. Permissions are relaxed to 0644 only after successful verification.
Dyn Compatibility§
This trait is not dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.